A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model
16 Feb 1995-pp 172-189
TL;DR: A new approach to X.509 comprising a modular reorganization of the overall system and mechanisms allowing the realization of a global infrastructure for the deployment of authentication-based secure services is proposed, and the applicability of this approach in a open and heterogeneous environment is described.
Abstract: Isolated network are currently being integrated in order to create a universal and virtual inter-network. In this context, the existence of a common authentication infrastructure is extremely important. CCITT Recommendation X.509 defines a public key-based "Authentication Framework" in which the Directory Service can be used to provide key management facilities for open applications. We propose a new approach to X.509 comprising a modular reorganization of the overall system and mechanisms allowing the realization of a global infrastructure for the deployment of authentication-based secure services. These mechanisms aim to complete the X.509 framework so as to rectify some open issues of the approach in order to allow the support of a multitude of trust models while respecting each security domain's certificates validation criteria. We first discuss aspects related to authentication data retrieval and validation with respect to X.509. Then we give an overview of the overall approach, and emphasize its more relevant aspects and mechanisms while describing the applicability of our approach with respect to security architectures and current trust models. Finally, we conclude the paper describing the applicability of our approach in a open and heterogeneous environment. >
Citations
More filters
Book•
01 Jan 1996TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.
13,597 citations
Dissertation•
01 Jan 2005TL;DR: It is shown that, in the case where the user's opinion is divergent from the average, the trust-based recommended ratings are more accurate than several other common collaborative filtering techniques.
Abstract: The proliferation of web-based social networks has lead to new innovations in social networking, particularly by allowing users to describe their relationships beyond a basic connection. In this dissertation, I look specifically at trust in web-based social networks, how it can be computed, and how it can be used in applications. I begin with a definition of trust and a description of several properties that affect how it is used in algorithms. This is complemented by a survey of web-based social networks to gain an understanding of their scope, the types of relationship information available, and the current state of trust.
The computational problem of trust is to determine how much one person in the network should trust another person to whom they are not connected. I present two sets of algorithms for calculating these trust inferences: one for networks with binary trust ratings, and one for continuous ratings. For each rating scheme, the algorithms are built upon the defined notions of trust. Each is then analyzed theoretically and with respect to simulated and actual trust networks to determine how accurately they calculate the opinions of people in the system. I show that in both rating schemes the algorithms presented can be expected to be quite accurate.
These calculations are then put to use in two applications. FilmTrust is a website that combines trust, social networks, and movie ratings and reviews. Trust is used to personalize the website for each user, displaying recommended movie ratings, and ordering reviews by relevance. I show that, in the case where the user's opinion is divergent from the average, the trust-based recommended ratings are more accurate than several other common collaborative filtering techniques. The second application is TrustMail, an email client that uses the trust rating of each sender as a score for the message. Users can then sort messages according to their trust value.
I conclude with a description of other applications where trust inferences can be used, and how the lessons from this dissertation can be applied to infer information about relationships in other complex systems.
897 citations
Cites background from "A new approach to the X.509 framewo..."
...Metrics for calculating trust over paths have been presented in Tarah and Huitema (1992), Beth et al. (1994), Mendes and Huitema (1995), Maurer (1996), and Reiter and Stubblebine (1998) to name a few....
[...]
TL;DR: A set of guiding principles for the design of metrics to evaluate the confidence afforded by a set of paths and a new metric that appears to meet these principles is proposed, and so to be a satisfactory metric of authenticaiton.
Abstract: Authentication using a path of trusted intermediaries, each able to authenicate the next in the path, is a well-known technique for authenicating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meaning of certificates, and interdependencies in the use of different keys. Thus, several authors have proposed metrics to evaluate the confidence afforded by a set of paths. In this paper we develop a set of guiding principles for the design of such metrics. We motivate our principles by showing how previous approaches failed with respect to these principles and what the consequences to authentication might be. We then propose a new metric that appears to meet our principles, and so to be a satisfactory metric of authenticaiton.
167 citations
Patent•
18 Mar 2003
TL;DR: In this paper, a content license is created that defines parameters for accessing a piece of digital content, and a first logical expression in the content license defines a plurality of playback devices that are authorized to access the digital content.
Abstract: In one embodiment, a content license is created that defines parameters for accessing a piece of digital content. A first logical expression in the content license defines a plurality of playback devices that are authorized to access the piece of digital content. A second logical expression in the content license defines at least one time interval when the plurality of playback devices are authorized to access the piece of digital content. The content license is used to access the piece of digital content.
104 citations
04 May 1997
TL;DR: A set of guiding principles for the design of metrics to evaluate the confidence afforded by a set of paths for authentication are developed and a direction for constructing metrics that come closer to meeting these principles is proposed.
Abstract: Authentication using a path of trusted intermediaries, each able to authenticate the next one in the path, is a well-known technique for authenticating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meaning of certificates, and interdependencies in the use of different keys. Several authors have thus proposed metrics to evaluate the confidence afforded by a set of paths. In this paper, we develop a set of guiding principles for the design of such metrics. We motivate our principles by showing how previous approaches fail with respect to them and what the consequences to authentication might be. We then propose a direction for constructing metrics that come closer to meeting our principles and thus, we believe, to being satisfactory metrics for authentication.
94 citations
References
More filters
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
01 Aug 1989
TL;DR: In this paper, a series of documents defining privacy enhancement mechanisms for electronic mail transferred using Internet mailprotocols is presented, one of which is the STANDARDS-TRACK document.
Abstract: This is one of a series of documents defining privacy enhancement
mechanisms for electronic mail transferred using Internet mail
protocols [STANDARDS-TRACK]
230 citations
01 Feb 1993
TL;DR: This document describes three types of service in support of Internet Privacy-Enhanced Mail: key certification, certificate- revocation list (CRL) storage, and CRL retrieval.
Abstract: This document describes three types of service in support of Internet
Privacy-Enhanced Mail (PEM) [1-3]: key certification, certificate-
revocation list (CRL) storage, and CRL retrieval. [STANDARDS-TRACK]
107 citations