Chain of trust

About: Chain of trust is a research topic. Over the lifetime, 564 publications have been published within this topic receiving 10865 citations.

Decentralized trust management

Abstract: We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Existing systems that support security in networked applications, including X.509 and PGP, address only narrow subsets of the overall trust management problem and often do so in a manner that is appropriate to only one application. This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.

Toward a Generic Model of Trust for Electronic Commerce

Abstract: The authors present a generic model of trust for electronic commerce consisting of two basic components, party trust and control trust, based on the concept that trust in a transaction with another party combines trust in the other party and trust in the control mechanisms that ensure the successful performance of the transaction. This generic trust model can be used in designing trust-related value-added services in e-commerce. To illustrate its design use, two e-commerce activities that require trust are compared: electronic payment and cross-border electronic trade. The model shows that each of these activities requires a different type of trust, created by completely different services.

Centralized certificate management system for two-way interactive communication devices in data networks

Abstract: The present invention discloses a centralized certificate management system for thin client devices in data networks and has particular applications to systems having a large number of the thin clients serviced by a proxy server through which the thin clients communicate with a plurality of secure server computers over a data network. According to one aspect, the present invention comprises a certificate management module that causes the server device to manage digital certificates for each of the thin client devices. To minimize the latency of obtaining certificates for each of the thin client devices, the certificate management module reserves a fixed number of free certificates signed by a certificate authority and their respective private keys in a certificate database and frequently updates the free certificate according to a certificate updating message. Whenever a user account is created for a thin client device, the certificate management module fetches one or more free certificates from the certificate database and associate the fetched certificates to the created account and meanwhile the certificate management module creates new free certificates with the certificate authority to fill in the certificate database. Apart from the tradition of obtaining certificates locally in client devices that normally have sufficient computing power, the present invention uses the computing resources in a server device to carry out the task of obtaining and maintaining certificates asynchronously in the proxy server and further. These and other features in the present invention dramatically minimize the demands for computing power and memory in thin client devices like mobile devices, cellular phones, landline telephones or Internet appliance controllers.

An Algebra for Assessing Trust in Certification Chains.

Abstract: Open networks allow users to communicate without any prior arrangements such as contractual agreement or organisation membership. However, the very nature of open networks makes authenticity di cult to verify. We show that authentication can not be based on public key certi cates alone, but also needs to include the binding between the key used for certi cation and it's owner, as well as the trust relationships between users. We develop a simple algebra around these elements and describe how it can be used to compute measures of authenticity.

Virtual certificate authority

Abstract: A method and system for creating and administering certificates digitally signed by a trusted entity (certificate authority) to ensure that certificated transactions are authenticated as that of a particular entity. Requests for a certificate, along with verification information, are directed to the certificate authority, where they are held and accessed by an entity having verification responsibilities (registration authority) and approved or disapproved.