An Intranet Security Framework Based on Short-Lived Certificates
IEEE Internet Computing
Deploying and Using Public Key Technology: Lessons Learned in Real Life
IEEE Security and Privacy
Plug-and-play PKI: a PKI your mother can use
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Directory Based Registration in Public Key Infrastructures
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Hi-index | 0.00 |
Companies and organizations employ PKI technology to secure the communication in their intranets and over the internet. The services of authentication, non-repudiation, confidentiality and the transport of authorization information are often supported by X.509 certificates. The synchronization of the certificates' life-cycle with the management of the PKI users is a common problem. We propose a mechanism to achieve this synchronization based on directory services. This enables to transparently update the information provided by the PKI and offers a high potential for automation. The mechanism spares personnel and is less error-prone, since it relies on processes and data that are already established. It reduces the costs to bootstrap and operate the infrastructure. We show a case study on the proposed mechanism that was conducted at the Technische Universität Darmstadt in Germany in order to supply 20 000 students with certificates and keys.