Privacy-enhanced Public-key Certificate: How to Embed an Individual’s Sensitive Information into a Certificate
نویسندگان
چکیده
When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject names in the “subject” field and the “subjectAltName” extension field of a certificate. The “subject” field or the “subjectAltName” extension field may contain a hierarchically structured distinguished name, an electronic mail address, IP address, or other name forms that correspond to the subject. In this paper, we propose the methods to protect the user’s privacy information contained in the “subject” field or the “subjectAltName” extension field of a public-key certificate.
منابع مشابه
Protecting Sensitive Credential Content during Trust Negotiation
PROTECTING SENSITIVE CREDENTIAL CONTENT DURING TRUST NEGOTIATION Ryan D. Jarvis Department of Computer Science Master of Science Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes ...
متن کاملProprietary Certificates ( Extended Abstract )
Certificates play an essential role in public-key cryptography, and are likely to become a cornerstone of commerce-related applications. Traditional certificates, however, are not secure against certificate lending, i.e., a situation in which a certificate holder voluntarily shares with others the rights bestowed upon him through a certificate. This type of abuse is a concern in several types o...
متن کاملAn Overview of Public Key Certificate Support for Canada’s Government On-Line (GOL) Initiative
The Canadian Federal Government is delivering on-line services to its citizens. A critical feature for ensuring the acceptance of these services is to ensure that security and privacy requirements are met. To this end, Canadian citizens may obtain an epass allowing them to securely obtain services through a government program web site. Technically, an epass is composed of a pseudonymous public ...
متن کاملSimple and Flexible Privacy-Preserving Revocation Checking
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert...
متن کاملSimple and Flexible Revocation Checking with Privacy
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005