A State-Based Model for Certificate Management Systems

Abstract: Abstract.A Certificate Management System (CMS) is used to generate, distribute, store and verify certificates. It supports secure electronic communication through its functions. This paper presents a state-based model for certificate management systems. The axiomatization of CMS structures and the security policy followed by CMSs is discussed. The main functions of a CMS, including certificate issuing, certificate revocation and certificate rekeying, are formally described through transitions that change state… Show more

“…Unambiguous descriptions are supported through the use of formal languages. The use of formal methods to support the clear specification of PKI processes has been used in [11,12,3]. In this section we shall take a formal approach to precisely describe some of the basic PKI models that have been proposed (specifically, we consider the PKI models presented in the previous section).…”

“…In [12] formal methods are applied to analyse these processing rules for the IETF PKIX standard [7]. In this article we do not require as detailed an examination of the contents of a certificate, rather we use a high level description of some generic certificate data fields, similar to that given in [11]:…”

“…In [11] the focus is to model the functions of a working PKI such as issuance of certificates, validation of certificate paths, etc., so a number of certificate fields were required. We can restrict the number of certificate fields even further as we are not concerned with these functions of the PKI but instead with static PKI models or structuring rules.…”

“…Nonetheless, it is useful to have this basic description of the certificate data fields. The relationship between our approach and that of [11] is discussed again at the end of this section.…”

“…As in [11], we use the following functions to obtain the component values from a certificate C ∈ CERT given by C = (x, y, z):…”

Modelling Trust Structures for Public Key Infrastructures

“…Unambiguous descriptions are supported through the use of formal languages. The use of formal methods to support the clear specification of PKI processes has been used in [11,12,3]. In this section we shall take a formal approach to precisely describe some of the basic PKI models that have been proposed (specifically, we consider the PKI models presented in the previous section).…”

“…In [12] formal methods are applied to analyse these processing rules for the IETF PKIX standard [7]. In this article we do not require as detailed an examination of the contents of a certificate, rather we use a high level description of some generic certificate data fields, similar to that given in [11]:…”

“…In [11] the focus is to model the functions of a working PKI such as issuance of certificates, validation of certificate paths, etc., so a number of certificate fields were required. We can restrict the number of certificate fields even further as we are not concerned with these functions of the PKI but instead with static PKI models or structuring rules.…”

“…Nonetheless, it is useful to have this basic description of the certificate data fields. The relationship between our approach and that of [11] is discussed again at the end of this section.…”

“…As in [11], we use the following functions to obtain the component values from a certificate C ∈ CERT given by C = (x, y, z):…”

Modelling Trust Structures for Public Key Infrastructures

The PKI Specification Dilemma: A Formal Solution

A Practical Scheme of Merging Multiple Public Key Infrastructures in E-commerce