TRL
TOP PAGETokyo Research LaboratoryEmploymentProjectsRelated InformationIBM Research
Japanese page is here.

Key-certificate service

Key-certificate


Overview

A key-certification service is a new type of certificate-issuing service. A key-certification authority generates keys that are used for encrypting messages, and issues key certificates that specify decryption conditions. These conditions may include temporal conditions and personal conditions such as who is permitted to decrypt messages. These parameters can be described in extension fields of X.509 certificate format. Fig.1 shows a general view of the key-certification service. First, when a user A requests a new key certificate. the key-certification authority generates public key pair and issues new key certificate. User A encrypts a message with the public key contained in the certificate and sends it to user B with the certificate. User B requests a decryption key for the key certificate authority when the deception condition specified in the certificate is satisfied. We can apply this framework to new Internet services such as key recovery systems and time key systems based on a public key infrastructure.
Key-certification service
Research items

Research home IBM home Order Privacy Legal Contact IBM
Last modified 30 June 1998