By Topic

Secure in-band update of trusted certificates

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Hayes, J.M. ; Office of INFOSEC Res. & Technol., MD, USA

The certificate authority (CA) is the central trust point in a public key infrastructure (PKI). Great care should be taken by users when they make a decision to trust a CA. Unfortunately, the average user will rely on the software to provide an appropriate security warning when something has gone wrong and therefore may not give much thought to the decision when performing such a security operation. The updating of a CA certificate is an issue that needs to be accomplished in a secure manner with little or no intervention by a user. Techniques are now in use that can allow for update of a CA's certificate. The Secure Electronic Transaction's (SET) root certificate update method is just one example, but in a specialized case. This paper discusses a practical solution that potentially any CA could use to provide a secure in-band update of a CA's X.509 v3 certificate into a user's personal security environment (PSE). A method is also discussed that Java programmers can use for update of self-signed X.509 v1 personal certificates in Java keystores as well

Published in:

Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999. (WET ICE '99) Proceedings. IEEE 8th International Workshops on

Date of Conference:

1999