期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2006
卷号:6
期号:6
页码:204-208
出版社:International Journal of Computer Science and Network Security
摘要:A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the ""subject"" or ""subjectAltName"" fields of a certificate. Where the subject is a person, the name that is specified in the subject field of the certificate may reflect the name of the individual and affiliated entities (e.g., their corporate affiliation). In reality, however, there are individuals that have the same or similar names. It may be difficult for a relying party (e.g., a person or application) to associate the certificate with a specific person based solely on the subject name. This ambiguity presents a problem for many applications. But, this ambiguity can be resolved by including a ""permanent identifier"" in all certificates issued to the same subject, which is unique across multiple CAs. In many cases a person's unique identifier (e.g., such as a driver license Number) is regarded as a sensitive, private or personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. This paper presents a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.
关键词:PKI, X.509, Certificate, CA, User authentication, Privacy
