Extended certificate management system : design and protocols

Abstract: This thesis presents an Extended Certificate ManagementSystem (ECMS), a possible solution for a global certificationinfrastructure. The system is based on a combined trust modelthat interconnects different types of security domains, fromindividual users, small organisations to arbitrarily complexorganisations. All entities within one security domainestablish their trust in a single trust point. The securitydomains are interconnected through cross certificationrelationships between their trust points.The thesis identifies a number of ECMS entities anddescribes in detail each of their roles. It also specifiesdifferent functions that each of the system entities mayperform during their lifetime. Each of these functions isperformed through an exchange of a number of special ECMSmessages, as specified by ECMS protocols. The protocols betweensystem entities, and the messages exchanged as part of theprotocols are specified at the level of formal definition.ECMS provides users of the system with certificationservices, which can be accessed through ECMS Clients. Thestructure and functionsof the ECMS Client, as well asapplication programming interfaces, through which differentsecurity applications can access the services of ECMS, are alsodefined in this thesis.