 Overview
A key-certification service is a new type of certificate-issuing
service. A key-certification authority generates keys that are used for
encrypting messages, and issues key certificates that specify decryption
conditions. These conditions may include temporal conditions and personal conditions such as who is permitted to decrypt messages. These parameters can be described in extension fields of X.509
certificate format. Fig.1 shows a general view of the key-certification
service. First, when a user A requests a new key certificate. the key-certification
authority generates public key pair and issues new key certificate. User
A encrypts a message with the public key contained in the certificate and sends
it to user B with the certificate. User B requests a decryption key for
the key certificate authority when the deception condition specified in the
certificate is satisfied. We can apply this framework to new Internet services
such as key recovery systems and time key systems based on a public key infrastructure.
 Research items
|
