Online Certificate Status Checking in Financial Transactions: The Case for Re-issuance
High-value financial transactions underwrite the need for a relying party to check the status of a digital certificate in real time. In this paper, we propose a simple mechanism for online certificate status chec- king that is particularly well suited to the closed public key infrastructures that characterize financial networks. We further demonstrate how persis- tent evidence of this status checking request/response becomes a valuable by-product. In financial systems, “transaction receipts” naturally accu- mulate and by doing so, they encapsulate the entire lifecycle of a single transaction.
Keywordspublic key infrastructure online certificate status checking certificate re-issuance high-value financial transactions risk management
Unable to display preview. Download preview PDF.
- 1.M. Blaze, J. Feigenbaum, and J. Lacy, “Decentralized Trust Management,” in Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 164–173.Google Scholar
- 2.Yang-Hua Chu, Joan Feigenbaum, Brian LaMacchia, Paul Resnick and Martin Strauss, “REFEREE: Trust Management for Web Applications,” Proceedings of the Sixth InternationalWorld Wide Web Conference, Santa Clara, CA, April 1997.Google Scholar
- 3.PKIX Working Group, Internet Engineering Task Force, “Certificate Management Messages over CMS,” M. Myers, X. Liu, B. Fox, J. Weinstein, eds., work in progress. (Draft as of March 1999 available from http://www.ietf.org/internet-drafts/draftietf-pkix-cmc-03.txt.)
- 4.S/MIME Working Group, Internet Engineering Task Force, “Cryptographic Message Syntax,” R. Housley, ed., work in progress. (Draft as of April 1999 available from http://www.ietf.org/internet-drafts/draft-ietf-smime-cms-13.txt.)
- 5.RFC 2511, PKIX Working Group, Internet Engineering Task Force, “Certificate Request Message Format,” M. Myers, C. Adams, D. Solo, D. Kemp, eds., March 1999. (Available from http://info.internet.isi.edu/in-notes/rfc/files/rfc2511.txt.)
- 6.World Wide Web Consortium Digital Signature Initiative. (Information available from http://www.w3.org/DSig/Overview.html
- 8.PKIX Working Group, Internet Engineering Task Force, “Online Certificate Status Protocol-OCSP,” M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, eds., work in progress. (Draft as of March 1999 available from http://www.ietf.org/internet-drafts/draft-ietf-pkix-ocsp-08.txt.)
- 9.RFC 2315, NetworkWorking Group, Internet Engineering Task Force, “PKCS #7: Cryptographic Message Syntax v1.5,” B. Kaliski, ed., March 1998. (Available from http://info.internet.isi.edu/in-notes/rfc/files/rfc2315.txt.)
- 10.RFC 2314, Network Working Group, Internet Engineering Task Force, “PKCS #10: Certification Request Syntax v1.5,” B. Kaliski, ed., March 1998. (Available from http://info.internet.isi.edu/in-notes/rfc/files/rfc2314.txt.)
- 11.RFC 2459, PKIX Working Group, Internet Engineering Task Force. “Internet X.509 Public Key Infrastructure: Certificate and CRL Profile,” R. Housley, W. Ford, W. Polk, D. Solo, eds., January 1999. (Available from http://info.internet.isi.edu/in-notes/rfc/files/rfc2459.txt).
- 12.Secure Electronic Transaction protocol. (Available from http://www.setco.org/.)
- 13.ISO/IEC JTC1/SC 21, Draft Amendments DAM 4 to ISO/IEC 9594-2, DAM 2 to ISO/IEC 9594-6, DAM 1 to ISO/IEC 9594-7, and DAM 1 to ISO/IEC 9594-8 on Certificate Extensions, 1 December, 1996.Google Scholar