Providing secure mobile access to information servers with temporary certificates |
| |
| Affiliation: | 1. CICA, Avenida Reina Mercedes, s/n E-41012 Seville, Spain;2. Consejerı́a de Economı́a y Hacienda, Juan Antonio Vizarrón, s/n E-41092 Seville, Spain;1. University of Victoria – Genome BC Proteomics Centre, University of Victoria, Vancouver Island Technology Park, 3101–4464 Markham Street, Victoria, BC V8Z 7X8, Canada;2. Department of Biochemistry and Microbiology, University of Victoria, Petch Building Room 207, 3800 Finnerty Road, Victoria, BC V8P 5C2, Canada;1. State Key Laboratory of Applied Organic Chemistry, Lanzhou University, Lanzhou 730000, China;2. Department of Chemistry, Lanzhou University, Lanzhou 730000, China;3. Key Laboratory of Nonferrous Metal Chemistry and Resources Utilization of Gansu Province, Lanzhou 730000, China;1. Institute for Chemical Research, Kyoto University, Gokasho, Uji, Kyoto 611-0011, Japan;2. School of Science and Engineering, Kinki University, 3-4-1 Kowakae, Higashiosaka 577-8502, Japan;1. Department of Chemistry, National Chung-Hsing University, Taichung 402, Taiwan;2. CME Food Testing Laboratory, Chi Mei Entech Co. & Ltd., No. 5, 32rd Road, Industrial Park, Taichung 408, Taiwan.;1. Institute of Organic Chemistry, University of Tübingen, Auf der Morgenstelle 8, 72076 Tübingen, Germany;2. Institute of Pharmaceutical Sciences, University of Tübingen, Auf der Morgenstelle 8, 72076 Tübingen, Germany;3. Institute of Evolution and Ecology, University of Tübingen, Auf der Morgenstelle 28, 72076 Tübingen, Germany |
| |
| Abstract: | This paper presents a solution that compatibilizes user mobility and secure access to information servers by means of X.509 certificates with a short validity period. The common approach to compatibilizing user mobility and secure access is based on removable tokens that hold cryptographic information. The use of these techniques restricts user mobility in several ways. Firstly, when specific hardware is required, it must be available in any computer the user may employ to connect from. Secondly, using software that must be added to well-known client programs means that the user must circumscribe to those hosts where the software is installed or install it on his/her own. The solution we present here does not impose any constraints on hardware and, since it is based on the thin client paradigm, software requirements are minimal. The application of X.509 certificates permits the use of (de facto) standard software for accessing the information. Furthermore, since the system uses short term certificates it does not necessitate the user eliminating any traces left behind in the client program after its use. Finally, the token (actually, a diskette) can be used with practically any computer, as it contains all the software and data needed for user authentication, and is based on a thin client written in an architecture-neutral language like Java. The requirements on the computer the user is connecting from are minimal: having a floppy drive and a Java virtual machine. An implementation of the framework described here is in use to provide authorized access to internal servers at CICA. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
