属性证书服务器

UniCERT Attribute Certificate Server (ACS) is part of a new generation of Public Key Infrastructure (PKI) components designed to meet the complex requirements of today's enterprises.

With the increasing use of electronic communications in today's business world, more organisations are turning to Public Key Infrastructure (PKI) technology to protect their on-line data and transactions. While certificates offer strong user authentication, they offer limited support for the user's attributes. User's roles change regularly, necessitating the need to reissue certificates - a time-consuming and costly process.

All short-lived information, such as the user's role, can be placed in different certificates that

can be quickly and easily reissued. These certificates are cryptographically linked to the user's

identity (x.509) certificates and are known as Attribute Certificates.

UniCERT Attribute Certificate Server (ACS) has been developed to issue and manage Attribute

Certificates in any open standards-based PKI. ACS is a powerful addition to your PKI, offering

all the security and reliability traditionally associated with PKIs, as well as the flexibility to

include granular access control and authorisation.

Enhancing the Power and Flexibility of Your PKI UniCERT ACS provides the infrastructure needed to issue and manage Attribute Certificates. Attribute Certificates can provide much more than authorisation - for example, Attribute Certificates can control users' access to network resources.

As a user's attributes change frequently, Attribute Certificates will usually have short lifetimes. This can limit the necessity for revocation. While public key certificates will always need to be issued and managed centrally, Attribute Certificate management can be distributed, thus reflecting how authorisation is modelled in large enterprises. Maintaining users' attributes can be delegated to a trusted administrator. This means that a user's attributes can be updated instantly by the relevant authority.

UniCERT are all trademarks of Baltimore Technologies. All other trademarks are the property of their respective owners. Users should ensure that they comply with all national legislation regarding the export, import and use of cryptography. Use of the RSAalgorithm in the USAis subject to the payment

of relevant patent royalties. UniCERT ACS Benefits UniCERT ACS offers outstanding benefits to both users and the organisation. These include:

Complete security - an Attribute Certificate is cryptographically linked to the public key certificate so if an Attribute Certificate is stolen it cannot be used

Simplified certificate management

Removing attributes from public key certificates reduces the need to revoke certificates and issue revocation lists

Using short-lived Attribute Certificates means the certificate expires before the information is out of date, reducing the need for revocation

Decentralised administration of user attribute information. Attributes can be maintained in local offices, where the best knowledge of a user's attributes exist

Extensibility - the potential to extend your PKI beyond identity-based applications into

realms where attributes are important, such as in role-based access control

UniCERT ACS Features

ACS features include:

Support for any standards-based Certificate Authority solution, including Baltimore's award-winning UniCERT

Ability to link to any ODBC-compliant database

Toolkits that allow ACS to be easily integrated into new and existing applications

Supports an easy-to-use interface to simplify the administration of the ACS ACS Solutions

The following are examples of the many ways in which ACS could be used for e-business or e- commerce applications:

To implement roles and authorities deployed in message-based e-business. For example, a wholesaler that receives orders via e-mail could use Attribute Certificates to verify each order.

To control access within a corporate network, including Web pages. A security sensitive organisation could use Attribute Certificates to control access to data of various security levels on the Intranet. The organisation can control access to information in quite complex ways - a person's access rights might change depending on the role they were performing, the time of day, and the day of the week.

To manage subscription-based services on the Internet, such as pay-per-view television. Users can register with no charge, however they would need to pay a subscription fee to obtain an Attribute Certificate. The contents of the Attribute Certificate would reflect the services to which the user had subscribed, and the expiration date of the certificate would reflect the period for which the subscription was valid. UniCERT ACS Benefits UniCERT ACS offers outstanding benefits to both users and the organisation.