Enhanced PKI authentication with trusted product at claimant

Abstract

In this paper, a data structure to enhance PKI (Public Key Infrastructure) authentication is proposed generalizing the concept of ISO/IEC 24761. Current technologies do not provide sufficient information on products which are used in the authentication process at the Claimant to the Verifier. As a result, the Verifier cannot sufficiently distinguish the authentication result executed with a trusted product from that without a trusted product. The difference is made clear if evidence data of the execution of authentication process at the Claimant are generated by the trusted product and used for verification by the Verifier. Data structure for such data is proposed in this paper as client Authentication Context (cAC) instance. Relation to other works and extension of the proposal where biometrics is used are also described for further improvement of PKI authentication. For this proposal to realize, standardization activities are to be considered as the next steps.