A Note on Certificate Path Verification in Next Generation Mobile Communications

Abstract

Certificate-based authentication of parties provides a powerful means for verifying claimed identities, since communicating partners do not have to exchange secrets in advance for authentication. This is especially valuable for roaming scenarios in mobile communications. When dealing with certificates, one must cope with the verification of complete certificate paths for security reasons. In mobile communications, there exist special conditions for this verification work. Mobile devices may have limited capacity for computation and mobile communication links may have limited bandwidth. In this paper, we propose to apply PKI servers - such as implemented at FhG-SIT - that allow the delegation of certificate path validation in order to speed up verification. Furthermore, we propose a special structure for PKI components and specific cooperation models that force certificate paths to be short. Additionally, we deal with the problem of users who do not have Internet access during the authentication phase. We explain how we have solved this problem and show a gap in existing standards. © Springer-Verlag 2004.