Flexible Internet Secure Transactions Based on Collaborative Domains

The absence of manageable global key distribution schemes is seriously hindering the deployment of basic security services in the Internet. The emergence of cryptosystems based on public key technology has represented a significant improvement in this direction by removing the need of a mutual agreement on the encryption key. However, the certificate structures that bind a user to his public key are difficult to deploy especially in inter-domain environments. As a consequence, although the need for security services like encryption or authentication is becoming crucial, most Internet transactions currently take place without the use of any of these services. This paper proposes a novel approach for simplifying key manageability relying on the notion of security domains. The fundamental idea relies on the fact that key management and thus security services are easier to achieve inside a well confined domain. Consequently, large scale security might be seen as a combination of intra-domain security and a secure framework for transactions between domains. In other words, user keys are managed internally and only domain keys need to be handled globally. We present the cryptographic schemes needed to achieve confidentiality and authentication based on the collaboration of security domains.