查看文章

PorKI is a keypair management tool for use on PDAs and smartphones. Through the use of proxy certificates and Bluetooth communication, it allows users to employ their long-term PKI credentials for authentication on potentially untrusted workstations without exposing those credentials to attack, and without requiring special drivers or software on the workstation. Moreover, if the workstation is equipped with a keypair and a signed statement from its administrator, PorKI can limit the capabilities of the temporary credentials issued to it. Such a statement might include information about the machine's location, its configuration, or who has access to it. This, in combination with policies configured by the user or by the relying party, can help both place an appropriate level of trust in the workstation without requiring the user to have specialized knowledge. Based on our experience with the working prototype, PorKI has the …