[Top] [Prev] [Next]

Security at the Application Layer

An application can make use of the algorithms and protocols described previously by using only a few library routines such as: login, auth, and connect. The login function enables an application, which shares a password with the server acting as the CA, to obtain a certificate. After obtaining certificates, two applications establish a mutually authenticated connection by calling auth. The auth function performs the entire STS protocol. The connect function connects each application to an SSL (security sockets layer) device. Each application can create message digests or encrypt messages by writing to this device. Messages are received and decrypted by reading from the SSL device.

While Inferno provides these routines to make it easy to establish secure communications, an application is not restricted to their use. Lower-level routines used by login and auth are also available to an application. These routines enable an application to create alternate methods for establishing security, or to perform specialized functions like signing files.

Inferno also provides security routines tailored for set-top boxes. For example, a set-top-box can use the register routine instead of login. The register routine obtains a certificate without requiring a user to enter a password. The register routine is demonstrated in the sample application called Mux, described in The Inferno User's Guide.

There are also commands described in this section to establish a server as a Certifying Authority or 'signer'. For example, a CA needs a key and password to create a certificate. These can be created on the server using the commands changelogin and createsignerkey.

[Top] [Prev] [Next]

Copyright © 1996,Lucent Technologies, Inc. All rights reserved.