| 摘要 |
Authenticating the source of a message in a large distributed system can be difficult due to the lack of a single authority that can tell for whom a channel speaks. This has led many to propose the use of a path of authorities, each able to authenticate the next, such that the first authority in the path can be authenticated by the message recipient and the last authority in the path can authenticate the message source. The present invention uses multiple ones of such paths, no two of which share a common authority, to provide independent confirmation of the message source. As the problem of finding a maximum set of such paths of bounded length in a graph-theoretic framework can be shown to be NP-hard, the present invention includes approximation algorithms for this problem. The present invention also includes a PathServer for PGP, a service for finding maximum sets of such paths to support authentication in PGP-based applications.
|
