July 08, 2005
Bestning Technologies

BOXML will be extended to integrate OCSP over PKIs for USAF(The department of US Air Force)

" MITRE (www.mitre.org) will explore XML security BOXML for AF PKI "

Bestning Technologies (US office: San Jose, CA), a leading developer and global supplier of dynamic XML security,today announced that its BOXML, a triple dimension XML security tool , will be extended to integrate OCSP over PKIs for USAF(The department of US Air Force).

OCSP(Online Certificate Status Protocol) is a online request-response pair PKI information access protocol composed of standardized request and response types for certificate revocation and validation status. When a remote user attempts to access a server, OCSP sends a request for certificate status information. he server sends back a response of "current", "expired," or "unknown." OCSP request message is composed of protocol version number, a request type object identifier and other request data relevant to a particular request type. Initially the OCSP responder certificate is located and the signature on the OCSP request checked using the responder certificate's public key. Then a normal certificate verify is performed on the OCSP responder certificate building up a certificate chain in the process.

OCSP deployment is too cumbersome and costly for the technology to achieve widespread use. Although OCSP enables applications to determine the revocation state of an identified certificate , OCSP can not check that certificates are signed correctly . Although a set of trusted public keys from which certificate chains may be constructed , OCSP can not check that the certificate chains to an acceptable trust point . Although a set of intermediate certificate authorities from which the trust chain may be constructed , OCSP can not check that each certificate in the chain contains an acceptable certificate policy identifier to ensure that certificates are not being misused. OCSP by itself is not sufficient to meet our customer's full requirements . OCSP requires that every user and every application verify the identity of everyone they communicate with and ensure that the counter-party identity is appropriate for the transaction and that the identity is still valid (not been revoked).

XML security tool BOXML BOXML creates a trust service that shields clients from complexity by providing an XML interface to PKI and using Dynamic XML Encryption ,Multiple XML Signature and Time-Stamp Universal Unique XML Identification . BOXML trust server supports XKMS( XML Key Management Specification) by Dynamic XML Encryption ,Multiple XML Signature and Time-Stamp Universal Unique XML Identification. XKMS replaces many PKI protocols, such as OCSP(Online Certificate Status Protocol),LDAP( Lightweight Directory Access Protocol),CRL(Certificate Revocation Lists),CMP(Certificate Management Protocol ) and SCEP (Simple Certificate Enrollment Protocol ), with XML-based protocols such as Register Service, Revoke Service, Recover Service, Locate Service and Validate Service . With XKMS, trust functions reside in BOXML accessible via easily programmed XML transactions so they can be centralized and applied consistently across platforms. The only configuration information an BOXMLíŽs client needs is the URL of the BOXML , and the certificate which BOXML will use to sign its response. Developers can allow applications to delegate all or part of the processing of XML multiple digital signatures and XML partial encrypted elements to BOXML . Different trust models can be supported by using different URLs. Anything to do with PKI can be delegated to BOXML trust server.

About The MITRE Organization
The MITRE (http://www.mitre.org) is a not-for-profit organization chartered to work in the public interest. As a national resource, we apply our expertise in systems engineering, information technology, operational concepts, and enterprise modernization to address our sponsors' critical needs. MITRE manages three Federally Funded Research and Development Centers (FFRDCs): one for the Department of Defense (known as the DOD Command, Control, Communications and Intelligence FFRDC ), one for the Federal Aviation Administration (the Center for Advanced Aviation Systems Development), and one for the Internal Revenue Service (the Center for Enterprise Modernization). MITRE also has its own independent research and development program that explores new technologies and new uses of technologies to solve our sponsors' problems in the near-term and in the future.

For further information please contact:
Sunil J. Trivedi
Lead INFOSEC Engineer
202 Burlington Road
Bedford,Massachusetts 01730-1420
Tel 781-271-6276
Fax 781-271-3957
Web: www.mitre.org

About Bestning Technologies
Bestning Technologies, located in San Jose ,CA is a wide range provider of XML security solutions. Bestning's flagship product, BOXML is a set of software tools which provides user with simple-to-use and trust-to-security for XML document.
For additional information:
Bestning Technologies, 2128 N. First Street, San Jose, CA 95131
Phone - 408-436-8353
Fax - 408-441-8812
Web: www.Bestning.com.