Abstract

Web Services represents a new way of invoking remote functions over standard Internet protocols. They are basic building blocks of the distributed computing over the Internet. Security and privacy are central issues for the acceptance of Web Services in particular and the growth of the Internet market in general. Public Key Infrastructure and X.509 Certificates have been established as the most trustworthy methods for assuring online security. In this thesis are compared the existing approaches for securing Web Services and proposed new approaches for increasing security by avoiding privacy violation using X.509 certificate private extensions and storing these certificates in smartcards. Adopting the Internet for every possible transaction has lead to a situation where a user has to enter extra information for completing his real profile. The aim of the thesis is to increase user privacy in online transactions. This is achieved through extending certificates with private extensions. Each extension holds encrypted data for user properties, such as: credit card number, insurance number, address, etc., and thus each online participant understands the general (public) data on the certificate and one relevant encrypted private extension.