Challenges of Deploying PKI Based Client Digital Certification

We are confronted with the threat from the theft of user-id / password information caused by phishing attacks. Now authentication by using the user-id and password is no longer safe. We can use the PKI-based authentication as a safer authentication mechanism. In our university, Japan Advanced Institute of Science and Technology (JAIST), we deployed On Demand Digital Certificate Issuing System for our users, and employ the PKI-based client certificates for log-on to web application, connecting to wireless network (including eduroam), using VPN service, and email sender signing. In addition, National In-stitute of Information (NII), which are providing common ICT infrastructure services for Japanese universities and institutes, started a service to issue client certificates in this year. So use of the electronic certificates will become more popular within a few years in Japan. However, there are not so enough cases deploying the electronic certificate based authentication in University infrastructure, we still has many tips and issues on operating this. In this paper, we introduce the use case of the electronic certificate in JAIST, the challenges and issues, and consider the future prospects.