Conclusion and Future Directions

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Conclusion and Future Directions"

Transcription

1 Chapter 9 Conclusion and Future Directions The success of e-commerce and e-business applications depends upon the trusted users. Masqueraders use their intelligence to challenge the security during transaction over the Internet. Since millions of users are involved in business transactions over the Internet and they need to interoperate, it is difficult to eradicate impersonation. Thus it is necessary to take proper security measures that allow authentication of business partners, consumers and suppliers, prior to the interchange of information, goods and services. Public Key Infrastructure provides the required trust between users during transactions over the Internet. Trust models are used to establish trust relationship between the users. Hierarchical PKI is one of the most popular PKI trust models that the companies deploy as their security infrastructure. One of the important needs of current PKI is interoperability, which makes possible secure interconnection and co-operation between different PKI structures. In electronic commerce, different PKIs need to be interoperated. So there is a need for efficient methods to merge PKIs so as to achieve interoperability between them. In order to merge PKIs, one has to consider different cases such as whether the merging of companies is permanent or temporary. Depending upon the case, appropriate merging method is to be used. Certificate based user authentication is one more challenge in e-commerce and 147

2 e-business transactions. This can be done by verifying user certificates in PKI. For quick and easy verification of certificates in PKIs, efficient certificate verification algorithms are to be built since there is enough requirement for such methods. For verification of certificates, a user builds a chain of certificates from its trusted CA to the other user s certificate known as certification path. The processing of certificate paths may be a very complicated and time demanding operation, depending on the length of the certificate path and the possible inclusion of relations using cross-certification. Certificate path construction in a Hierarchical PKI is a straightforward process that simply requires the relying party to successively retrieve issuer certificates until a certificate is located that was issued by the trusted root. Peer-to-Peer(also called Mesh PKI) architecture is one of the most popular PKI trust models that is widely used in automated business transactions, but certificate path verification is very complex since there are multiple paths between users, and the certification path is bidirectional. 9.1 Major Contributions A general method to unify Hierarchical PKIs has been developed that takes a different approach from cross-certification technique. The method is to unify the multiple CAs without using cross-certification. By using this method, the trust model with an efficient path processing is built in comparison with the traditional merging methods with cross-certification. A certificate verifier should construct and validate the certification path. If there are crosscertifications, the path construction process is very complex. Cross-certification at the root is the most common solution to merge PKIs for their interoperability. But during acquisition of companies, cross-certification is not required because, whenever a company acquires another company, the 148

3 acquired company becomes a part of the acquiring company. In order to reduce the cost of maintaining Root CAs and to reduce the runtime for certificate path processing, a merging method of CAs without cross-certification has been developed. The Root CA of the company to be acquired is not necessary after merging and can be discarded. In the method, there is no cross-certification and the Root CAs of the acquired PKIs are ignored. So certificate path verification time and the employment cost of Root CAs is reduced significantly as compared to the methods already existing. The merging process is of low-cost. It can be easily constructed and is flexible. A strict hierarchical model is constructed by performing this merging process, so certification path processing is more efficient than other methods. Certificate path length is reduced which in turn reduces the verification time. All the Root CAs except the New Root CA can be ignored and so maintenance cost is reduced. The unification of PKIs for interoperability is possible only if their certificate policies are similar. In case of acquisition of companies, the acquired PKI has to adapt to the certificate policy of the acquiring PKI. However, for other cases, merging of PKIs is possible only if the compatibility score of the certificate policies of the PKIs to be merged, satisfies the final acceptance rule. So one of the contributions of the research work is a method developed to compare and assess certificate policies during merger and acquisition of companies. The method is applicable for merging PKIs with or without cross-certification. In Hierarchical PKI, certificate path is unidirectional, so certificate path development and validation is simple and straight forward. To reduce time required for certificate path verification, an efficient method for path processing in Hierarchical PKIs has been developed. The method uses a local cache in the client side with the Forward path verification technique so that 149

4 it gives better performance than that of the normal Forward path verification technique for certificate path verification. Path construction in a mesh environment is significantly more complicated than in a subordinated hierarchy, requiring the ability to iteratively obtain and combine sets of cross-certificates issued by various CAs. In this research work, an efficient method to convert a mesh or Peer-to-Peer PKI to its equivalent DFS spanning tree to simplify the certificate path construction has been developed. This reduces the complexity of certificate path verification in Peer-to-Peer PKIs by avoiding multiple paths between the users. A novel method to simplify the Certification Path Discovery in Peer-to-Peer PKI by establishing a Virtual hierarchy has also been developed. The resultant hierarchy may be a single rooted or a multi-rooted one. This eliminates the complexity of path verification in Mesh PKI because the path verification in Hierarchical PKI is simple and straightforward. The research contributions are summarized in Table 9.1 and Table 9.2. Table 9.1: Summary of research contributions Contribution Purpose Merging Hierarchical PKIs- Solution1 When the merging of companies is temporary and the companies dynamically change their collaborators. Merging Hierarchical PKIs- Solution2 During acquisition of companies, the merging of companies is permanent and the acquired company becomes a part of the acquiring company in the future. 150

5 Contribution Table 9.2: Summary of research contributions continued... Purpose A method to compare and assess Certificate Policies(CPs) during merger and acquisition of companies Certificate path verification method in Hierarchical PKIs In order to merge PKIs, the CPs of both the PKIs should match. Merging is possible only if the compatibility score of the CPs is satisfies the final acceptance rule. The existing certificate verification methods in Hierarchical PKI are not optimized. The proposed method is an optimized one that reduces certificate path verification time significantly. It is observed that, if the cache hit is doubled, the certificate path verification time is reduced by 50%. Certificate path verification method in Mesh or Peer-to- Peer PKIs-Solution1 Certificate path verification method in Mesh or Peer-to- Peer PKIs-Solution2 This method removes the complexity of certificate path verification in Mesh PKIs due to multiple paths between any two users in Mesh PKI. This method constructs a virtual hierarchy in a Mesh PKI, thus obtaining the best features of certificate path verification of Hierarchical PKI. In Hierarchical PKI, the certificate path construction is simple and straightforward since the certificate path is unidirectional. 151

6 9.2 Suggestions for future research Although our research work contributes toward the technical dimension of merging Hierarchical PKIs during merger and acquisition of companies for interoperability purpose, several measures still need to be taken at the legal/regulatory level. This needs to be done in order to provide a commercially viable service, yielding international co-operation and information exchange in e-commerce and e-business applications. The development of Certificate Policies and Certificate Practice Statements can be automated. This can be integrated with broader security policy and mechanisms. Based on the PKI architecture, there can be provision for online cross-certification services. Reverse Certificate Path Verification by constructing a binary tree using codeword algorithm increases certificate path length. So, more sophisticated algorithms need to be developed for reducing the certificate path length. Algorithms can be developed that work in more realistic environments. For example, we can have a varying number of LDAP servers for each domain. Also, the certificates can be issued or revoked dynamically. Further, more trust anchors can be configured for each relying party. Besides certificate path discovery, certificate revocation checking is another critical process in PKI. Certificate status information is needed for validating a certification path. Checking revocation information introduces additional time and space requirements. At the same time, not checking revocation information or relying on out-of-date information causes construction of invalid certification paths. In this case, relying parties have to repeat their efforts to try to discover a valid path. A simulation that models these situations can help users evaluate the trade-offs between performance overhead and successful rate. 152

7 Even though the certificate path development is more complex in a Mesh PKI, it is most widely used in applications such as MANET. There is enough scope to apply the principles of wired PKI to wireless PKI. Research can be carried out on certificate based user authentication in MANETs. The communicating parties have to provide credentials for authentication without knowing each other from prior sessions. In this case authentication must be based on certificates and a common trusted third party. A PKI is needed for certificate management through their lifecycle. Efficient and more sophisticated path verification(certificate based user authentication) algorithms are required in MANETs because mobile devices have limited processor capacity and memory storage. 153

Creating Virtual Hierarchy in Peer-to-Peer PKI to Simplify Certificate Path Discovery

Creating Virtual Hierarchy in Peer-to-Peer PKI to Simplify Certificate Path Discovery Creating Virtual Hierarchy in Peer-to-Peer PKI to Simplify Certificate Path Discovery Balachandra Muniyal Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal University,

More information

Public Key Infrastructure

Public Key Infrastructure UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported

More information

Cross-Certification and PKI Policy Networking

Cross-Certification and PKI Policy Networking Entrust Cross-Certification and PKI Policy Networking Author: Jim Turnbull Date: August 2000 Version: 1.0 Copyright 2000-2003 Entrust. All rights reserved. 1 Entrust is a registered trademark of Entrust,

More information

Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks

Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks Computer Communications 30 (2007) 1498 1512 www.elsevier.com/locate/comcom Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks Cristina Satizábal a,b, Juan Hernández-Serrano

More information

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Stefan Kotes, Engineering Manager Agenda Tumbleweed company overview Certification

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led

Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led Course Description During this five-day course, students will learn how to design an Active

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3 Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability Version 1.0.3 Prepared for: Department of Defense (DoD) PKI August 27, 2008 Page 1 Table of

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

Keywords: Public Key Infrastructure, Cryptography, Certification Authority, Bridge Certificate Authority, B2B, and Electronic Commerce

Keywords: Public Key Infrastructure, Cryptography, Certification Authority, Bridge Certificate Authority, B2B, and Electronic Commerce Bridge Certification Authorities: Connecting B2B Public Key Infrastructures William T. Polk and Nelson E. Hastings National Institute of Standards and Technology Businesses are deploying Public Key Infrastructures

More information

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key

More information

ITL BULLETIN FOR JULY 2012. Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

ITL BULLETIN FOR JULY 2012. Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance ITL BULLETIN FOR JULY 2012 Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance Paul Turner, Venafi William Polk, Computer Security Division, Information

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Tim Baldridge AWG

More information

TeleTrusT European Bridge CA Status and Outlook

TeleTrusT European Bridge CA Status and Outlook TeleTrusT European Bridge CA Status and Outlook TeleTrusT Workshop, Saarbrücken, 2010-06-11 Dr. Guido von der Heidt, Siemens AG Copyright Siemens AG 2010. All rights reserved. Secure (E-Mail) Communication

More information

Public Key Infrastructure

Public Key Infrastructure Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government

More information

The IVE also supports using the following additional features with CA certificates:

The IVE also supports using the following additional features with CA certificates: 1 A CA certificate allows you to control access to realms, roles, and resource policies based on certificates or certificate attributes. For example, you may specify that users must present a valid client-side

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Designing a Windows Server 2008 Active Directory Infrastructure and Services Course Code: M6436 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Designing a Windows Server 2008 Active Directory Infrastructure and Services Overview During this five-day course, delegates

More information

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key. The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.

More information

Lecture 10 - Authentication

Lecture 10 - Authentication Lecture 10 - Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Kerberos: What to know 1) Alice T rent : {Alice + Bob

More information

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0 Forum RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0 Copyright 2007-2014, The CA / Browser Forum, all rights reserved. Verbatim copying and distribution

More information

Certificate Policies and Certification Practice Statements

Certificate Policies and Certification Practice Statements Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

Lecture 10 - Authentication

Lecture 10 - Authentication CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 10 - Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

More information

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA) Computer Science CSC/ECE 574 Computer and Network Security Topic 7.2 Public Key Infrastructure (PKI) CSC/ECE 574 Dr. Peng Ning 1 What Is PKI Informally, the infrastructure supporting the use of public

More information

PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London

PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London PKI implementation issues in B2B e-commerce Pita Jarupunphol and Chris J. Mitchell Information Security Group, Royal Holloway, University of London About the authors Pita Jarupunphol (B.B.A. (Dhurakijpundit)

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys. Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu

More information

Driving Safely on Information Highway. April 2006

Driving Safely on Information Highway. April 2006 Driving Safely on Information Highway April 2006 Agenda FIPS 201 and PK enabling Challenges of PK enabling Ways to meet the challenges PKIF Webcullis (demo) TrustEnabler (demo) FIPS 201 unique PK enabling

More information

EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support

EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support Technology Concepts and Business Considerations Abstract Encryption plays an increasingly important role in IT infrastructure

More information

DoD Root Certificate Chaining Problem

DoD Root Certificate Chaining Problem DoD Public Key Enablement (PKE) Information Paper DoD Root Certificate Chaining Problem Contact: PKE_Support@disa.mil URL: http://iase.disa.mil/pki/pke Audience This document is intended for DoD system

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

National Certification Authority Framework in Sri Lanka

National Certification Authority Framework in Sri Lanka National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if

More information

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...

More information

Restricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading

Restricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading Restricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading Capt James M. Hayes, USAF Systems and Network Attack Center National Security Agency Suite

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Module 2: Deploying and Managing Active Directory Certificate Services

Module 2: Deploying and Managing Active Directory Certificate Services Course Syllabus Course 6426B: Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory About this Course This three-day instructor-led course provides in-depth

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Certificate Authority Product Overview Technology White Paper

Certificate Authority Product Overview Technology White Paper RSA Keon Certificate Authority Product Overview Technology White Paper e-business is an integral component of everyday life-from online banking and brokerage transactions, to chip-based smart cards and

More information

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0 Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark

More information

Digital certificates and SSL

Digital certificates and SSL Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between

More information

Security Architecture for Development and Run Time Support of Secure Network Applications

Security Architecture for Development and Run Time Support of Secure Network Applications Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO

More information

Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI

Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI Modeling and Evaluation of Certification Path Discovery in the Emerging Global PKI Meiyuan Zhao 1 and Sean W. Smith 2 1 Communications Technology Lab Intel Corporation Hillsboro, OR 97124 meiyuan.zhao@intel.com

More information

U. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.

U. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice. U. S. Department of Justice Information Technology Strategic Plan Public Key Infrastructure at the Department of Justice White Paper * Introduction As part of its strategic plan, the Department of Justice

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

NIST ITL July 2012 CA Compromise

NIST ITL July 2012 CA Compromise NIST ITL July 2012 CA Compromise Prepared for: Intelligent People paul.turner@venafi.com 1 NIST ITL Bulletin on CA Compromise http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf These

More information

MS 20414 Implementing an Advanced Server Infrastructure

MS 20414 Implementing an Advanced Server Infrastructure MS 20414 Implementing an Advanced Server Infrastructure P a g e 1 of 10 About this Course In this course, students will learn how to plan and implement some of the more advanced features available in Windows

More information

A PKI approach targeting the provision of a minimum security level within Internet

A PKI approach targeting the provision of a minimum security level within Internet A PKI approach targeting the provision of a minimum security level within Internet Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET/INT/LOR Maryline.Maknavicius@int-evry.fr Abstract After decades

More information

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Implementing and Administering Security in a Microsoft Windows Server 2003 Network Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course 2823: Five days; Instructor-led Introduction This five-day instructor-led course addresses the MCSA and MCSE skills

More information

White Paper: Managing Security on Mobile Phones

White Paper: Managing Security on Mobile Phones White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile

More information

A PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E- GOVERNMENT SERVICES IN ROMANIA

A PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E- GOVERNMENT SERVICES IN ROMANIA A PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E- GOVERNMENT SERVICES IN ROMANIA NICUȘOR VATRA The Doctoral School Department, The Bucharest Academy of Economic Studies, 6, Romana Square, district 1

More information

Chapter 5. Regression Testing of Web-Components

Chapter 5. Regression Testing of Web-Components Chapter 5 Regression Testing of Web-Components With emergence of services and information over the internet and intranet, Web sites have become complex. Web components and their underlying parts are evolving

More information

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia Miscellaneous Publication Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia SAA MP75 1996 STRATEGIES FOR THE IMPLEMENTATION OF A PUBLIC KEY AUTHENTICATION FRAMEWORK

More information

Microsoft 6436 - Design Windows Server 2008 Active Directory

Microsoft 6436 - Design Windows Server 2008 Active Directory 1800 ULEARN (853 276) www.ddls.com.au Microsoft 6436 - Design Windows Server 2008 Active Directory Length 5 days Price $4169.00 (inc GST) Overview During this five-day course, students will learn how to

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates

More information

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240 PKI Uncovered Andre Karamanian Srinivas Tenneti Francois Dessart Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction XIII Part I Core Concepts Chapter 1 Crypto Refresh 1 Confidentiality,

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001

Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001 D. Richard Kuhn Vincent C. Hu W. Timothy Polk Shu-Jen Chang National Institute of Standards and Technology, 2001.

More information

Overview. Certification Authority. PKI Clients. Registration Authority. Public Key Infrastructure. Public Key Infrastructure

Overview. Certification Authority. PKI Clients. Registration Authority. Public Key Infrastructure. Public Key Infrastructure Public Key Infrastructure Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-07/ Public

More information

How to Prepare Your Salesforce Service for Certificate Changes

How to Prepare Your Salesforce Service for Certificate Changes How to Prepare Your Salesforce Service for Certificate Changes Salesforce, Winter 16 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

Implementing an Advanced Server Infrastructure

Implementing an Advanced Server Infrastructure Page 1 of 9 Overview Who should attend? Get hands-on instruction and practice planning, designing and deploying a physical and logical Windows Server 2012 R2 enterprise infrastructure in this 5-day Microsoft

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide 1 Cyber Warnings E-Magazine August 2015 Edition End-to-End Encryption for Emails. An Organizational Approach by Dr Burkhard Wiegel, Founder and CEO, Zertificon Solutions The threat to electronic enterprise

More information

Testing Intelligent Device Communications in a Distributed System

Testing Intelligent Device Communications in a Distributed System Testing Intelligent Device Communications in a Distributed System David Goughnour (Triangle MicroWorks), Joe Stevens (Triangle MicroWorks) dgoughnour@trianglemicroworks.com United States Smart Grid systems

More information

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security

More information

Securing LAN Connected Devices in Industrial Sites with TLS and Multicast DNS

Securing LAN Connected Devices in Industrial Sites with TLS and Multicast DNS Securing LAN Connected Devices in Industrial Sites with TLS and Multicast DNS Tero Keski-Valkama May 28, 2015 Version 1.0 Abstract This whitepaper outlines a more flexible and more secure user interface

More information

www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013

www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013 www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

Protect Identities for people, workstations, mobiles, networks

Protect Identities for people, workstations, mobiles, networks ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

1 Public Key Cryptography and Information Security

1 Public Key Cryptography and Information Security International Carpathian Control Conference ICCC 2002 MALENOVICE, CZECH REPUBLIC May 27-30, 2002 IMPLEMENTATION ISSUES OF PKI TECHNOLOGY Victor-Valeriu PATRICIU, Marin BICA and Ion BICA Department of Computer

More information

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain

More information

Transglobal Secure Collaboration Program Secure E-Mail v.1 Enterprise E-Mail Environment High Level Design

Transglobal Secure Collaboration Program Secure E-Mail v.1 Enterprise E-Mail Environment High Level Design Transglobal Secure Collaboration Program Secure E-Mail v.1 Enterprise E-Mail Environment High Level Design Prepared by: TSCP Secure E-Mail v.1 Project Team Version: 2.0.2 Date: 16 July 2012 TSCP Secure

More information

Enterprise Energy Management with JouleX and Cisco EnergyWise

Enterprise Energy Management with JouleX and Cisco EnergyWise Enterprise Energy Management with JouleX and Cisco EnergyWise Introduction Corporate sustainability and enterprise energy management are pressing initiatives for organizations dealing with rising energy

More information

Authentication Applications

Authentication Applications Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

COMPARISON OF CERTIFICATE POLICIES FOR- MERGING PUBLIC KEY INFRASTRUCTURESDURING MERGER AND ACQUISITION OF COMPANIES

COMPARISON OF CERTIFICATE POLICIES FOR- MERGING PUBLIC KEY INFRASTRUCTURESDURING MERGER AND ACQUISITION OF COMPANIES COMPARISON OF CERTIFICATE POLICIES FOR- MERGING PUBLIC KEY INFRASTRUCTURESDURING MERGER AND ACQUISITION OF COMPANIES Balachandra Muniyal 1, Prema K.V 2, Mamatha Balachandra 3 1 Dept. of Information and

More information

Committee on National Security Systems

Committee on National Security Systems Committee on National Security Systems CNSS POLICY No.25 March 2009 NATIONAL POLICY FOR PUBLIC KEY INFRASTRUCTURE IN NATIONAL SECURITY SYSTEMS. 1 CHAIR FOREWORD 1. (U) The CNSS Subcommittee chartered a

More information

Certificate technology on Pulse Secure Access

Certificate technology on Pulse Secure Access Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

AAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report

AAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report AAI - Authentication and Authorization Infrastructure Task Force Certificate Authority Final Report 2003 SWITCH Document management Version/status: 1.0 / final Date: 15-JUL-03 Author(s): René Hüsler HTA

More information

Authentication is not Authorization?! And what is a "digital signature" anyway?

Authentication is not Authorization?! And what is a digital signature anyway? Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information

More information

6.1.2 Installing AD DS 7:45

6.1.2 Installing AD DS 7:45 Module 6 Active Directory Module 6 discusses using Active Directory roles; using RODC to access read-only partitions of an Active Directory database, adding Certificate Services role services, managing

More information

Certificate technology on Junos Pulse Secure Access

Certificate technology on Junos Pulse Secure Access Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure

More information

Making Digital Signatures Work across National Borders

Making Digital Signatures Work across National Borders Making Digital Signatures Work across National Borders Jon Ølnes, Anette Andresen, Leif Buene, Olga Cerrato, Håvard Grindheim DNV (Det Norske Veritas), Norway DNV trusted third party for 140 years Det

More information

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES Application Vulnerability Scanning. A web-based application service hosted by Verizon Business to provide customers

More information

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT

More information

Blending FreeIPA in a Certificate Infrastructure

Blending FreeIPA in a Certificate Infrastructure FreeIPA 3.3 Training Series Blending FreeIPA in a Certificate Infrastructure Jan Cholasta 2014-02-18 FreeIPA and PKI (1) Some services require certificates for secure communication FreeIPA includes CA

More information

SSL Certificates and Bomgar

SSL Certificates and Bomgar SSL Certificates and Bomgar 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective

More information

Implementing Microsoft Security Networks Course No. MS2823 h 5 Days

Implementing Microsoft Security Networks Course No. MS2823 h 5 Days COURSE OVERVIEW This five-day instructor-led course addresses the MCSA and MCSE skills path for IT Pro security practitioners, specifically addressing the training needs of those preparing for the 70-299

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

RSA Digital Certificate Solution

RSA Digital Certificate Solution RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong

More information