E-Book Security Assessment: NuvoMedia Rocket ebook TM

Size: px
Start display at page:

Download "E-Book Security Assessment: NuvoMedia Rocket ebook TM"

Transcription

1 E-Book Security Assessment: NuvoMedia Rocket ebook TM July 1999 Prepared For: The Association of American Publishers Prepared By: Global Integrity Corporation 4180 La Jolla Village Drive, Suite 450 La Jolla, CA Copyright 1999, Global Integrity Corporation This document may be reproduced provided that copyright notices are not removed

2 Table of Contents TABLE OF CONTENTS 2 INTRODUCTION 2 1 BUSINESS MODEL AND DESIGN RATIONALE 2 2 SYSTEM OVERVIEW PRODUCT PUBLISHER INTERACTIONS CUSTOMER INTERACTIONS 3 3 SECURITY FINDINGS PUBLISHING SECURITY SERVER SECURITY TRANSMISSION SECURITY E-BOOK DEVICE SECURITY 6 4 DISCUSSION OF MAJOR SECURITY AREAS LACK OF DOCUMENTATION PRIVATE KEY SECURITY ENCRYPTION STRENGTH ANALYSIS 8 Introduction This assessment discusses the security features of the Rocket e-book TM by NuvoMedia. NuvoMedia, Inc. 310 Villa Street Mountain View, California Tel: (650) Fax: (650) Web Site: This assessment was prepared following the methodology described in the Global Integrity Corporation E-Book Security Assessment: General Report dated July Business Model and Design Rationale NuvoMedia provides a Web-conduit service and portable reader device (Rocket e-book TM ) allowing publishers to sell electronic versions of their content ( digital titles ). NuvoMedia intends for digital titles to be sold through conventional booksellers web sites as the electronic version of the paper title. A publisher can use the NuvoMedia system to maintain digital titles on specific servers running the NuvoMedia software that in some sense act as electronic printing presses. NuvoMedia allows publishers complete freedom in formatting the digital title as they see fit. The publisher (or a subcontractor) formats the digital title using a subset of industrystandard HTML. This formatted digital title is then uploaded to a secure server for eventual distribution to customers. Distribution to customers is a secure process: by packaging and protecting the digital title during transmission the publisher s digital title is secured from theft. Additionally, purchased digital Copyright 1999 Global Integrity Corporation 2 NuvoMedia

3 titles are encrypted in such a way as to be readable only on that customer s Rocket e-book TM. The customer shops for digital titles at bookseller web sites and upon purchase can download the content to their PC from the designated servers running the NuvoMedia software. Librarian software is used to manage digital titles on the customer s PC and download digital titles to the Rocket e-book TM via a cradle attached to the serial port or by infrared link. NuvoMedia developed the Rocket e-book TM with the intent to provide ease of use, readability, and security of the digital titles. 2 System Overview 2.1 Product NuvoMedia developed a proprietary reading device, the Rocket e-book TM, running on a 32-bit ARM RISC chip and proprietary embedded operating system. About the size of a paperback book, the Rocket e-book TM weighs approximately 22 ounces, has a 3-inch by 4.5-inch backlit black and white LCD touchscreen, and a 33-hour battery-life. On the face of the unit are four touch-sensitive buttons, in addition to two forward and backward buttons. A stylus is provided for tapping the touchscreen. The unit comes with a serial-port cradle, an infrared port, a battery charger unit, carrying case, librarian software for the customer s PC, and two digital titles. The librarian software for the PC is used to organize downloaded digital titles for the Rocket e- book TM. Digital titles can be maintained on the customer s PC and downloaded to the Rocket e- book TM with this software. The librarian software also is used for updating the firmware on the Rocket e-book TM when updates are made available. 2.2 Publisher Interactions Publishers who arrange with NuvoMedia for distribution of digital titles are responsible for formatting and uploading content to a secure NuvoMedia-maintained server, which may or may not reside at the publisher s location. Currently, all digital titles are maintained at a single site running the NuvoMedia software. While the equipment is owned by NuvoMedia, it is currently located at a third party hosting site that provides web server hosting services. Digital titles are formatted for the NuvoMedia reader device using a subset of HTML; support for including special tags specific for the Rocket e-book TM can be accommodated if necessary. Publishers may choose to use an outside subcontractor to perform this formatting service for them. Digital titles can be uploaded at any time to the server using a Web browser, along with associated metadata such as suggested retail price and copyright notices. Publishers can decide when digital titles on the server will be made available to the general public. Prior to general availability publishers can preview the digital title on their own Rocket e-book TM using a method similar to a normal customer download. 2.3 Customer Interactions Customers obtain digital titles for their Rocket e-book TM by shopping at established bookseller web sites. In this way, customers use standard methods for paying for digital titles. The bookseller, not NuvoMedia, is responsible for obtaining payment from the customer for the digital titles. Once a customer purchases a digital title, the bookseller, using a separate channel, informs the server, running the NuvoMedia software which digital title has been purchased by a customer. The customer is given a pick-up URL (a URL, containing random character portions, that points to the server) from which digital titles can be downloaded. By clicking on the URL in the Copyright 1999 Global Integrity Corporation 3 NuvoMedia

4 browser, a download session is started. The media type of the download causes the librarian software on the PC, supplied with the Rocket e-book TM, to initiate. The librarian software maintains the various digital titles that have been downloaded by that customer. The digital titles themselves are stored on the PC in unreadable, encrypted form. The librarian software is also used to download digital titles content from the customer s PC to the Rocket e-book TM. This process is performed either through a cradle attached to the serial port of the PC or through an infrared port. Customers can choose which digital titles to download into the memory of the Rocket e-book TM for viewing. During this entire download process, the digital title remains in encrypted form. 3 Security Findings 3.1 Publishing Security Digital Title Protection Formatted content can be uploaded to the server running the NuvoMedia software for preview and post-sale delivery to customers in a secure manner. Interactions with the server are done through an encrypted SSL connection. Protection for the digital titles integrity once uploaded is not currently enforced. Previewing the digital title may allow any alteration to be detected, but there is no automated way to ensure that the digital title that is downloaded is the same as the one that was uploaded. There are procedures, such as computing a hash of the digital title upon upload, which would be simple to implement that would ensure digital title integrity User Authentication There are two types of authentication that are used to assure only legitimate publishers gain access to the server running the NuvoMedia software. The first type uses a login and password sequence that publishers must enter to access the server. In addition, only machines at specified IP addresses are permitted entry. 3.2 Server Security System Administration NuvoMedia employs an industry recognized server system to act as the digital title server. A firewall is in place between the server and the Internet to prevent malicious access. NuvoMedia has adopted industry-accepted security practices to protect their server Digital Title Protection Digital titles that have been uploaded by publishers are stored in unencrypted form on the server running the NuvoMedia software. There are no specific safeguards for digital title integrity while the digital title is in this quiescent state User Authentication Customers access the server running the NuvoMedia software via the pick-up URL, issued by the bookseller upon purchase of a digital title. When accessing this URL, the customer provides the address that was given during the initial registration process of the Rocket e-book TM. Using this information, the server is able to use the appropriate public key for that customer s specific Rocket e-book TM to encrypt the digital title s secret key prior to download. No additional checks Copyright 1999 Global Integrity Corporation 4 NuvoMedia

5 are performed on the identity of the user; i.e. the particular person using the pick-up URL is not verified. Booksellers must inform the digital title server when a customer has purchased a digital title. This allows the pick-up URL to be generated and returned to the bookseller for presentation to the customer. In its current implementation, this information exchange between the bookseller and the server does not include a mutual authentication exchange. This is a potential vulnerability for both parties, particularly as the number of booksellers increases. For example, a malicious attacker may pose as a legitimate bookseller and claim that a title has been purchased. 3.3 Transmission Security Digital Title Protection The server running the NuvoMedia software knows the public keys of all currently authorized Rocket e-books TM. It is the use of these public keys that ensures that the digital title being transmitted can only be viewed by one particular Rocket e-book TM : the one with the matching private key. An important security feature of this system is that the digital title is encrypted uniquely each time it is downloaded by a new customer. This ensures that there is not a single point of failure for all the other copies of the same digital title on all the other Rocket e-books TM. When a consumer accesses a pick-up URL several process steps occur at that time: The digital title that the consumer is requesting is compressed. The compressed digital title to be protected is then encrypted with a symmetric algorithm using a random key. Other content, such as marketing materials and copyright notices, is left in the clear. The symmetric key used to encrypt the protected content is encrypted itself using the public key associated with the customer s Rocket e-book TM. The encrypted content (result of step 2) is digitally signed using the private key of the NuvoMedia server, for which the Rocket e-book TM knows the associated public key. A package that includes the results of steps 2 through 5 is downloaded to the customer s PC. These steps ensure that the content is protected during transmission, the content originates from an authorized server, and only the customer s Rocket e-book TM can decrypt the content User Authentication Before downloading any content, the customer is required to register his new Rocket e-book TM with NuvoMedia. This registration process involves both customer and Rocket e-book TM registration. At the time the customer registers their Rocket e-book TM, by giving such information as an address, the Rocket e-book TM registers itself by uploading a specific set of data particular to that individual Rocket e-book TM. At this time, a particular public/private key pair is computed for the Rocket e-book TM on the server running the NuvoMedia software and a proprietary certificate mechanism is used to supply the private key to the Rocket e-book TM. This differs from industry best practices, in which the private key never leaves the device on which it is generated. Advertising the private key at all through such a mechanism potentially reduces its secrecy. At the same time, the Rocket e-book TM is configured with the public key of the server running the NuvoMedia software. These keys allow future exchanges to be done securely, as described in the previous section. Since Rocket e-books TM are configured with the public key of this server, the Copyright 1999 Global Integrity Corporation 5 NuvoMedia

6 protection of this key pair at the server is important. This key pair is used to authenticate the server s identity. Compromise of this one key pair invalidates the notion of the trusted server for all registered Rocket e-books TM. It is a potential single point of failure in the system, particularly during the registration of a new Rocket e-book TM with NuvoMedia. For instance, there is a possibility that a sophisticated attacker who had surreptitiously received this key pair could alter and sign the data intended for the new customer s device. One further method used to foil unauthorized accesses of the digital title server running the NuvoMedia software is the expiration of pick-up URLs after a certain amount of time. Once the bookseller issues a pick-up URL, it is only valid for a period of days. The pick-up URL validity period is tuneable by NuvoMedia, which tries to balance the customer s convenience of not having to immediately download the title against the security risk of leaving access to the title open for an extended period of time. 3.4 E-Book Device Security Digital Title Protection As described in the previous sections, the digital title provided to the server running the NuvoMedia software is viewable only on one customer s Rocket e-book TM. This is true since the digital title can only be decrypted using the customer s private key to gain access to the digital title s symmetric encryption key. With the appropriate keys, the Rocket e-book TM follows the following steps to display the content: The signature on the encrypted digital title is verified using the public key of the server running the NuvoMedia software. The digital title s encryption key is decrypted using the reader device s private key. The compressed digital title is decrypted using the digital title s symmetric encryption key. The compressed digital title is then uncompressed. The digital title is formatted for viewing based on the current view of the Rocket e-book TM. During this process, only a small amount of the digital title is decrypted at any one time. The amount of decrypted digital title varies slightly depending on how the digital title was originally prepared by the publisher; however, the full decrypted text is never stored. Currently, a customer is permitted unlimited viewing of purchased digital title. The Rocket e- book TM itself can store several digital titles at one time. The software that the Rocket e-book TM uses to perform these functions can be updated from time to time via a download of new system software. NuvoMedia maintains the source code for all of the firmware (embedded OS, application, cryptographic algorithms) in house and occasionally makes updates available for the customer at time of digital title download. When such updates are available, the customer is prompted when a pick-up URL is accessed. The system software is encrypted during download. The proprietary nature of the Rocket e-book TM hardware gives it an added advantage in protecting content and decryption methods. The hardware is built around a Sharp LH77790A RISC microcontroller, presumably developed with the LU7790H2A ARM Hardware Development Toolkit. The LH77790A has many features integrated into the chip such as LCD controller, infrared services, and memory controller. These functions usually require additional onboard components, which would leave unencrypted content vulnerable while being transmitted to the screen controller or memory. While the development kit for the micro-controller is easily Copyright 1999 Global Integrity Corporation 6 NuvoMedia

7 obtainable, it lacks the tools required to disassemble or reverse-engineer the Rocket e-book TM software User Authentication The serial number of each Rocket e-book TM is publicized and displayed on the bottom of each Rocket e-book TM. This number, though, is not used for securing data transmission. Any information required for secure registration is stored securely on a tamper resistant chip within the Rocket e-book TM when it is manufactured. 4 Discussion of Major Security Areas There are three main areas of NuvoMedia s security that merit discussion: Lack of documentation of system s design and security policies and procedures. Best practices are not used for securing a customer s private key. Encryption strength cost/effort analysis. 4.1 Lack of Documentation Detailed up-to-date documentation describing the system s design and security policies and procedures were not available for this review. According to NuvoMedia, there is an extensive set of design documentation that is maintained internally though we were unable to verify it for this review. NuvoMedia has yet to fully document its security policies and procedures; they are aware of the necessity to address this in the future. Good documentation is a valuable asset for any system, whether or not any of the information is made public. A lack of documentation has the following drawbacks: Information regarding the system tends to be maintained in the heads of a few critical individuals Consistency of design and policy is not ensured between individuals Later design and policy decisions may not take into account earlier decisions There is no effective method of internal review of the design and policies The designs and policies are essentially closed, making external review difficult With respect to the last point, closed systems are inherently more difficult to trust. While there may be numerous business reasons why NuvoMedia does not want the details of its system discussed in public, there would be positive aspects to this type of openness. Take the development of the SSL protocol as an example. SSL is designed to make transactions across the Internet secure. This system is trusted, not because SSL internal security aspects are kept hidden, but exactly for the opposite reason. SSL was developed in the open and could be reviewed by the industry. This fostered its trusted status and the resulting rapid and extensive acceptance by the industry. 4.2 Private Key Security NuvoMedia does not follow industry best practices by generating the private key for the customer outside the Rocket e-book TM and then delivering that key over an open network. This approach was a result of a design tradeoff made by NuvoMedia as is often the case when considering the implications of good-enough security versus ease-of-use for their customers. Encryption using public/private keys is a powerful way of securing communication over the Internet. The Copyright 1999 Global Integrity Corporation 7 NuvoMedia

8 methodology is based on a set of practices that ensure maximal security for the parties involved in secure communication. An important facet of this methodology is the protection of the private key from exposure. The best way to accomplish this is to make sure the private key itself never leaves a secured store. The Rocket e-book TM does not generate its own keys and, therefore, the private key for the customer must be supplied to it from the external world. This currently happens during the registration process. While this process does encrypt the information being exchanged during transmission, it is less rigorous than doing the key generation on the device itself. Breaking the transmission encryption would result in exposure of the key. This process potentially exposes system security to unknown attack because the mechanism does not follow a recognized trusted methodology that is known to ensure security. 4.3 Encryption Strength Analysis This section provides an overview of the cost/effort analysis that was performed on the encryption technology used by NuvoMedia. The aim of this section is to show the factors that address the longer-term security of encrypted content basing the analysis on the encryption methods used by NuvoMedia. Encrypted digital titles will not remain secure forever. Computational capacity is always increasing. Moore s Law states that computational abilities double about every 18 months. It is not clear whether this pace of improvement will be sustained indefinitely, due to physical limitations or other barriers, but this law has been a fairly consistent predictor for two decades. Increased computational ability allows brute force attacks on encrypted content to be accomplished in increasingly shorter time frames. The faster you can try every possible decryption key, the easier it is to eventually crack the encryption. Today an encryption technique may have enough possible keys that attempting to find the correct one would take centuries or millennia or longer to try each one. However, eventually the increase in computation speed will chip away at that security. The exponential growth of computational speed, combined with the increasing sophistication of methods for breaking encryption, will eventually catch up with even the most forward-thinking encryption techniques. This concept should be well noted in terms of protecting copyrighted materials through the life of their copyright. Once a piece of copyrighted material is released in digital form, properly secured, it cannot be taken back. That digital version of the work can potentially be attacked years in the future with the advantage of increased computational speed. Encrypted copyrighted material, for which the copyright lasts 75 years, could be trivial to crack in the much nearer future. The graph below shows how the current encryption technique used by NuvoMedia stands up against Moore s Law over 50 years. Just as computational abilities are expected continue to improve, it is reasonable to assume that advances in cryptography will also provide better protection. NuvoMedia s security architecture accommodates this model by allowing newer encryption algorithms to be upgraded in the future by upgrading the server s software and the e- book s firmware, which would shift the lines on the graph to the right (i.e., increasing the time before the encryption is likely to be broken). The graph shows the expected number of years that it would take to crack a current e-book title using different levels of computational resources. The time it would take to exhaustively checked each possible encryption key for the encryption key size was calculated. The number of keys that can be scanned with current technology were based key scanning statistics public within the industry. From these baseline key searching speed, it was assumed that computational abilities would double every 18 months. The lines on the graph range from using a cheap approach, for example an average PC, to an expensive approach using multiple computers with higher Copyright 1999 Global Integrity Corporation 8 NuvoMedia

9 computational capabilities. The expensive solution would cost on the order of a million of today s dollars. The Cheap Personal Computer solution represents the average desktop computer. Copyright 1999 Global Integrity Corporation 9 NuvoMedia

10 Level of effort (in years) estimated for brute force attack NuvoMedia Press Encryption Year Cheap Low Medium Expensive 0 1 Figure 1: NuvoMedia Press Encryption As you can see, the encryption techniques that NuvoMedia uses to secure the publisher s digital titles are very secure today. Even with a million-dollar endeavor an encrypted digital title would be expected to withstand a brute force attack for over 25 years, and it is completely infeasible to crack a digital title with anything less. The playing field is continuously changing though. By the year 2011, that digital title is trivial to crack for the expensive solution. Continuing into the future, by 2040 halfway through the copyright term of the title the encryption will not offer any protection for the work. Copyright 1999 Global Integrity Corporation 10 NuvoMedia

White Paper. Enhancing Website Security with Algorithm Agility

White Paper. Enhancing Website Security with Algorithm Agility ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today

More information

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10. Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Security in Android apps

Security in Android apps Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

RFG Secure FTP. Web Interface

RFG Secure FTP. Web Interface RFG Secure FTP Web Interface Step 1: Getting to the Secure FTP Web Interface: Open your preferred web browser and type the following address: http://ftp.raddon.com After you hit enter, you will be taken

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

RightFax Internet Connector Frequently Asked Questions

RightFax Internet Connector Frequently Asked Questions RightFax Internet Connector Frequently Asked Questions What is the RightFax Internet Connector? The RightFax Internet Connector is a connector within RightFax 10.5 which provides an Internet connection

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

B U S I N E S S G U I D E

B U S I N E S S G U I D E VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?

More information

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Using Voltage SecureMail

Using Voltage SecureMail Using Voltage SecureMail Using Voltage SecureMail Desktop Based on the breakthrough Identity-Based Encryption technology, Voltage SecureMail makes sending a secure email as easy as sending it without encryption.

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Technical White Paper BlackBerry Security

Technical White Paper BlackBerry Security Technical White Paper BlackBerry Security For Microsoft Exchange Version 2.1 Research In Motion Limited 2002 Research In Motion Limited. All Rights Reserved Table of Contents 1. INTRODUCTION... 1 2. ARCHITECTURE...

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What

More information

Credit Card Security

Credit Card Security Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary

More information

9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers Cryptography Basics IT443 Network Security Administration Instructor: Bo Sheng Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions 1 2 Encryption/Decryption

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

ERserver. iseries. Secure Sockets Layer (SSL)

ERserver. iseries. Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...

More information

MadCap Software. Upgrading Guide. Pulse

MadCap Software. Upgrading Guide. Pulse MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

Strong Security in Multiple Server Environments

Strong Security in Multiple Server Environments White Paper Strong Security in Multiple Server Environments VeriSign OnSite for Server IDs Contents 1. Introduction 1 2. Security Solutions: The Digital ID System 2 2.1. What Is a Digital ID? 2 2.2 How

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

VeriSign Code Signing Digital Certificates for Adobe AIR Technology

VeriSign Code Signing Digital Certificates for Adobe AIR Technology VeriSign Code Signing Digital Certificates for Adobe AIR Technology Realizing the Possibilities of Internet Software Distribution Contents + What is Code Signing and Why is it Important? 3 + Who Needs

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Understanding and Integrating KODAK Picture Authentication Cameras

Understanding and Integrating KODAK Picture Authentication Cameras Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion... IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V

More information

SWFP: Secure Web Feed Protocol

SWFP: Secure Web Feed Protocol SWFP: Secure Web Feed Protocol Frédérick Giasson fred [at] fgiasson.com Abstract SWFP ensures the secure broadcasting of web feeds content over a local network or the Internet. The protocol is built to

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Small Business Backup & Recovery (File Servers, Peer-to-Peer, Laptops, Desktops)

Small Business Backup & Recovery (File Servers, Peer-to-Peer, Laptops, Desktops) Small Business Backup & Recovery (File Servers, Peer-to-Peer, Laptops, Desktops) Smart Features: Continuous Backup Anywhere Access to Backed Up Data Simple Rate Plan Secure Bank Grade Encryption Open Files

More information

PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards

PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards Table of Contents PCI Security Compliance in KANA Solutions...1 The Importance of Protecting

More information

Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates

Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates Network Solutions Secure Services Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure s The Federal Trade Commission (FTC) estimates that 3.2 million US citizens every

More information

Digital Signatures on iqmis User Access Request Form

Digital Signatures on iqmis User Access Request Form Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon 1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010 S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M Bomgar Product Penetration Test September 2010 Table of Contents Introduction... 1 Executive Summary... 1 Bomgar Application Environment Overview...

More information

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES Product Brief DC-Protect Content based backup and recovery solution By DATACENTERTECHNOLOGIES 2002 DATACENTERTECHNOLOGIES N.V. All rights reserved. This document contains information proprietary and confidential

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates

Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates 2008 Copyright Godaddy. All rights Reserved Page 1 Contents 1. Where We Are Now...3 2. How SSL Certificates

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. Course Assessment Answers-1 Course Assessment The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. 1. A person

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

Chapter 7 Managing Users, Authentication, and Certificates

Chapter 7 Managing Users, Authentication, and Certificates Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: Adding Authentication Domains, Groups, and Users Managing Certificates Adding Authentication Domains,

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Ciphermail for Android Quick Start Guide

Ciphermail for Android Quick Start Guide CIPHERMAIL EMAIL ENCRYPTION Ciphermail for Android Quick Start Guide June 19, 2014, Rev: 5460 Copyright 2011-2014, ciphermail.com 3 CONFIGURATION WIZARD 1 Introduction This quick start guide helps you

More information

Understanding Digital Signature And Public Key Infrastructure

Understanding Digital Signature And Public Key Infrastructure Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

Uila SaaS Installation Guide

Uila SaaS Installation Guide USER GUIDE Uila SaaS Installation Guide January 2016 Version 1.8.1 Company Information Uila, Inc. 2905 Stender Way, Suite 76E Santa Clara, CA 95054 USER GUIDE Copyright Uila, Inc., 2014, 15. All rights

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

WHY YOU NEED AN SSL CERTIFICATE

WHY YOU NEED AN SSL CERTIFICATE Go Daddy Technical Brief ecommerce Security WHY YOU NEED AN SSL CERTIFICATE In the world of electronic commerce, security is paramount. Although Web sales are on the rise, widespread fears about sending

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM Qi Wenhua, Zhang Qishan, Liu Hailong School of Electronics and Information Engineering BeiHang University, P. R. China 100083 ABSTRACT Security hardware based

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Encrypted Email Services

Encrypted Email Services Encrypted Email Services Version 2.1 General Level Instructions HIPAA Compliant Solution for Secured Communications via Email 2012-2013 Page 1 of 13 Table of Contents 1. Introduction 1.1 Description 1.2

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Computers and Society: Security and Privacy

Computers and Society: Security and Privacy 1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information