PKCS. PKCS: Public Key Cryptography Standards

Size: px
Start display at page:

Download "PKCS. PKCS: Public Key Cryptography Standards"

Transcription

1 : Public Key Cryptography Standards Devised and published by RSA Security Launched in 1991 as implementation agreements among early adopters of public-key cryptography Apple, Digital, Lotus, Microsoft, MIT, Northern Telecom, Novell, Sun Revised 1993, Cryptoki ( #11) released 1995 Workshops, ongoing updates, new documents since Standards #1 : RSA Cryptography Standard #3 : Diffie-Hellman Key-Agreement #5 : Password-Based Cryptography #7 : Cryptographic Message Syntax Standard Sign/encrypt messages under a PKI #8 : Private-Key Information Syntax #9 : Selected Attribute Types selected attribute types for use in #7, #8, #10 #10: Certification Request Syntax Format of messages sent to a certification authority to request certification of a public key #11: Cryptographic Token Interface (Cryptoki) #12: Personal Information Exchange Syntax #13: Elliptic Curve Cryptography Standard #14: Pseudo-random Number Generation #15: Cryptographic Token Information Format Standard Obsolete: #2, #4, #6 2

2 #1: RSA Cryptography RSA encryption, signature schemes v1.5 (1993) has basic RSA schemes, specified in SSL, S/MIME, PKIX v2.0 (1998) adds Bellare-Rogaway OAEP encryption v2.1 (2002) adds B-R PSS (Probabilistic Signature Scheme) #7: Cryptographic Message Syntax Signed, encrypted message syntax enhancement to Privacy-Enhanced Mail v1.5 (1993) has RSA-oriented key management, basis for S/MIME, some PKIX protocols IETF RFC 2630 (CMS) adds DH-oriented key management v1.6 (2009) supports SET (Secure Electronic Transaction) protocol 3 : Cryptographic Token Interface (a.k.a. Cryptoki) Programming interface for smart cards, other devices v1.0 (1995) has basic methods v2.01 (1997) adds cryptographic mechanisms, improves management v2.11 (2001) clarifies interfaces, adds more mechanisms - Main Goals: The primary goal of Cryptoki: a lower-level programming interface that abstracts the details of the devices; and presents to the application a common model of the cryptographic device, called a cryptographic token. A secondary goal: resource-sharing» as desktop multi-tasking operating systems become more popular, a single device should be shared between more than one application. In addition, an application should be able to interface to more than one device at a given time. 4

3 11 and several key concepts Slot place where the smart card is inserted Token thing, which is inserted into the Slot. Commonly the Smart Cards Object keys, certificates, data, sessions, etc. Session before any operation we need to establish a session to the token Object Data Key Certificate Public Key Private Key Secret Key 5 - Functions SmarCard Management:» C_GetSlotList» C_GetSlotInfo» C_GetTokenInfo» C_GetMechanismList» C_GetMechanismInfo» C_InitToken» C_InitPIN» C_SetPIN Digital Signature:» C_SignInit» C_Sign» C_SignUpdate» C_SignFinal» C_VerifyInit» C_Verify» C_VerifyUpdate» C_VerifyFinal Session Managment:» C_OpenSession» C_CloseSession» C_CloseAllSession» C_GetSessionInfo» C_Login» C_Logout Key Management:» C_GenerateKey» C_GenerateKeyPair» C_WrapKey» C_UnwrapKey Message Hashing:» C_DigestInit» C_Digest» C_DigestUpdate» C_DigestFinal 6

4 example Management of SmartCard - Generation of a public/private key pair: the C_GenerateKeyPair function performs the following operations: 1. Inserts the file EF_Index identification of key items obtained from templates; 2. Compiles the files EF_Kpub_Attribute and EF_Kpri_Attribute with information obtained from templates; 3. Constructs the file via the APDU command: EF_Kpub: CREATE FILE; 4. Constructs the object BSOKPRI-SIGN through the APDU command: APDU: PUT DATA OCI forcing algorithm and conditions of access consistent with the template of the private key; 5. Generates the key pair using the APDU command: APDU: GENERATE KEY PAIR. 7 example The C_GenerateKeyPair (pre-requisite? C_Login) Input Parameters: CK_SESSION_HANDLE hsession:» session handle obtained by the functions C_OpenSession and C_GetSessionInfo; CK_MECHANISM_PTR pmechanism:» pointer to the cryptographic mechanisms supported by the library; CK_ATTRIBUTE_PTR ppublickeytemplate:» pointer to the template of the public key; CK_ULONG ulpublickeyattributecount:» number of attributes of the template; CK_ATTRIBUTE_PTR pprivatekeytemplate:» pointer to the template of the private key; CK_ULONG ulprivatekeyattributecount:» number of attributes of the template; CK_OBJECT_HANDLE_PTR phpublickey:» pointer to where the library will return the object handle public key; CK_OBJECT_HANDLE_PTR phprivatekey:» pointer to where the library will return the object handle private key. CK_RV CK_ENTRY C_GenerateKeyPair ( CK_SESSION_HANDLE hsession, CK_MECHANISM_PTR pmechanism, CK_ATTRIBUTE_PTR ppublickeytemplate, CK_ULONG ulpublickeyattributecount, CK_ATTRIBUTE_PTR pprivatekeytemplate, CK_ULONG ulprivatekeyattributecount, CK_OBJECT_HANDLE_PTR phpublickey, CK_OBJECT_HANDLE_PTR phprivatekey ); 8

5 #15 #15: Cryptographic Token Information Format File format for cryptographic data on smart cards, other devices v1.0 (1998) newly released, candidate for WAP Forum, country e-id cards v1.1 (2004), adds software format Common formats for cryptographic objects File formats in case of smart cards Coordination with several groups:» WAP Forum» PC/SC Forum» SEIS (Sweden) 9 #15 - File System EF_Index: Elementary Linear File type TLV that contains identifiers # 11 (CKA_ID) objects public key, private key, certificates, and data objects in the Digital Signature directory. This file is used by the object management functions for the "navigation" of the Smart Card file system. 10

6 Abstraction: APPLICATION COM Ser.Provider C - API Crypto Service Provider Resource Manager IFD Driver OS manufacture IFD SC reader Smart Card 11 Abstraction in Windows - Cryptographic Service Provider (CSP): 12

PKCS. PKCS: Public Key Cryptography Standards. Apple, Digital, Lotus, Microsoft, MIT, Northern Telecom, Novell, Sun

PKCS. PKCS: Public Key Cryptography Standards. Apple, Digital, Lotus, Microsoft, MIT, Northern Telecom, Novell, Sun : Public Key Cryptography Standards Devised and published by RSA Security Launched in 1991 as implementation agreements among early adopters of public-key cryptography Apple, Digital, Lotus, Microsoft,

More information

JCCM : Flexible Certificates for smartcards with Java Card

JCCM : Flexible Certificates for smartcards with Java Card JCCM : Flexible Certificates for smartcards with Java Card M ā Celeste Campo, Andrés Marín, Arturo García, Ignacio Díaz, Peter T. Breuer, Carlos Delgado, Carlos García Universidad Carlos III de Madrid

More information

PKCS #11: Cryptographic Token Interface Standard

PKCS #11: Cryptographic Token Interface Standard PKCS #11: Cryptographic Token Interface Standard An RSA Laboratories Technical Note Version 20 DRAFT 2 July 1, 1997April 15, 1997 RSA Laboratories 100 Marine Parkway, Suite 500 Redwood City, CA 94065 USA

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

CALIFORNIA SOFTWARE LABS

CALIFORNIA SOFTWARE LABS ; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

PrivateServer HSM Integration with Microsoft IIS

PrivateServer HSM Integration with Microsoft IIS PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document

More information

Public-Key Infrastructure

Public-Key Infrastructure Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards

More information

Key & Data Storage on Mobile Devices

Key & Data Storage on Mobile Devices Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography

More information

SAP Single Sign-On 2.0 Overview Presentation

SAP Single Sign-On 2.0 Overview Presentation SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

National Security Agency Perspective on Key Management

National Security Agency Perspective on Key Management National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National

More information

Oracle Security Developer Tools (OSDT) August 2008

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008 Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT

More information

Forging Digital Signatures

Forging Digital Signatures Forging Digital Signatures Albert Levi Sabanci University Istanbul, TURKEY levi@sabanciuniv.edu ACSAC 2002 Outline What s a digital signature? How S/MIME handles digital signatures? How to obtain a certificate

More information

A Noval Approach for S/MIME

A Noval Approach for S/MIME Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya

More information

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David

More information

Security Architecture for Development and Run Time Support of Secure Network Applications

Security Architecture for Development and Run Time Support of Secure Network Applications Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO

More information

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards The World Internet Security Company Solutions for Security Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards Wherever Security

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned

More information

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions : Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions 1, Fiona McNeill 2, Alan Bundy 1, Graham Steel 3 Riccardo Focardi 4, Claudio Bozzato 4 1 University of Edinburgh

More information

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Shawn Geddis Security Consulting Engineer, Apple Enterprise geddis@apple.com 703-264-5103 1 Agenda A View of Apples PKI

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

Draft Middleware Specification. Version X.X MM/DD/YYYY

Draft Middleware Specification. Version X.X MM/DD/YYYY Draft Middleware Specification Version X.X MM/DD/YYYY Contents Contents... ii 1. Introduction... 1 1.2. Purpose... 1 1.3. Audience... 1 1.4. Document Scope... 1 1.5. Document Objectives... 1 1.6. Assumptions

More information

Cryptographic Services Guide

Cryptographic Services Guide Cryptographic Services Guide Contents About Cryptographic Services 5 At a Glance 5 Encryption, Signing and Verifying, and Digital Certificates Can Protect Data from Prying Eyes 5 OS X and ios Provide Encryption

More information

Customised version for ČSOB a.s. - English

Customised version for ČSOB a.s. - English CryptoPlus Card Manager v. 1.1.31 USER GUIDE Customised version for ČSOB a.s. - English August 2003 MONET+, a.s. Zlín Contents Contents...2 1. Foreword...3 2. CryptoPlus How to Start...4 2.1 HW and SW

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Entrust Smartcard & USB Authentication

Entrust Smartcard & USB Authentication Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities

More information

GlobalSign Enterprise Solutions

GlobalSign Enterprise Solutions GlobalSign Enterprise Solutions Secure Email & Key Recovery Using GlobalSign s Auto Enrollment Gateway (AEG) 1 v.1.2 Table of Contents Table of Contents... 2 Introduction... 3 The Benefits of Secure Email...

More information

Security Architecture (ASA)

Security Architecture (ASA) AppleÕs Security Architecture (ASA) Aram PŽrez Chief Security Architect aram@.com Apple Data Security Group Overview Apple Data Security Group Why provide a security architecture? Requirements Building

More information

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s

More information

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback

More information

Smartcard Logon Overview

Smartcard Logon Overview etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions. The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

I. Configuring Digital signature certificate in Microsoft Outlook 2003: I. Configuring Digital signature certificate in Microsoft Outlook 2003: In order to configure Outlook 2003 to use the new message security settings please follow these steps: 1. Open Outlook. 2. Go to

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

X.509 Certificate Generator User Manual

X.509 Certificate Generator User Manual X.509 Certificate Generator User Manual Introduction X.509 Certificate Generator is a tool that allows you to generate digital certificates in PFX format, on Microsoft Certificate Store or directly on

More information

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows

Guidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows Technical Note Providers (CSPs) for Acrobat C ONTENTS Requirements for Minimal Functionality 1 Recommendations for Maximum Functionality 2 For a Better User Experience Using CSPs in Acrobat 3 Other Recommendations

More information

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority Dr. Ali M. Al-Khouri Emirates Identity Authority, Abu Dhabi, United Arab Emirates Abstract Digital

More information

Grid Computing - X.509

Grid Computing - X.509 Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic

More information

SafeNet Authentication Client (Mac)

SafeNet Authentication Client (Mac) SafeNet Authentication Client (Mac) Version 8.2 SP2 Revision A Administrator s Guide 1 Copyright 2014 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14 Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture

More information

GPG - GNU Privacy Guard

GPG - GNU Privacy Guard GPG - GNU Privacy Guard How to use Károly Erdei October 15, 2014 Károly Erdei GPG - GNU Privacy Guard 1/60 1 Why 2 Cryptography 3 PGP 4 KGPG-Assistant 5 -Key-Manager 6 -Editor 7 GPG4Win 8 Enigmail Károly

More information

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Pramote Kuacharoen School of Applied Statistics National Institute of Development Administration 118 Serithai Rd. Bangkapi,

More information

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1

More information

Issues in Smart Card Development

Issues in Smart Card Development Middleware Issues in Smart Card Development Simplifying Smart Card Access under Windows a White Paper Abstract In todays business environment there is an increased awarness of security, which is driving

More information

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication

More information

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos

More information

National Certification Authority Framework in Sri Lanka

National Certification Authority Framework in Sri Lanka National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

Using etoken for Securing E-mails Using Outlook and Outlook Express

Using etoken for Securing E-mails Using Outlook and Outlook Express Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y

More information

Public Key Infrastructures (PKI)

Public Key Infrastructures (PKI) Public Key Infrastructures (PKI) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With

More information

Gemalto SafeNet Minidriver 9.0

Gemalto SafeNet Minidriver 9.0 SafeNet Authentication Client Gemalto SafeNet Minidriver 9.0 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document

More information

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013 An Open Source eid Simulator Open Identity Summit 9th -11th September 2013 BSI Tobias Senger HJP Consulting Holger Funke Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community

More information

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s

More information

YubiKey PIV Deployment Guide

YubiKey PIV Deployment Guide YubiKey PIV Deployment Guide Best Practices and Basic Setup YubiKey 4, YubiKey 4 Nano, YubiKey NEO, YubiKey NEO-n YubiKey PIV Deployment Guide 2016 Yubico. All rights reserved. Page 1 of 27 Copyright 2016

More information

e-code Academy Information Security Diploma Training Discerption

e-code Academy Information Security Diploma Training Discerption e-code Academy Information Security Diploma Training 2015 I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. OBJECTIVE... 3 LIST OF POSTGRADUATE COURSES... 3 FIRST SEMESTER

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1 BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1 Version: 5.0 Service Pack: 3 Security Technical Overview Published: 2012-01-17 SWD-1936256-0117012253-001 Contents 1 Document revision history...

More information

with PKI Use Case Guide

with PKI Use Case Guide Intel Identity Protection Technology (Intel IPT) with PKI Use Case Guide Version 1.0 Document Release Date: February 29, 2012 Intel IPT with PKI Use Case Guide i Legal Notices and Disclaimers INFORMATION

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4 BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...

More information

Standards and Products. Computer Security. Kerberos. Kerberos

Standards and Products. Computer Security. Kerberos. Kerberos 3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2

More information

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Arcot Systems, Inc. Securing Digital Identities FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Today s Agenda Background Who is Arcot Systems? What is an ArcotID? Why use

More information

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary

More information

GT 6.0 GSI C Security: Key Concepts

GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the

More information

PrivateServer HSM EKM Provider for Microsoft SQL Server

PrivateServer HSM EKM Provider for Microsoft SQL Server PrivateServer HSM EKM Provider for Microsoft SQL Server January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

PROXKey Tool User Manual

PROXKey Tool User Manual PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

BlackBerry Enterprise Solution

BlackBerry Enterprise Solution BlackBerry Enterprise Solution Security Technical Overview for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5 2008 Research In Motion Limited. All rights

More information

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version 3.0.0.1, 3.0.0.2 October 22, 2012

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version 3.0.0.1, 3.0.0.2 October 22, 2012 RSA BSAFE Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy Version 3.0.0.1, 3.0.0.2 October 22, 2012 Strong encryption technology for C/C++ developers Contact Information See our Web sites

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia.

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia. About Digital Signature using MyKey Purpose MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia. A document digitally

More information

DIGIPASS CertiID. Getting Started 3.1.0

DIGIPASS CertiID. Getting Started 3.1.0 DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring 2009. Nitesh Saxena Polytechnic University

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring 2009. Nitesh Saxena Polytechnic University Lecture 1: Introduction CS 6903: Modern Cryptography Spring 2009 Nitesh Saxena Polytechnic University Outline Administrative Stuff Introductory Technical Stuff Some Pointers Course Web Page http://isis.poly.edu/courses/cs6903-s10

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information