nexus PKI Solution Brief nexus PKI

Size: px
Start display at page:

Download "nexus PKI Solution Brief nexus PKI"

Transcription

1 Public Key Infrastructure (PKI) protects business critical information, communication and IT processes against threats like unauthorized access, data leakage, espionage, identity theft and fraud, and denial of service. PKI technology leader nexus provides world-class solutions for the issuing, validation and delegated lifecycle management of PKI-based identities for internal, Internet and cloud users, and for technical components; for all industries, critical infrastructures and service providers; on any scale. Public Key Infrastructure Public Key Infrastructure (PKI) is the world s most generic, most scalable and most interoperable security technology that provides digital identities (certificates) for users people and devices of information and communication systems. Users can use their digital identities for various purposes, such as authentication, digital signature and encryption. In a PKI, each user is assigned a key pair and a certificate. A key is a piece of digital data used for cryptographic operations, like signing or encrypting. The user s unique key pair consists of a private key and a public key. The private key is secret and is stored only on the user s device (smart card, computer, phone or other). It is computationally infeasible to find out the private key corresponding to a public key, so that the it can be made publicly known. The public key is combined with the user s identity data and validity information in a certificate, which serves as the user s digital identity card. The Certificate Authority (CA) digitally What is a digital certificate? A digital certificate comprises: the certificate owner s identity data, the certificate owner s unique public key, the certificate validity period, and the digital signature of the Certificate Authority. 1

2 Security services supported by PKI: User authentication Data origin authentication Data integrity protection Non-repudiation Confidentiality signs and publishes the certificate. The CA signature approves the user s ownership of the public key and the corresponding private key. User authentication For user authentication, the validating or relying party (e.g. a device or service that the user wants to log in to) sends a piece of random challenge data to the user. In turn, the user s device digitally signs the challenge, i.e. combines it with the private key according to a signature algorithm. The signature is unique with respect to the private key, so that only the user can create the signature for the challenge. With the help of the public key in the user s certificate, the relying party can verify if the challenge was indeed signed with the corresponding private key. If so, the user is successfully authenticated. The challenge is changed for every authentication operation to prevent replay attacks. Digital signatures A digital signature provides evidence that the signed data originates from the certificate owner. The digital signature is created and verified in the same way as for authentication, except that useful data is signed in place of a random challenge. Since signing is a one-way function, it is not feasible to find other data that result in the same signature. Therefore, it is practically impossible to falsify the signed data and so, the integrity of the data is protected. The uniqueness of the signature with respect to the user and the integrity of the signed data are the basis for legally 2

3 valid non-repudiation electronic signatures. Encryption Encryption of data is performed with the help of the public key in a user s certificate according to an encryption algorithm. Encrypted data can be decrypted only with the help of the corresponding private key, which is in control of the certificate owner. Without knowing the private key, it is infeasible to recover the data. In this way, confidentiality of the data is protected. Meeting the needs of modern id Management Scalability Scalability is the biggest advantage of PKI compared to other authentication techniques. Scalability is based on the following characteristics: Only a piece of public information (the public key) is needed for validation, which makes it possible to decouple identity issuing from identity validation without secure processes for distributing secret system information and without the remaining security risk of sharing such in various systems. Due to this, validation can be delegated to any organization other than the CA, and even to the end users; while the security of the credentials (i.e. of the private keys) remains unaffected. The CA signs the user certificates so that their authenticity can be verified by the relying party. Therefore, the user certi- 3

4 ficates can be stored in or transferred over unsafe facilities, typically in X.500/LDAP compliant directory servers. To verify the authenticity of user certificates, the validating party only needs an authentic copy of the CA s certificate, also called the trust anchor. In this way, the CA certificate can provide trust in certificates of an arbitrary and constantly changing number of users. CA certificates themselves can be signed by another CA to build a trust hierarchy and further increase scalability. CAs can cross-certify CAs in other hierarchies, establishing trust in this way among different CA hierarchies, so called PKI islands. Security Security of PKI is based on public key cryptography, one of the greatest inventions of 20th century s mathematics research. Public key algorithms and protocols are analysed by a broad research community and this is the best possible security guarantee. PKI s key feature is that it needs no system secret to be shared among validation authorities and end user devices for the sake of mutual validation of the credentials. This makes it not only practically, but theoretically safe against key compromise attacks on production or validation systems, which have caused large 4

5 damages in recent times to customers and vendors of symmetric key based RFID and OTP authentication tokens. Compared to symmetric key based systems, updating system keys (system key roll-over) is simpler: only the authenticity, not the secrecy, of the system key (i.e. of the public key) has to be ensured in the distribution process, which can be achieved in many different ways, including with the help of out-of-the-band mechanisms, like official publication of fingerprints. Lifecycle information Lifecycle information is a built-in feature of PKI. Each certificate has a validity period encoded in the certificate which is checked by the validating party. In addition to that, certificates can be revoked, if the private key is compromised or not needed for other reasons. There are standardized ways for the relying party to ascertain the revocation status of a certificate: either over a revocation list (CRL) that is typically published in a directory, or over an OCSP (Online Certificate Status Protocol) service. Identity federation Identity federation is the capability of systems to exchange and combine user identity data across systems and organizations. Certificates hold user identity data in the standardized form of X.501 directory attributes (the user data representation in LDAP A Certificate Revocation List contains: The name of the issuing CA, CRL serial number, CRL validity period, time of next CRL publication, a list of revoked certificates, including: the digital signature of the CA. certificate serial number, revocation reason (compromise or other), revocation time, and 5

6 type of directories) and can in this way carry user information across systems in an inter-operable form. Typical PKI use cases Device infrastructures PKI is traditionally used for SSL/TLS and IPSec security in virtual private networks (VPN), firewalls, routers and other networking products. The new LTE standard for broadband mobile Internet services mandates PKI-secured communication along the landline connections of the mobile network. PKI secures communication in many other types of technical infrastructures, like between electronic travel documents and trusted document readers (epass, eid) or in smart metering systems. Enterprise PKI PKI is broadly used in standard applications that most organization use for smart card desktop login, enterprise single sign-on (SSO), client-server SSL/TLS communication, and document signing and encryption, machine authentication in the corporate network or VPN security. Secure (online) banking Smart cards provide strong two-factor authentication in applications that carry out high value transactions and/or are exposed to the Internet, and are therefore in the focus of cyber-crime. Many other public online services are protected with strong PKI-based authentication, when the high value or the legal relevance of the transactions requires. Electronic identity Several countries, large banks and telecom operators have introduced electronic identities (eid) for their end customers. These eids can be used for user authentication and legal nonrepudiation signatures, and are widely recognized in various application contexts (e.g. citizen services, online banking, Internet-retail) even across country borders. 6

7 Legal signatures and long-term validation Electronic signatures accelerate legal procedures, enable paperless processes without media breaks and improve user comfort and business economy. In European countries, electronic signatures are recognized by the legislation as legally valid provided that the corresponding eid is a qualified certificate, i.e. provides the highest level of assurance of the user identity. Signed legal documents must remain verifiable over a long period of time (10 30 years). In order for long-term validation, so-called advanced signatures have to be created, which contain in addition to the signee s electronic signature the corresponding certificate chain, revocation information and a timestamp referring to the signing time. These allow validation of the signature, even if the eid meanwhile expires or the eid issuer no longer provides revocation information. Legal signatures need to be archived in a secure long-term archive with regular timestamping of all signature content. Trust center Trust Service Providers (or Trust Centers) are high security computer centers that implement a Certificate Authority (or several of them for different business clients). Trust Centers offer high-assurance user registration, certification, revocation and revocation status information services to business clients or to private customers. To make it easy for applications to use PKI-based identities, advanced Trust Centers are gradually introducing services for validation, authentication, signatures and timestamping, which are consumed by business clients over APIs. New challenges Besides the traditional use cases, we can observe emerging new application areas and scenarios for PKI technology, as described below. 7

8 Open organisations require safe identities IT services are increasingly consumed from the cloud (e.g. SalesForce), and end users use devices (PCs, tablets, phones) and personal cloud applications (like Google) of their own choice during their daily work. At the same time, consumers expect fast, non-bureaucratic registration processes and easy access to all resources across various application contexts. These tendencies make organisations face the challenge that firewalls and VPNs no longer define the borders of the security domain, but the security domain grows over the organization s network domain and over the pool of in-house applications and computers. Such open organisations therefore need a new security strategy. Safe identification of users and devices with risk-appropriate assurance level is fundamental in such a strategy. The Internet of things More and more wide-area applications rely on mobile machineto-machine (M2M) Internet communication: facility and fleet management, transportation, traffic control, patient care. Using mobile communication, mobile units like vehicles, containers, goods can exchange information not only with a central server, 8

9 but also among each other, creating a new paradigm for mobile applications. It is anticipated that by 2020 more than 200 billion devices will be connected to the Internet, generating the majority of data traffic. Safe identification and secure communication is fundamental for the security, reliability and eventual success of M2M applications. Critical infrastructures Critical infrastructures comprise organisations and facilities in defence, finance, healthcare as well as communication, industry, transportation and supply that are inevitable for national security, i.e. the fulfilment of basic human demands and the continuity of the national economy. Critical infrastructures must be protected from manipulation, internal sabotage and denial-of-service attacks from the Internet in the age of commercial and state-organized cyber-crime and feasible cyber war scenarios. High-assurance identities and strong access control measures are relevant parts of an effective defence strategy. Economy of PKI services The value of a security technology is related either to the risk and the damage that related securities breaches may cause or to the business value that it directly produces (e.g. by replacing paper-based processes or shortening the sales process). The cost of any applied security technology must be in balance with those business risks and values. Cost efficient PKI authentication methods such as using software tokens on PCs or mobile devices can increase security of low risk online transactions significantly with tolerable costs. At the same time, legally relevant signatures or defence applications require high security smart cards, smart microsd cards or SIM cards as authentication and signing device. A trust service provider has to serve different risk levels at appropriate costs. 9

10 One-time private key (OTPK) OTPK technology offers an economical option for PKI-based digital signatures without an expensive signing device, thus making digital signatures affordable for causal usage, such as an annual tax declaration or closing an insurance contract. In this approach, a private key (an OTPK) is generated at a central signing service, which is applied for one single digital signature. Prior to signing, the user is identified with appropriate assurance level, which may be established by presenting an eid or referring to a valid contract with a telecom provider. After proper authentication the user can use the signing service. Privacy in Internet Internet communities and communities attract billions of people. A typical Internet user is a member of a few communities and consumer of commercial or free-of-charge services (like Google, Amazon or ebay). Besides the direct attack on users and credential data (Trojans, phishing, social engineering etc.) and related fraud, identity information can be misused on the Internet in various other ways too: unwanted profiling of users, commercial use of identity or profile information without the explicit agreement of the consumer, or uncontrolled access to identity data and private information over Internet services by unauthorized or unintended users. Due to frequent misuse, Internet users and national authorities are becoming more and more conscious about these security aspects. Accordingly, the demand is emerging for appropriate technologies, which helps Internet users to protect their identity and private data, possibly without limiting the quality of the services and user comfort. Anonymity One possible countermeasure against revealing identity data to untrusted services is anonymity. An electronic identity can carry a unique and random pseudonym in place of real identity 10

11 data and thus decouple the user s real identity in an application context from the context-specific digital identity. At the same time, the anonymous identity assures the business party (e.g. an online shop) about the existence of the user as legal entity. The real identity of the user can be recovered by a trusted payment service or by a court in a legal debate. Different pseudonyms can be used in different sessions and in different application contexts, so that the user cannot be recognized in different contexts to be the same user, preventing profiling or identity data collection in this way. User-centric identity management With user-centric identity management the user has a means to control what pieces of identity data that is forwarded to an application. Here, PKI may help with issuing an attribute certificate with (partial) user identity information or a statement of majority, profession or procuration on the user s demand, which can be used in a specific business context. Furthermore, the user can decide against publishing his certificates. The platform PKI expert nexus provides best-of-breed products for the issuing, Internal and external users Security Client IT and telecommunication systems and devices Industrial facilities and critical infrastructure Internet of things, M2M Smart card production Self-Service Portal Management Portal Certificate Mgmt APls Certificate Authority Key and PIN Management OCSP Responder Validation Server Timestamp Server Identity issuing and lifecycle management Core PKI functions Validation of identity claims Nexus PKI Platform 11

12 validation and delegated lifecycle management of PKI identities and credentials, which safely identify the user and support a broad range of security services, like user authentication, data origin authentication and integrity protection, data encryption and electronic signatures. The comprehensive and flexible platform provides: central, high security certificate authority and key management, web based, delegated credential issuing and lifecycle management processes, validation and timestamping services, various APIs for certificate management and validation, and a PKI security client that enables using smart card and software-based tokens on all computer and browser platforms. can retrieve end user identity data from the corporate directory or other user data sources. PKI credentials can be issued for registered users and devices in assisted or automated mode of operation. Various PKI credentials are supported: smart cards, smart USB tokens, credential files and software tokens in the host system s trust store. is designed for multi-tenancy: The same service platform can be used for multiple business clients with separation of user and management domains. Our systems are often used with CAs and respective management domains. The nexus PKI platform is scalable to any practical size and is platformagnostic. It has been proven to be high-performing and reliable in high-scale deployments with millions of credential holders. Its certified security is trusted by national trust centres and financial institutions in security critical infrastructures worldwide. Your benefits with Availability platform makes security services and relying applications available to users in a user-friendly and timeefficient way, so that high security can be implemented with no loss of working efficiency. 12

13 Self-services, multilingual support and notifications enable end users to manage their own credentials anytime, anywhere. Credential management tasks can be delegated to any roles and locations in the organisation and to business clients. Quick PIN reset, card unblocking and replacements scenarios help users in all real-life emergency situations: when smart card is lost, left at home, defect or blocked, or when PIN forgotten. Versatile authentication methods can be used to enter management and self-service portals. Usability Decades of PKI experience have boiled down to safe, simple and user-friendly credential delivery and management processes by hiding the technical depth of PKI from the users. Simplicity is the primary principle in designing credential management portals, use cases and processes. The intuitive UI is designed so that users without technical expertise can quickly learn the system and can perform the tasks in a convenient and safe way. Reminders and notifications with URL contents and onetime credentials help users to quickly perform the required actions in the systems. Manageability, economy Delegated and self-service credential management relieves IT resources. Multi-tenancy saves costs: One system can serve multiple business clients with safe separation of user and management domains. Web technology eliminates the need for client installations and upgrades. nexus offers own-developed standard software with shared maintenance costs and long-term product lifecycle. 13

14 The products are available as on-premises software with license or rental agreement, or as Software as a Service. Application support The products come with out-of-box interoperability with broadly used security applications, like desktop login, web authentication, secure , VPN security, document signing and encryption. Interoperability is compliant with international technology standards, wherever applicable. Various APIs and large degree of configuration flexibility enable integration in any identity solution and relying application. Our PKI products are platform-agnostic and come with out-of-the-box support for operating systems, database, directory, HSM and smart card products of major vendors. Compliance CommonCriteria EAL3+ certified security. Security architecture, strong two-factor authentication, rolebased access control and audibility contribute to policy compliance. Flexible role definitions and configurable authentication levels help adapting the security policy to the organisational structures and risks. User experience with nexus puts the users in focus. Usability and simplicity are our leading design principles. All credential forms are delivered in a convenient way to various user devices. Notifications remind users about due lifecycle management tasks. They can use versatile authentication methods to enter the self-service portal. The intuitive and appealing UI hides the complexity of the background processes and makes PKI manageable without expertise. 14

15 In an emergency, quick help is available at the nearest location or in the self-service portal. Why nexus nexus, PKI pioneer and technology leader with prominent customers in government, defence, banking, industry, and among certified trust service providers (trust centres) and with several million end users, has decades of PKI experience and mature, reliable technology. The nexus PKI Suite covers all components for issuing, validation and lifecycle management of PKI based credentials. High security, cost-efficient processes, user-friendliness and simplicity are our key design principles. Through a high degree of flexibility in integration and in configuration, our systems can adapt to customer requirements in various environments and scenarios. 15

16 The Suite: nexus Certificate Manager It implements the high security PKI core functions of the Certificate Authority, PIN and key management and central smart card production. Various certificate formats are supported, e.g. X.509 public key and attribute certificates and card verifiable CV certificate. nexus Credential Manager The central tool for implementing efficient and user-friendly credential issuing and lifecycle management processes in an organisation with delegation and self-service capabilities. Certificates and keys can be delivered on smart cards or in software tokens. nexus OCSP Responder An online service to validating parties for checking the revocation status of certificates with quick response times, zero latency and high service capacity. nexus Personal Security Client A brandable, multi-card, multi-platform smart card middleware to enable PKI security in client applications, such as for desktop smart card logon, and document encryption and signing and SSL/TLS authentication. Browser plug-ins make it easy to implement online security applications with safe authentication and document signing. nexus Timestamp Server A standard compliant time stamping service for applications relying on a trusted evidence of the existence of a document such as a legal signature or a tender application at a certain time. Portwise Validation Server A service for validating identity claims and digital signatures, so that relying applications need not implement these functions, but can rely on a central trusted service. PortWise Validation Server supports various national and bank eids, PKCS#7, XML and PDF signature formats, and the creation of advanced signatures for long-term archiving and validation. 16

Public Key Applications & Usage A Brief Insight

Public Key Applications & Usage A Brief Insight Public Key Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non- Repudiation :: Confidentiality :: Authenticity, requirements and e-business Integrity for electronic transaction

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

Public Key Infrastructure

Public Key Infrastructure Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Strong Authentication. Securing Identities and Enabling Business

Strong Authentication. Securing Identities and Enabling Business Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Key Considerations When Selecting a PKI Solution Page 4 1. Certification Authority (CA) Page

More information

esign Online Digital Signature Service

esign Online Digital Signature Service esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015 Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction

More information

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key. The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.

IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution. IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services Combine resources for one complete online business security solution. Big e-business opportunities demand security to match

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

Identity & Privacy Protection

Identity & Privacy Protection Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550 CyberSecurity One of the most serious economic

More information

Baltimore UniCERT. www.baltimore.com. the world s leading PKI. global e security

Baltimore UniCERT. www.baltimore.com. the world s leading PKI. global e security TM the world s leading PKI www.baltimore.com global e security Bringing Real Business On-Line The Internet is now forming a key part of organizations operating strategy. Although most companies accept

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Entrust IdentityGuard

Entrust IdentityGuard +1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's

More information

Symantec Managed PKI Service Deployment Options

Symantec Managed PKI Service Deployment Options WHITE PAPER: SYMANTEC MANAGED PKI SERVICE DEPLOYMENT............. OPTIONS........................... Symantec Managed PKI Service Deployment Options Who should read this paper This whitepaper explains

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed. Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant Sam.linford@entrust.

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant Sam.linford@entrust. Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments Sam Linford Senior Technical Consultant Sam.linford@entrust.com Entrust is a World Leader in Identity Management and Security

More information

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

The Security Behind Sticky Password

The Security Behind Sticky Password The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

More information

RSA SecurID Software Token 1.0 for Android Administrator s Guide

RSA SecurID Software Token 1.0 for Android Administrator s Guide RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,

More information

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB

More information

Copyright Giritech A/S. Secure Mobile Access

Copyright Giritech A/S. Secure Mobile Access Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

PortWise Access Management Suite

PortWise Access Management Suite Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s

More information

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory GoldKey vs RSA Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory WideBand Corporation www.goldkey.com Analysis of Current Technologies

More information

Axway Validation Authority Suite

Axway Validation Authority Suite Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to

More information

CALIFORNIA SOFTWARE LABS

CALIFORNIA SOFTWARE LABS ; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

epass PKI USB Token A stable and secure PKI product OVERVIEW

epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token A stable and secure PKI product OVERVIEW epass PKI USB Token is the world's foremost cryptographic identity verification module. epass by FEITIAN provides a host of indispensable protective

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

Certificate Authority Product Overview Technology White Paper

Certificate Authority Product Overview Technology White Paper RSA Keon Certificate Authority Product Overview Technology White Paper e-business is an integral component of everyday life-from online banking and brokerage transactions, to chip-based smart cards and

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

PKI COMPONENTS AND RELATED STANDARDS.

PKI COMPONENTS AND RELATED STANDARDS. PKI COMPONENTS AND RELATED STANDARDS. COMESA/POTRAZ Zimbabwe 4-6 May 2016. Dr. Izzeldin Kamil Amin Associate Professor. Faculty of Mathematical Sciences University of Khartoum. izzeldin@outlook.com PKI

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Legalesign Service Definition Electronic signature and contract management service

Legalesign Service Definition Electronic signature and contract management service Legalesign Service Definition Electronic signature and contract management service Legalesign Limited UN House, 4 Hunter Square, Edinburgh, EH1 1QW Tel: 0131 463 9099 Email: email@legalesign.com Overview

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Product Datasheet The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Full-featured Enterprise-class IT Solution for Managed File Transfer Organizations today must effectively

More information

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Frequently Asked Questions (FAQs) SIPRNet Hardware Token Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

PRIME IDENTITY MANAGEMENT CORE

PRIME IDENTITY MANAGEMENT CORE PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

From Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud.

From Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud. From Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud. Claudio Olati Sales Manager - Gemalto Sergio Sironi Regional Sales Manager - Safenet We are the world leader

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data

More information

FIDO Trust Requirements

FIDO Trust Requirements FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms

More information

WHITE PAPER ENTRUST ENTELLIGENCE SECURITY PROVIDER 7.0 FOR WINDOWS PRODUCT OVERVIEW. Entrust 2003. All rights reserved.

WHITE PAPER ENTRUST ENTELLIGENCE SECURITY PROVIDER 7.0 FOR WINDOWS PRODUCT OVERVIEW. Entrust 2003. All rights reserved. WHITE PAPER ENTRUST ENTELLIGENCE SECURITY PROVIDER 7.0 FOR WINDOWS PRODUCT OVERVIEW Entrust 2003. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain

More information