WebSecFrame - A Way to Improve Corporate Network Security
|
|
- Erica Goodman
- 8 years ago
- Views:
Transcription
1 WebSecFrame - A Way to Improve Corporate Network Security Frank Losemann losemann@ti.fhg.de Christoph Meinel meinel@ti.fhg.de Institute for Telematics, Trier, Germany Phone: Fax: Abstract This work addresses the problem of user perception of Public-Key-Infrastructures (PKI) in corporate environments built for employees untrained in using certificates for authentication. We are providing users in a corporate environment with a single trusted point of service related to certificates. Its purpose is to explain the corporate intranet security concept and the underlying basic mechanisms of a PKI to the user, as far as needed for proper operation. Introduction There are three approaches supporting user perception of PKI: one is an introduction to be read before requesting a certificate or using the PKI. The second supports the user in new or unknown situations. To achieve this, we have to make sure that users are able to easily access related help online. This is achieved by a helpdesk with an online-user-interface to a database of certificate-related problems. All the dialogboxes of applications making use of the PKI - most likely Web-Browsers - are classified by title, task and application version and put into a database, which provides explanations as well as recommended reactions to be taken by the user. Integrating "security service and helpdesk" it improves corporate security by training the users on a very basic level while they are doing their job. Websecframe provides a clearly defined way on how to solve problems, which occur during certificate handling. The final goal of our approach is to create an appropriate mental model of the corporate access control system and public key infrastructures in general, enabling users to find the appropriate answer to most questions on their own. Overall security is improved by providing advice at the correct level: too detailed advice makes PKIs seem too complicated to novices. Explaining everything step by step, the user will end up with answering the PKI user interface dialogs without understanding them. Hence, it seems better to rely on centralized expert helpdesks rather than on collegues hints of doubtful expertise. The third approach to support the appropriate mental model of PKI is the application design. A
2 "websecframe" is something like a authentication-statusbar. It can be directly integrated into applications or cgi-scripts using the corporate PKI-based security system, or can be added by server-plugins or cgi-scripts to HTML-Documents. Unified User Interface for the Authentication System Websecframes introduce a "certificate to html-gateway" that works platform independent. Visualizing the involved certificates and access-control basics using html-format, it provides a unified user-interface across all https-enabled clients. SSL-protected transmission is necessary and used to insure the integrity of the provided Status information. New browser versions with changed capabilties and user interface for the use or inspection of certificates introduce different ways of accessing the certified information. But integrating this information into the displayed contents, the same frontend to the authentication system is available on all plattforms. This websecframe visualizes the information provided by the involved certificates. Picture 1: Prototype screenshot The information should be read as follows: "CA DevCA1 checked the identity of the certified user. The policy of this CA determines how the CA made sure that the certified public-key belongs to the user described by the certificate. This certified public-key was used to verify the identity of the user that requested the page displayed together with the websecframe. The Web-Server creating this websecframe and serving the requested contents expresses his belief in the identity claimed by the certificate, because it is configured to trust the CA that certified the user. Based on the certified distinguished name a trusted directory may provide additional attributes or properties of the certified user, that are needed to decide about the access to a requested resource." The information in the drop-down-lists of column two and three contain the contents of the certificate and the corresponding directory entry. It is displayed to show or remind users of the basis for the access control decision taken by the server and to clarify the structure of the security system - in a way supporting the creation of our intended mental model. The fourth column is not only used to present information. It is used enabling the user to specify
3 an desired role when accessing resources. This might be necessary to collect accounting information related to different tasks or projects. An employee might be involved in different projects and can easily choose the account to pay the resource. Another case of an "active role"-selection might be the explicit statement, that the user is not acting on his own, but for an absent collegue, which might be a necessary prerequisite for using extended rights. Some privileges might be granted for emergency conditions only and have to be reported and explained elsewhere. To make use of these rights it can be made necessary to shortly describe the problem and the reason why the rights where used. In cases of complicated Role Based Access Control models as i.e. RBAC3 as defined in [San96] we might call an external role browsing application to access the full spectrum of roles provided by the access control system. Last but not least there is a column with a lock image. This column provides access to the online help desk system, which is explained in the following section. Helpdesk organization The certificate handling component of the corporate security system strongly depends on the client used to access the corporate Intranet and installed extensions to standard browser or software such as smartcards. Hence, the initial documentation delivered with standard software components becomes obsolete. Limiting the number of different client-software allowed to access the intranet is not always feasible. The variety of hardware and different operating systems which are installed in a corporate environment can be numerous. Thus, users and help-desk personnel encounter many version and operation system specific dialogs concerning certificate handling. However, by constructing an index of all titles of user dialog screens with screenshots and associated explanations we enable helpdesk personnel and eventually even untrained users to refer to an empircally constructed problem/solution data base. All questions and anwers are classified by program, version and title of the workflow steps or dialogboxes. Unlisted dialogs can be submitted as screenshots via http or for further assistance. We established a mechanism enabling users to directly remark their personal difficulties and possible misunderstandings caused by the provided explanation and set up a workflow for integrating these suggestions into the documentation. Thereby, we are continuously improving the quality of our helpdesk system, that must steadily be kept up to date due to new versions of client software with changing user interfaces. Analyzing the Helpdesk activity we can identify the workflow steps and PKI-dialogs that need to be improved. Another feature of the websecframe is the detection of the client software used to access the corporate network. When accessing the helpdesk, users normally have to explain all those properties of their computing environment which might be relevant for their questions. Autodetecting those properties is feasible by evaluating the http-headers of the connection if the questions are related to a web-browser.
4 Basic tasks The basic tasks which have to be mastered by an untrained user are 1. Learn the concept of delegating trust, and the interpretation of certificates. 2. Understand the role of a certifying authority and the services provided 3. Get to know the role of a directory service 4. Learn the difference between Authentication and Authorization. 5. Configure the user environment to seamlessly integrate into the corporate intranet security concept for single-sign-on using intranet-webservers. In a preconfigured intranet environment all tasks can be supported but the first. Because the computer cannot foresee what action the user intends to take i.e. which resource is requested, the verification of the certificate cannot be fully automated. So the initial focus has to be explaining this issue including necessity and possible threats as well as criteria which can be used to determine the trustworthyness of a given certificate. Experiences We deployed an certificate management system for a large intranet PKI of an european bank. User interface improvement quickly became a central part of the project, to insure user acceptance as well as to lower the administrative burden. The improvements first dealt with the user part of certificate requests and then with the verification process carried out by certifying agents. Adding the visualization feature for certificates to the issueing application quickly raised the idea of integrating more and more information and functions into our websecframe. Explaining the use of certificates became easier, because users were able to see the whole picture at a glance. Outlook Currently we are working on improvements of our helpdesk system. Detailed results of the deployment and experiences with users should be available for the final version of this paper. Perspectives of using colors in websecframes to indicating the reliability, confidentiality or origin of the displayed information will be looked at lateron. References [ISO90] ISO/IEC International Standard Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990 [Koh99] R.Kohlas, U. Maurer: Reasoning About Public-Key Certification: On Bindungs
5 between Entities and Public Keys; to appear in Springer LNCS, Financial Cryptography 1999 [San96] R.S. Sandhu, E.J. Coyne, H-I. Feinstein, C.E.Youman: Role-Based Access Control Models; IEEE Computer Vol.29,No.2:Feb1996,pp [Sch96] B. Schneier: Applied Cryptography. John Wiley and Sons, New York 2nd editon 1996 [RSA78] R. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.communications of the ACM, 21(2): , 1978 [Whit98] A.Whitten, J.Tygar: Usability of Security: A Case Study; Technical Report CMU-CS Carnegie Mellon University Pittsburgh 1998 [Woo92] T.Woo, S.Lam: Authentication for Distribiuted Systems; IEEE Computer Jan 1992
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationImplement role based access control with attribute certificates
Implement role based access control with attribute certificates Wei Zhou Computer Science Department University of Trier D-54286 Trier, Germany zhouwei48@hotmail.com Christoph Meinel Computer Science Department
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationInter-domain authorization and delegation for business-to-business e-commerce.
Inter-domain authorization and delegation for business-to-business e-commerce. Pietro Michiardi and Refik Molva {First Name.Last Name}@eurecom.fr Institut Eurécom, 2229 Route des Crêtes BP 193 06904 Sophia-Antipolis
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationDigital Signatures and Interoperability
Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000
More informationRole Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration
Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration Horst Bliedung Director International Sales CEE Siemens IT Solutions and Services
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationFree Multi-Factor Authentication. Using Email and SMS in Enterprise/Random Password Manager (E/RPM)
Free Multi-Factor Authentication Using Email and SMS in Enterprise/Random Password Manager (E/RPM) The controlled release of sensitive credentials in a privileged identity management (PIM) system requires
More informationSECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM
SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security
More informationSecuring Microsoft Exchange 2010 WITH THAWTE SSL CERTIFICATES
Securing Microsoft Exchange 2010 WITH THAWTE SSL CERTIFICATES Strong SSL = Secure Communications There are many reasons why now is the right time to make the move to Microsoft Exchange Server 2010, including
More informationInformation security management. Consistency. Requirement Harmoniztion. Refinenemt. criteria
A Framework for the Management of Information Security Jussipekka Leiwo, Chandana Gamage and Yuliang Zheng Peninsula School of Computing and Information Technology Monash University McMahons Road, Frankston,
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationAdministering Microsoft Exchange Server 2016 20345-1; 5 Days, Instructor-led
Administering Microsoft Exchange Server 2016 20345-1; 5 Days, Instructor-led Course Description This 5-day instructor-led course teaches IT professionals how to administer and support Exchange Server 2016.
More informationNational Certification Authority Framework in Sri Lanka
National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital
More informationADMINISTERING MICROSOFT EXCHANGE SERVER 2016
ADMINISTERING MICROSOFT EXCHANGE SERVER 2016 Table of Contents Prerequisite... 2 About Course... 2 Audience Profile... 2 At Course Completion... 3 Module 1: Deploying Microsoft Exchange Server 2016...
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationCourse 20341B: Core Solutions of Microsoft Exchange Server 2013 OVERVIEW
Course 20341B: Core Solutions of Microsoft Exchange Server 2013 OVERVIEW About this Course This course will provide you with the knowledge and skills to plan, deploy, manage, secure, and support Microsoft
More informationBuild Your Knowledge!
About this Course This course will provide you with the knowledge and skills to plan, deploy, manage, secure, and support. This course will teach you how to configure Exchange and supply you with the information
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationAdobe Acrobat 9 Digital Signatures, Changes and Improvements
Technical White Paper Updated for Adobe Acrobat and Adobe Reader 9.1 CONTENTS Introduction 1 Indication of overall validity state 3 Revision tracking in Signature panel 7 Change in status of forms that
More informationAn Object Oriented Role-based Access Control Model for Secure Domain Environments
International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan. 2007 10 An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer
More informationCourse 20341B: Core Solutions of Microsoft Exchange Server 2013
Course 20341B: Core Solutions of Exchange Server 2013 Length : 5 days Audience(s) : IT Professionals Level : 300 Technology : Exchange Server 2013 Delivery Method : Instructor-led (classroom) Course Overview
More informationSecure System Solution and Security Technology
Secure System Solution and Security Technology Hitachi Review Vol. 47 (1998), No. 6 245 Chisato Konno, D.Sc. Mitsuhiro Tsunoda Yasushi Kuba Satoru Tezuka OVERVIEW: The and intranet systems are rapidly
More informationCore Solutions of Microsoft Exchange Server 2013 Course 20341B; 5 days, Instructor-led
Core Solutions of Microsoft Exchange Server 2013 Course 20341B; 5 days, Instructor-led Course Description This course will provide you with the knowledge and skills to plan, deploy, manage, secure, and
More informationCore Solutions of Microsoft Exchange Server 2013
About this Course This course will provide you with the knowledge and skills to plan, deploy, manage, secure, and support Microsoft Exchange. This course will teach you how to configure Exchange and supply
More informationSecuring Microsoft Exchange 2010 With VeriSign Authentication Services
BUSINESS GUIDE: SECURING MICROSOFT EXCHANGE 2010 WITH VERISIGN AUTHENTICATION SERVICES Symantec Business Guide Securing Microsoft Exchange 2010 With VeriSign Authentication Services Best Practices for
More informationVoucher Web Metering Using Identity Management Systems
Voucher Web Metering Using Identity Management Systems Fahad Alarifi Abstract Web Metering is a method to find out content and services exposure to visitors. This paper proposes a visitor centric voucher
More informationSecuring Microsoft Exchange 2010 with Symantec SSL Certificates
BUSINESS GUIDE: SECURING MICROSOFT EXCHANGE 2010 WITH SYMANTEC SSL CERTIFICATES Symantec Business Guide Securing Microsoft Exchange 2010 with Symantec SSL Certificates Best Practices for Securing Your
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationA Semantic Approach for Access Control in Web Services
A Semantic Approach for Access Control in Web Services M. I. Yagüe, J. Mª Troya Computer Science Department, University of Málaga, Málaga, Spain {yague, troya}@lcc.uma.es Abstract One of the most important
More informationSUREedge Software Appliance (vmware) Installation Guide
SUREedge Software Appliance (vmware) Installation Guide Thank you for choosing SUREedge This guide describes the procedure to obtain and install SUREedge software appliance on a vmware server. The steps
More informationSAFE Digital Signatures in PDF
SAFE Digital Signatures in PDF Ed Chase Adobe Systems Digital Signatures in PDF Digital Signature Document Digital ID Doc Digest Signer s digital identity is bound to document Modifying document invalidates
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationHP Security Framework. Jakub Andrle
HP Security Framework Jakub Andrle Hewlett-Packard 11.place in Fortune Magazine chart In fiscal year 2007 we achieved $7bilions growth CEO HP - Mark Hurd, company residence - Palo Alto, California, USA
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationHUMAN RESOURCES MANAGEMENT DEPARTMENT OCTOBER 2010 WIPO E-RECRUITMENT SYSTEM HOW TO APPLY ONLINE. Step-by-Step Guide for Applicants - 1 -
OCTOBER 2010 HUMAN RESOURCES MANAGEMENT DEPARTMENT WIPO E-RECRUITMENT SYSTEM HOW TO APPLY ONLINE Step-by-Step Guide for Applicants - 1 - Introduction OVERVIEW WIPO s e-recruitment system allows applicants
More informationDo you know? "7 Practices" for a Reliable Requirements Management. by Software Process Engineering Inc. translated by Sparx Systems Japan Co., Ltd.
Do you know? "7 Practices" for a Reliable Requirements Management by Software Process Engineering Inc. translated by Sparx Systems Japan Co., Ltd. In this white paper, we focus on the "Requirements Management,"
More informationMicrosoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes
More informationSecurity Services and Solutions. Full security, from planning through implementation to operation.
Security Services and Solutions. Full security, from planning through implementation to operation. Security Services and Solutions. Seamless end-to-end service provision. T-Systems supports its customers
More informationUser Guide Using Certificate in Microsoft Outlook Express
CERTIFYING AUTHORITY User Guide Using Certificate in Microsoft Outlook Express CONTACT TATA CONSULTANCY SERVICES - [E-SECURITY: PKI SERVICES] 6TH FLOOR, 5-9-62, KHAN LATEEF KHAN ESTATE FATEH MAIDAN ROAD,
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationDocument Management Getting Started Guide
Document Management Getting Started Guide Version: 6.6.x Written by: Product Documentation, R&D Date: February 2011 ImageNow and CaptureNow are registered trademarks of Perceptive Software, Inc. All other
More informationDEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION
More informationCore Solutions of Microsoft Exchange Server 2013
Course 20341B: Core Solutions of Microsoft Exchange Server 2013 Page 1 of 6 Core Solutions of Microsoft Exchange Server 2013 Course 20341B: 4 days; Instructor-Led Introduction This course will provide
More informationMary Theofanos Brian Stanton
Mary Theofanos Brian Stanton ISO 9241-210:2010 Usability: The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public
More informationGAIA Service Catalogs: A Framework for the Construction of IT Service Catalogs
Revista de Sistemas de Informação da FSMA n. 14 (2014) pp. 11-25 http://www.fsma.edu.br/si/sistemas.html GAIA Service Catalogs: A Framework for the Construction of IT Service Catalogs Luiz Henrique Taconi,
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationContents. Introduction. Prerequisites. Requirements. Components Used
Contents Introduction Prerequisites Requirements Components Used Background Information Configure Step 1. Configure the Firepower User Agent for Single-Sign-On Step 2. Integrate the Firepower Management
More informationStrong Encryption for Public Key Management through SSL
Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key
More informationComodo Certificate Manager. Comodo Enterprise
Comodo Certificate Manager Comodo Enterprise Challenges Enterprises lose track of the SSL certificates on their websites Expired SSL certificates go unnoticed, which leads to customers seeing browser error
More informationHow can Identity and Access Management help me to improve compliance and drive business performance?
SOLUTION BRIEF: IDENTITY AND ACCESS MANAGEMENT (IAM) How can Identity and Access Management help me to improve compliance and drive business performance? CA Identity and Access Management automates the
More informationThe following information is provided by ARX, Inc. to aid customers in their evaluation of CoSign for SharePoint (C4SP).
The following information is provided by ARX, Inc. to aid customers in their evaluation of CoSign for SharePoint (C4SP). Lay Boon Tay Sales Engineering Manager ARX, Inc. 855 Folsom Street Suite 939 San
More informationTable of Contents. Introduction. Audience. At Course Completion
Table of Contents Introduction Audience At Course Completion Prerequisites Certified Professional Exams Student Materials Course Outline Introduction This four-day, instructor-led course provides students
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationValidity Models of Electronic Signatures and their Enforcement in Practice
Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research
More informationU. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.
U. S. Department of Justice Information Technology Strategic Plan Public Key Infrastructure at the Department of Justice White Paper * Introduction As part of its strategic plan, the Department of Justice
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationBiometrics, Tokens, & Public Key Certificates
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationA Comparative Study of Applying Real- Time Encryption in Cloud Computing Environments
A Comparative Study of Applying Real- Time Encryption in Cloud Computing Environments Faraz Fatemi Moghaddam (f.fatemi@ieee.org) Omidreza Karimi (omid@medicatak.com.my) Dr. Ma en T. Alrashdan (dr.maen@apu.edu.my)
More informationPUBLIC Secure Login for SAP Single Sign-On Implementation Guide
SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1
More information20341B: Core Solutions of Microsoft Exchange Server 2013
20341B: Core Solutions of Microsoft Exchange Server Course Details Course Code: Duration: Notes: 20341B 5 days This course syllabus should be used to determine whether the course is appropriate for the
More informationARGUS SUPPORT: INSTALLATION AND CONFIGURATION GUIDE FOR BEST PRACTICE
ARGUS SUPPORT: (03) 5335 2221 or support@argusconnect.com.au INSTALLATION AND CONFIGURATION GUIDE FOR BEST PRACTICE VERSION 1.6.1.x ArgusConnect Pty Ltd: Phone: (03) 5335 2220 Support: (03) 5335 2221 Email:
More informationA new Secure Remote Access Platform from Giritech. Page 1
A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users
More informationABOUT THIS COURSE AT COURSE COMPLETION PREREQUISITES COURSE OUTLINE. Core Solutions of Microsoft Exchange Server 2013 Duration : 5 days
Core Solutions of Microsoft Exchange Server 2013 Duration : 5 days ABOUT THIS COURSE This course will provide you with the knowledge and skills to plan, deploy, manage, secure, and support Microsoft Exchange
More informationMS 20342 Advanced Solutions of Microsoft Exchange Server 2013
P a g e 1 of 9 MS 20342 Advanced Solutions of Microsoft Exchange Server 2013 Introduction This course will provide you with the knowledge and skills to configure and manage a Microsoft Exchange Server
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationThe IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations
Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic
More informationSecure Email Inside the Corporate Network: INDEX 1 INTRODUCTION 2. Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR DESKTOP ENCRYPTION 3
A Tumbleweed Whitepaper Secure Email Inside the Corporate Network: Providing Encryption at the Internal Desktop INDEX INDEX 1 INTRODUCTION 2 Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR
More informationA secure, economic infrastructure for signing of web based documents and financial affairs Overview of a server based, customer-friendly approach.
1 of 8 15.03.2004 14:09 Issue January 2002 A secure, economic infrastructure for signing of web based documents and financial affairs Overview of a server based, customer-friendly approach. Lothar Fritsch,
More informationTrust areas: a security paradigm for the Future Internet
Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationIntegrating Hitachi ID Suite with WebSSO Systems
Integrating Hitachi ID Suite with WebSSO Systems 2015 Hitachi ID Systems, Inc. All rights reserved. Web single sign-on (WebSSO) systems are a widely deployed technology for managing user authentication
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationWhite Paper. Enhancing Website Security with Algorithm Agility
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
More information8911B - Installation & Deployment in Microsoft Dynamics CRM 4.0
8911B - Installation & Deployment in Microsoft Dynamics CRM 4.0 Course Number: 8911B Course Length: 2 Days Course Overview This two-day course provides students with the tools to install and configure
More informationA Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract
A Security Flaw in the X509 Standard Santosh Chokhani CygnaCom Solutions, Inc Abstract The CCITT X509 standard for public key certificates is used to for public key management, including distributing them
More informationCERN Single Sign On solution
CERN Single Sign On solution Emmanuel Ormancey System Architect, CERN IT/IS CERN, Route de Meyrin, CH-1211 Geneva 23, Switzerland E-mail: Emmanuel.Ormancey@cern.ch Abstract. The need for Single Sign On
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationIntroduction. About Image-X Enterprises. Overview of PKI Technology
Digital Signature x Introduction In recent years, use of digital or electronic signatures has rapidly increased in an effort to streamline all types of business transactions. There are two types of electronic
More informationMS 20342B: Advanced Solutions of Microsoft Exchange Server 2013
MS 20342B: Advanced Solutions of Microsoft Exchange Server 2013 Description: Days: 5 Prerequisites: In this course, students will learn to to configure and manage a Microsoft Exchange Server 2013 messaging
More informationMilestone Federated Architecture TM
White paper Milestone Federated Architecture TM Prepared by: John Rasmussen, Senior Technical Product Manager, Corporate Business Unit, Milestone Systems Date: June 22, 2015 Table of Contents Introduction...
More informationRelease: 1. ICANWK502A Implement secure encryption technologies
Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information
More informationEnabling Kerberos SSO in IBM Cognos Express on Windows Server 2008
Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials
More informationETSI TS 101 456 V1.4.3 (2007-05)
TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More information