Public-Key Infrastructure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Public-Key Infrastructure"

Transcription

1 Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards and on some of the new and exciting applications that will consume PKI services and at last fulfill their promise of efficiency and effectiveness in the emerging e-commerce market.

2 Contents Introduction... 3 What is a PKI?...3 How does PKI relate to online business and e-commerce?...3 How is PKI technology integrated in the application?... 3 Major Market Drivers... 4 E-commerce Security Requirements...4 PKI Technology and Architecture...5 Basic PKI Architecture and Data Flow... 6 What is a Public-Key Certificate?...6 What is a Digital Signature?...7 Data integrity in PKI...7 User authentication in PKI...8 The Primary Technical Components of PKI...8 PKI toolkits Application Contexts Used in E-Commerce PKI Policies Certification Practice Statement (CPS) Certificate Policy...13 Conclusions...14 PKI-Related Standards...15 List of Acronyms Used

3 Introduction What is a PKI? A Public-Key Infrastructure (PKI) is the set of policies, procedures, people, facilities, software, and hardware that allow for the issuance, distribution and ongoing management of public-key certificates. In practical terms, PKIs manage relationships and establish a level of trust in distributed environments. They do this by managing and controlling the use of cryptographic keys and certificates. Without the management and trusted services of PKI, cryptographic-based security cannot be used to support the majority of e- commerce applications. How does PKI relate to online business and e-commerce? In the online world, the things that concern administrators the most are the policies defining the rules and flow of the online business. All PKIs are operated, administered, or managed according to a business-specific policy defining PKI configuration, deployment, and operations. It is important to make this distinction: the PKI is not just the technology/software/product, but is in essence the rules under which the technology/software/product is integrated, administered, and used. So, PKIs are specific to business flow and business operations first, and to technical architecture second. Properly designed PKI products are capable of supporting multiple business frameworks. An overview of good design practices and features for PKI products will be provided later. How is PKI technology tntegrated in the application? Most PKI-technology components run in the network as application services. The exception is the developer s toolkit component. The toolkit treats the complex underlying cryptographic services and protocols on behalf of an application programmer. The toolkit is a bundle of local software providers that implement security standards and a high-level interface that allows any developer to PKI-enable their application. The importance of the toolkit includes the following: - It allows the application programmer to focus on what he/she does best, rather than become a cryptography or PKI expert. This reduces time and resources needed to integrate security with applications. - It allows consistent security integration across all applications. - It allows those maintaining the overall solution to easily meet new demands as application environment and requirements evolve over time. 3

4 Major Market Drivers The increasing use of online commerce applications like those listed below constitutes the primary business driving the deployment of PKIs. - Wireless and web e-commerce - Electronic content distribution via public networks - Online payments - Extranets (private networks that support trading partners) - Intranets (private networks that support employees) While the use of these new applications promise tremendous gains in productivity to almost all organizations, they also introduce serious security risks such as: Masquerading as a legitimate user Denial of participation in an online transaction Tampering with data Eavesdropping Unauthorized access E-Commerce Security Requirements Businesses operating online have specific security needs, all of which can be met through carefully implemented PKI. PKI provides management of relationships, keys, and certificates necessary to make cryptography useful in business. PKI services and objects will be covered later in this document. To learn about basic cryptography, see An Introduction to Information Security at ). Today there is widespread consensus that the security requirements of online applications are best met by cryptography, but only when these applications are PKI-enabled. To be PKI-enabled, the application must have the ability to access PKI resources like the certification authority and the certificate directory as well as the ability to process the objects that are commonly exchanged within the PKI, like digital signatures and public-key certificates. A carefully implemented PKI addresses online businesses requirements for Authentication: to prevent masquerading, verifies the identity of an entity (individual, device, organization, role) prior to an online exchange, transaction, or allowing access to resources. 4

5 When the application is PKI-enabled, it can use digital signature and publickey certificate processes to authenticate individuals, servers, nodes or whatever entity is participating in the business flow. Authorization: to prevent unauthorized activity, verifies that an entity has permission to participate in an activity, a transaction, or is allowed access to resources. When an application is PKI-enabled, it can cross-reference an entity s verified identity (which it authenticated using a public-key certificate) with a privilege (or policy-enforcement) list before it authorizes (grants or denies) an entity s request for participation or access. Non-repudiation: provides the tools that make it easy to prove that an individual has participated in a transaction. PKI-enabled applications can bind a participant to his activity and the date and time that the activity occurred because they have the capability to verify digital signatures, process public-key certificates, and maintain an audit log (record) of the transaction. Privacy: prevents eavesdropping or unauthorized access. PKI-enabled applications are also capable of encrypting data when privacy is needed. While the encryption service is not provided by the PKI, the management and exchange of encryption and decryption keys is a necessary service usually provided by the PKI. Integrity: prevents data tampering, ensures that data is not altered, either by accident or on purpose, while in transit or in storage. Digital signatures are a preferred method for protecting data from tampering. If digital signature verification is positive, the integrity of the transaction is deemed to be intact, if not the transaction data has been modified and will be discarded. PKI-enabled applications are capable of applying digital signatures to transactions, of verifying digital signatures and so can verify the integrity of transactions. These requirements are best met with PKI-enabled applications that support the services (cryptographic, access, and audit) commonly found in operational PKIs. PKI Technology and Architecture Good PKI architectures are openly documented, provide clear application interfaces, and support standards. The set of PKI technologies includes software and hardware that implement the functions of the End-Entity Application (EE) 5

6 Registration Authority (RA) Certification Authority (CA) PKI Directory Basic PKI Architecture and Data Flow The major technical components and operational flow of a PKI are shown in Fig. 1. Fig. 1. The major technical components and operational flow of a PKI. What is a Public-key Certificate? A public-key certificate is a data object or container that binds a public key to a set of information identifying the key pair owner (an entity such as a person, organization, node, or Website). The public key in the certificate is associated with the corresponding private key in the pair. The key pair owner is known as the subject of the certificate. A certificate is used by a participant involved in secure transaction (or in a secure, authenticated-communications session) who relies upon the accuracy of the identity (Subject) and public key contained in the certificate. With a trusted, accurate identity and 6

7 public key it is possible for one participant to authenticate the other before executing an online transaction. In order to help visualize the contents of a public-key certificate, a diagram (Fig. 2) is provided here. Fig. 2. Contents of a public-key certificate. What is a Digital Signature? As the name suggests, digital signatures are the electronic equivalent of traditional handwritten signatures. But a digital signature cannot be visually recognized like a handwritten signature. Instead, digital signatures are recognized (created, stored, transmitted, and verified) by PKI-enabled applications that have access to key management and cryptographic services. The generic cryptographic operations used in creating and verifying a digital signature are shown in Fig. 3. Digital signatures and public-key certificates provide two primary security services in a PKI: data integrity and user authentication. Data Integrity in a PKI As indicated above, in order to create a digital signature, both the transaction data that is to be signed and the user s private key must be used as inputs to the signing process. To verify a digital signature, the data that was

8 signed, the user s public key, and the digital signature itself are used as inputs to the verification process. Since the transaction data is always involved in producing and verifying a digital signature, if the data is modified after signing, the signature will not verify; therefore digital signatures have become a preferred method for ensuring the integrity of transactions. Fig. 3. A generic representation of the operations used in creating and verifying a digital signature. User Authentication in a PKI Public-key certificates ensure that the public key used to verify a digital signature belongs to the user that produced the signature. As indicated in the previous certificate diagram the certificate contains both the user s public key and identity. So if the signature verification process is successful, the verifier also knows for certain the identity of the signer because the CA that issues the public-key certificate guarantees the user s identity when it places it in the certificate along with the user s public key. For a more detailed review of digital signatures, please see An Introduction to Information Security at The Primary Technical Components of PKI Following are the primary technical components of a PKI. With the exception of the toolkit, each is implemented as a software module that may interoperate with other software modules in the PKI and over the network. End Entity Application (EE): Implemented as software for the end-user, its functions include: Generate, store and allow access to a user s public-key pair Complete, sign and submit first-time certificate applications 8

9 Complete, sign and submit certificate renewal requests Complete, sign and submit certificate revocation requests Search for and retrieve certificates and revocation information Validate certificates and read the certificate contents Generate and verify digital signatures Registration Authority (RA): Implemented as software for the designated Registration Authority user(s) in the PKI. It is interoperable and fully compatible with the EE and CA and supports the same basic functions of key generation, storage, access, and digital signature and certificate processing. The RA is usually capable of supporting multiple CAs and EEs in the PKI. Its primary use is to support the special tasks of the RA user such as: User enrollment: the process by which a user is registered as a potential participant in the PKI. The RA creates a user object in a special database. User objects may contain any number of user attributes as specified by the registration policy like: user name, title, address, etc. Due Diligence: the process by which the RA verifies the identity of a certificate applicant (subject) for the first time and confirms that a specific public key (the one that is to be certified) belongs to the applicant. Approval of end-user requests: the RA will approve or deny requests made by end-users like requests for first-time certificates and renewal of expired certificates. Certificate revocation: The action taken by the RA that orders the CA to revoke a user s certificate. The RA may or may not provide a reason for revocation according to the PKI s revocation policy. Certification Authority (CA): usually implemented so that it can run autonomously after it has been installed, configured, and launched by the designated CA administrator. Think of the CA as a highly trusted signing engine. It is responsible for signing certificates, revocation requests, and other supporting-transactions according to a predefined set of conditions and in this way plays a key role in enforcing the rules of the business that rely on the PKI. In practice the CA is responsible for: Key certification: the transaction that results in the CA signing a subject s public key and issuing the certificate. Certificate renewal: the transaction that issues a new certificate to the subject when the current certificate has expired. 9

10 Certificate revocation: the transaction that adds a users certificate to the revocation list making the certificate invalid from that date and time onward. Certificate posting: the transaction that places the certificate in the PKI directory where PKI users can search for and retrieve it. Revocation list maintenance: the set of transactions that keep the certificate revocation list current within the PKI. Revocation list posting: the transaction that places the certificate revocation list in the PKI directory where PKI users can search for and retrieve it. PKI directory: The PKI directory is an online repository available to all participants in the PKI for searches and retrievals of certificates, revocation information and policy information. Only special users or components are designated with Directory write and delete privileges. Most commonly, directories are implemented based on the IETF Lightweight Directory Access Protocol (LDAP). The directory architecture includes two primary components: a LDAP client (usually implemented as part ofthe EE Application) and a LDAP server a networked server that hosts the directory information and processes search, read, write, delete, and update requests made by authorized users in the PKI. These processes are illustrated in Fig. 4. PKI Toolkits Without the ability to integrate the PKI with applications (making the applications PKI-enabled), the PKI has no value in business. Therefore, good PKIdesigns focus on application interfaces and the best practice here is to implement the interfaces and standards in the form of developer toolkits. The toolkits allow for tight integration of applications, minimize the resources needed to integrate the PKI with applications, and allow the PKI solution to meet demands as the application environment and requirements evolve over time. Although the PKI toolkit is transparent to users and administrators, it plays a critical role in PKI deployments and ongoing maintenance, so it is also a key technical component of the PKI. 10

11 Fig. 4. A representation of an EE application requesting a certificate from (and receiving) a public-key certificate from an LDAP server. Common PKI Toolkit: A developer s toolkit that contains all of the PKI libraries and interfaces necessary to allow a third party application to become PKI-enabled. Ideally, all other components in the PKI (EE, RA, CA) are developed using the same toolkit. Having this type of common foundation insures compatibility among PKI components and allows rapid additions/ modifications for new features and bug fixes, and by supporting standards may facilitate the mixing and matching of PKI components from different vendors. A generic PKI toolkit design is represented in Fig. 5. Fig. 5. A generic PKI toolkit design. Application Contexts Used in E-Commerce Several application contexts support e-commerce applications. These are not the e-commerce applications themselves but are the generalized application contexts that are employed in a wide variety of e-commerce applications. The 11

12 commonly used application contexts and the PKI-enabled standards that they rely for securing e-commerce are shown in Table 1. Wireless Transport Layer Security (WTLS) is a PKI-enabled transport security protocol. It can authenticate the communicating parties and encrypt the Wireless Markup Language (WML) data when it is in transit. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are also PKI-enabled transport-security protocols and are used in the same manner as WTLS only for Web-based transactions. Internet Protocol Security (IPSec) is a PKI-enabled network-security protocol that is used mainly to establish Virtual Private Networks (VPN) for the purpose of support an extranets or intranets. This protocol applies integrity and encryption at the IP data packet level and authentication of the originating and receiving network devices at either end of the communications session. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a PKI-enabled application-security protocol that applies integrity, encryption and sender/recipient authentication to messages. Many techniques for secure content distribution exist. Content types and standards vary for music, books, images, software, etc., but PKIs can support the applications that are responsible for secure distribution of content and management of the rights to own and use it. Table. 1. The commonly used application contexts and the PKI-enabled standards on which they rely. Application Context Supporting PKI-enabled Standard WML WTLS (WAP-199-WTLS A) HTML SSL and TLS S/MIME VPN IPSec 12

13 PKI Policies There are two main policies that determine the operational and technical practices of a PKI: (1) the Certificate Policy (CP) and (2) the Certification Practice Statement (CPS). A guide for those that will write CPs and CPSs may be found at This is IETF RFC 2527 Internet X.509 PKI Certificate Policy and Certification Practice Framework. It is a roadmap for Certificate Policies and Certification Practice Statements. In particular, the framework provides a comprehensive list of topics that may need to be covered in PKI policy definition. Certification Practice Statement (CPS) The degree to which a user can trust a certificate depends on the operational practices of the PKI as defined in the Certification Practice Statement. As already mentioned, the policies that govern the rules of the business are also the policies that the PKI must support and enforce. These policies will, in effect, govern how the PKI participants create, administer, use, and access keys and certificates. It is the CPS that defines these policies and in doing so will indicate a level of trust that may be associated with the PKI. The CPS may cover items like the enrollment process for users and administrators, the CA s overall operating policy, procedures, and security controls; the subject s obligations (for example, in protecting their private key); and the stated undertakings and legal obligations of the CA (for example, warranties and limitations on liability). The CPS must define practices and policies that will provide a level of trust in the PKI that is at least equal to the value level of the business transactions that rely on the PKI. In the e-commerce world trust-level must be equal to or greater than value-level and the CPS is one way to ensure and verify this. Certificate Policy Online businesses and the PKIs that support them are not isolated and over time tend to evolve to encompass more and more customers, partners, and employees. It is also likely that these new entities will reside under different business and management domains and may already have established PKIs and PKI-enabled applications. To that end, it is important that a PKI define policies for standards and interfaces referred to as the Certificate Policy. Through a well-defined Certificate Policy and by employing a product that can support it, interoperation between PKI domains may be possible without causing serious downtime or interrupting workflow. 13

14 Conclusions PKIs encompass a set of complex technologies that work with the applications supporting e-commerce and online business (as well as other PKIs). As a result, application interfaces and standards are important. PKI technology can support a wide range of online applications. The demand for PKI support will increase and evolve into the foreseeable future as PKI designs, standards and technologies track the evolution and expansion of e-commerce requirements. The PKI itself is not just technology but is the manner in which the technology, certificates, and keys are administered and used. Finally, the administration and use of PKI must follow the rules of business. 14

15 PKI-Related Standards Abstract Syntax Notation 1 (ASN.1) is an ISO and IETF standard used to describe objects such as certificates, signatures, and encryption keys. ASN.1 Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER) are ISO and IETF standards, also referred to as transfer or encoding syntax. These are the rules by which data objects are electronically encoded before they are digitally signed, transmitted, or stored. ANSI X9.62 Elliptic Curve Digital Signature Algorithm (ECDSA) is the Financial Services Industry s latest standard for digital signatures. This standard defines techniques for generating and validating digital signatures. It is the Elliptic Curve analog of the original ANSI Digital Signature Algorithm (DSA) (ANSI X9.30 Part 1). Elliptic Curve systems are public-key (asymmetric) cryptographic algorithms that are typically used to create digital signatures (in conjunction with a hash algorithm), and to establish secret keys securely for use in symmetric-key cryptosystems. NIST FIPS PUB is the US Digital Signature Standard (DSS). This standard now recognizes three different cryptographic subsystems (1) the original Digital Signature Algorithm (DSA), (2) the Elliptic Curve Digital Signature Algorithm (ECDSA) as defined in ANSI X9.62, and (3) the Rivest-Shamir- Adleman (RSA) digital signature. IETF RFC 2307 is an experimental standard covering an approach for using LDAP as a Network Information Service. IETF RFC 2459 is the standard that provides the Internet profile of X.509 Certificate and CRL formats. IETF RFC 2510 is the Internet X.509 Public Key Infrastructure Certificate Management Protocols (CMP) standard. IETF RFC 2511 is the Internet X.509 Certificate Request Message Format (CRMF) standard. 15

16 IETF RFC 2527 is the Internet X.509 PKI Certificate Policy and Certification Practice Framework. It presents a framework for Certificate Policies (CP) and Certification Practice Statements (CPS). In particular, the framework provides a comprehensive list of topics that may need to be covered in policy definition. ISO/IEC /ITU-T Recommendation X.509 provides the generalized public-key certificate and CRL formats, a public-key trust model and security framework, and some of the first formal descriptions of public-key based entity authentication protocols. ISO/IEC on Certificate Extensions, Final Text of Draft Amendment DAM 1 provides one of the earliest comprehensive lists of extensions and descriptions in ASN.1 of X.509 v3 certificate extensions. JCE: Java Cryptographic Extensions from JDK v1.2 are the cryptographic libraries provided to Java application developers that allow access to cryptographic serves such as key generation, encryption/decryption, digital signature generation and verification, and X.509 certificate and CRL processing. PKCS 7 Cryptographic Message Syntax describes general syntax for data that may have cryptography applied to it, such as digital signatures. PKCS 10 Certification Request Syntax describes syntax for a request for certification of a public key, a name, and a set of attributes. PKCS 11 Cryptographic Token Interface specifies an API, called Cryptoki, to devices like smart cards which hold cryptographic information and perform cryptographic functions. PKCS 12 Personal Information Exchange Syntax specifies a portable format for storing or transporting a user s private keys, certificates, and other secrets. SEC 1: Elliptic Curve Cryptography specifies public-key schemes based on Elliptic Curve Cryptography, in particular signature schemes, encryption schemes and key management schemes. 16

17 SEC 2: Recommended Elliptic Curve Domain Parameters helps insure interoperation among PKI-enabled applications that use elliptic curve cryptography (ECC). It specifies profiles for standard domain parameters for those implementing ECC according to SEC 1, ANSI X9.62 or FIPS PUB WAP Public-Key Infrastructure: WAP-217-WPKI profiles the existing IETF PKIX PKI standards for the specific requirements of the wireless application environment. 17

18 List of Acronyms Used ANSI ASN.1 BER CA CP CPS CRL DAM DER DSS DSA ECC ECDSA E-Commerce EE FIPS HTML IEC IETF I/F IP IPSec ISO ITU JCE JDK LDAP NIST PKCS PKI American National Standards Institute Abstract Syntax Notation One Basic Encoding Rules Certification Authority Certificate Policy Certification Practice Statement Certificate Revocation List Draft Amendment Distinguished Encoding Rules Digital Signature Standard Digital Signature Algorithm Elliptic Curve Cryptography Elliptic Curve Digital Signature Algorithm Electronic Commerce End Entity Electronic Mail Federal Information Processing Standard HyperText Markup Language International Electro-technical Commission Internet Engineering Task Force Interface Internet Protocol Internet Protocol Security International Standards Organization International Telecommunications Union Java Cryptographic Extensions Java Developers Kit Lightweight Directory Access Protocol National Institute of Standards and Technology Public-Key Crypto Systems Public-Key Infrastructure 18

19 RA RFC RSA SEC S/MIME SSL TLS VPN WML WPKI WTLS Registration Authority Request For Comment Rivest-Shamir-Adleman Standards for Efficient Cryptography Secure/Multipurpose Internet Mail Extensions Secure Sockets Layer Transport Layer Security Virtual Private Network Wireless Markup Language (Script) Wireless Application Protocol Public-Key Infrastructure Wireless Transport Layer Security 19

20 Certicom Office Locations Industrial Blvd. Hayward, CA USA Tel: Fax: Explorer Drive 4th Floor Mississauga, Ontario, L4W 5L1 Canada Tel: Fax: Sales Support: Tel: Fax: com Application Engineering and Customer Support: Tel: Fax: Investor Inquiries: Contact Starla Ackley Certicom Corporation 2001 tp wp 001-1

PKI COMPONENTS AND RELATED STANDARDS.

PKI COMPONENTS AND RELATED STANDARDS. PKI COMPONENTS AND RELATED STANDARDS. COMESA/POTRAZ Zimbabwe 4-6 May 2016. Dr. Izzeldin Kamil Amin Associate Professor. Faculty of Mathematical Sciences University of Khartoum. izzeldin@outlook.com PKI

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

IBM i Version 7.3. Security Digital Certificate Manager IBM

IBM i Version 7.3. Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Network Security, spring Final Project Report X.509

Network Security, spring Final Project Report X.509 Network Security, spring 2008 Final Project Report X.509 This report is the final report for the Network Security course module of the LP 2 of the second semester in the Network Design course. The course

More information

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services

More information

CERTIFICATE POLICY KEYNECTIS SSL CA

CERTIFICATE POLICY KEYNECTIS SSL CA CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust

More information

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David

More information

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses

More information

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key. The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

Getting started with Digital Certificates Part I

Getting started with Digital Certificates Part I Getting started with Digital Certificates Part I This is a two part presentation where we will attempt to unlock the mysteries of digital certificates. Part I will get you started in the world of Digital

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

ehealth Ontario PKI Certification Policy Manual

ehealth Ontario PKI Certification Policy Manual ehealth Ontario PKI Certification Policy Manual Part One: Concept of Operations Part Two: Certification Policies Version: 1.1 2005 January 25 Document Control Document Identification Title Location: Maintained

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

Security Architecture for Development and Run Time Support of Secure Network Applications

Security Architecture for Development and Run Time Support of Secure Network Applications Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

NIST Test Personal Identity Verification (PIV) Cards

NIST Test Personal Identity Verification (PIV) Cards NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper

More information

CERTIFICATION PRACTICE STATEMENT. EV SSL CA Certification Practice Statement

CERTIFICATION PRACTICE STATEMENT. EV SSL CA Certification Practice Statement CERTIFICATION PRACTICE STATEMENT EV SSL CA Certification Practice Statement Emmanuel Montacutelli September 1, 2015 OpenTrust_DMS_EV Statement SSL CA Certification Practice Manage d Services Signature

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Visa Public Key Infrastructure Certificate Policy (CP)

Visa Public Key Infrastructure Certificate Policy (CP) Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Key Considerations When Selecting a PKI Solution Page 4 1. Certification Authority (CA) Page

More information

Data Security & Privacy Certification Technical Certification Study Guide

Data Security & Privacy Certification Technical Certification Study Guide Data Security & Privacy Certification Technical Certification Study Guide Technical Study Guide Demonstrate your sales and technical knowledge by participating in the Echoworx Data Security & Privacy Certification

More information

Some Cryptographic Implementations

Some Cryptographic Implementations Some Cryptographic Implementations October 10 14, 2016 Guinee Conakry By Marcus K. G. Adomey Chief Operations Manager AfricaCERT Email: marcus.adomey@africacert.org OVERVIEW Fingerprint Digital Signature

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

Public Key Infrastructure

Public Key Infrastructure Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

Biometrics, Tokens, & Public Key Certificates

Biometrics, Tokens, & Public Key Certificates Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 - X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015 ING Public Key Infrastructure Customer Certificate Policy Version 5.4 - November 2015 Colophon Commissioned by Additional copies Document version General Abstract Audience References ING PKI Policy Approval

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada

by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) PKI FUNDAMENTALS, STATE OF

More information

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published

More information

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status 10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary

More information

SSH X.509 Certificate Tools White Paper Version 2.0, March 1999

SSH X.509 Certificate Tools White Paper Version 2.0, March 1999 SSH X.509 Certificate Tools Version 2.0, March 1999 SSH is a registered trademark of SSH Communications Security Ltd. SSH X.509 Certificate Tools Version 2.0, November 1999 http://www.ssh.fi/ 1999 SSH

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Comodo CA, Ltd. Version 3.0 22 September 2006 3rd Floor, Office Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom Tel: +44 (0) 161

More information

Strong Encryption for Public Key Management through SSL

Strong Encryption for Public Key Management through SSL Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03 ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03 Comodo CA, Ltd. ECC Certificate Addendum to Comodo EV CPS v. 1.03 6 March 2008 3rd Floor, Office Village, Exchange Quay,

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

A Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract

A Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract A Security Flaw in the X509 Standard Santosh Chokhani CygnaCom Solutions, Inc Abstract The CCITT X509 standard for public key certificates is used to for public key management, including distributing them

More information

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008 Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT

More information

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...

More information

Number of relevant issues

Number of relevant issues Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

Electronic and Digital Signatures

Electronic and Digital Signatures Summary The advent of e-government and e-services has changed the way state agencies and local government offices do business. As a result, electronic systems and processes have become as important as

More information

Business Issues in the implementation of Digital signatures

Business Issues in the implementation of Digital signatures Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

ISO/TR TECHNICAL REPORT. Banking Security and other financial services Framework for security in financial systems

ISO/TR TECHNICAL REPORT. Banking Security and other financial services Framework for security in financial systems TECHNICAL REPORT ISO/TR 17944 First edition 2002-08-01 Banking Security and other financial services Framework for security in financial systems Banque Sécurité et autres services financiers Cadre pour

More information

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

Cryptography and Network Security Chapter 14. Fifth Edition by William Stallings

Cryptography and Network Security Chapter 14. Fifth Edition by William Stallings Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Key Management: Generation, Transportation, and Distribution The Key Exchange Problem Although symmetric encryption is commonly

More information

Outlining Wireless Public Key Infrastructure

Outlining Wireless Public Key Infrastructure Outlining Wireless Public Key Infrastructure Outlining Wireless Public Key Infrastructure Abstract: This paper describes on-going work in the WAP Forum on Wireless Public Key Infrastructure (WPKI), describing

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

RSA Security RSA Keon Certificate Authority PKI Product

RSA Security RSA Keon Certificate Authority PKI Product Kristen Noakes-Fry Product Report 1 August 2003 RSA Security RSA Keon Certificate Authority PKI Product Summary RSA Keon Certificate Authority a PKI platform for Internet and e-commerce applications serves

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information