MACHINE READABLE TRAVEL DOCUMENTS
|
|
- Dorcas Walters
- 8 years ago
- Views:
Transcription
1 MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date June 23, 2009 Published by authority of the Secretary General ISO/IEC JTC1 SC17 WG3/TF5 FOR THE INTERNATIONAL CIVIL AVIATION ORGANIZATION File Author : WG3TF5_N0059R5 TR- V1.0.doc : ISO/IEC JTC1 SC17 WG3/TF5
2 Release Control Release Date Description First draft discussed in TF5, Chantilly Noveber Corrections & additions after Chantilly eeting Additional coents Deceber 10 & Additional coents Deceber 14 & Review TF5 March : TF5 eail discussion results incorporated; version for PKD Board 0.61: Nae correction in TR editorial group Corrected ASN.1 specification in Updated Certificate profile in Final version delivered to ICAO PKD board Technical Report editorial group Alan Bennett Australia DFAT Christian Berczely USA L1 Sharon Boeyen Canada Entrust Doinique Gatinet France Secure Docuent Agency Sion Godwin USA Apptis Hartut Hee Gerany Bundesdrückerei Mike Holly USA State Dept. Barry Kefauver USA Fall Hill Associates Steve Kelly UK DeLaRue To Kinneging Netherlands Sdu Identification Dennis Kügler Gerany BSI Patrice Plessis France Gealto R. Rajeshkuar Singapore Netrust Bill Russell USA Mount Airey Group Steffen Scholze Gerany Bundesdrückerei Minoru Uehara Japan NTT Petri Viljanen Finland Gealto Dirk Wacker Gerany Giesecke & Devrient Bradford Wing USA Dept. of Hoeland Security 2 of 15
3 Table of contents 1. INTRODUCTION BACKGROUND OPERATIONAL EXPERIENCES MODIFIED APPROACH ASSUMPTIONS TERMINOLOGY Technical report terinology CAs, Keys and Certificates OVERVIEW GENERAL OUTLINE CSCA COUNTERSIGNING PROCESS Issuing a CSCA Master List Master List Signer revocation Receiving a CSCA Master List PUBLICATION ON THE PKD RELYING PARTIES TECHNICAL SPECIFICATIONS CSCA MASTER LIST SPECIFICATION SignedData Type ASN.1 specification for the CSCA Master List CSCA MASTER LIST SIGNING CERTIFICATE PROFILE Certificate Body Etensions ANNEX A REFERENCE DOCUMENTATION ANNEX B ABBREVIATIONS of 15
4 1. Introduction 1.1 Background The principles of PKI schees have evolved in their use to becoe highly cople in their application to odern scenarios. Their general priary use is in Internet transactions, where keys are to be trusted across a broad range of users and organizational entities; this has resulted in elaborate systes of key certificates, where public keys are issued in certificates which are digitally signed by trusted issuing organizations called Certificate Authorities (CA s). The trust in these CA organizations is further being reinforced by higher level CA s in a trust hierarchy. A coplicating factor is the need for Certificate Revocation Lists (CRL s), indicating where a key (certificate) has lost it s validity for whatever reason. In fact, by revoking a certificate and publishing this revocation in a CRL, the certificate s issuer infors receiving parties that the contents can no longer be trusted. The ICAO operating environent is different fro the above entioned coercial environents, where the question of public key revocation applies in a different way (copared to individual users), since the unlikely event of a coproise of any State s private key used during soe period to sign any MRTDs cannot deny that docuents were indeed legitiately issued and signed using that key. These (valid) docuents will reain in use by their holders for travel purposes. As a consequence, ICAO has specified a custoized approach, intended to enable the MRTD counity to fast-track ipleentation of this application for MRTDs with IC read-only access, and take advantage of its benefits without attepting to address larger PKI policy issues and cople hierarchies. The ICAO PKI schee specifies a two-layer certificate chain, enabling an inspection syste to verify the authenticity and integrity of the data stored in the MRTD s contactless IC. The (highest level) root CA in this schee is the Country Signing CA (CSCA), which authorizes Docuent Signers (DS) to digitally sign the Docuent Security Object (SO D ) on the contactless IC. The CSCA certificate is distributed bilaterally by diploatic echange to relying States. The DS certificate is published on the ICAO Public Key Directory (PKD) and/or stored on the MRTDs contactless IC. Certificate Revocation Lists are published on the PKD and echanged bilaterally. 1.2 Operational eperiences Doc 9303 specifies that the echange of CSCA certificates has to be bilateral, without providing detailed specifications on echaniss for this echange. The first years in which States issue e- passports show that the lack of such specifications has lead to wide interpretation and inefficient processes. 1.3 Modified approach The approach described in this Technical Report ais to provide an electronic eans of distributing and publishing issuing States CSCA Public Keys. The odified approach is based on countersigning the CSCA certificates of issuing States by other States, and distributing the countersigned CSCA certificates via the ICAO PKD, to support but not to replace bilateral distribution of self-signed certificates. For this purpose the countersigning State publishes a signed list of received and validated self-signed CSCA certificates. The process of countersigning keys issued by other CAs is also known as Cross Certification, but as opposed to X.509 Cross Certification in this application no assertion is ade by the countersigning State other than the fact that the countersigning State has received the CSCA certificate fro the originating State. 4 of 15
5 If a State chooses to accept a CSCA certificate through this odified approach, whithout bilateral relationship with the State that has issued the CSCA certificate, then specific arrangeents MUST be ade with this issuing State for the echange of CRLs. 1.4 Assuptions It is assued that the reader is failiar with the concepts and echaniss offered by public key cryptography and public key infrastructures. It is assued that the reader is failiar with the contents of [R2], ICAO Doc 9303, Machine Readable Travel Docuents, [R6], ICAO Suppleent to Doc 9303 and any other official docuents issued by ICAO regarding Machine Readable Travel Docuents. It is not feasible that ICAO, or any other single, central organization will assign, aintain or anage secure private keys for any State. Despite any strategic alliances aong participants this approach will not be recognized as being a trusted solution. 1.5 Terinology Technical report terinology The key words "MUST", MUST NOT, "SHALL", SHALL NOT, "REQUIRED", "SHOULD", SHOULD NOT, "RECOMMENDED", "MAY", and OPTIONAL in this docuent are to be interpreted as described in [R1], RFC 2119, S. Bradner, "Key Words for Use in RFCs to Indicate Requireent Levels", BCP 14, RFC 2119, March In case OPTIONAL features are ipleented, they MUST be ipleented as described in this Technical Report CAs, Keys and Certificates The following Keys and Certificates are relevant within the scope of this Technical Report: Nae Country Signing CA Country Signing CA Certificate Country Signing CA Private Key Country Signing CA Public Key Country Signing CA Link Certificate CSCA Master List Docuent Signer Docuent Signer Certificate Coents Docuent Signer Private Key Signing the SO D. Issued by CSCA (self-signed). Carries the Country Signing CA Public Key. Stored in the inspection syste. Signing the Docuent Signer Certificate. Stored in a Issuing State s (highly) secured environent. For verification of the authenticity of the Docuent Signer Certificate. A PKI certificate containing a Country Signing CA Public Key and other standard inforation about the Country Signing CA Public Key. A Country Signing CA Link Certificate is signed by the sae Country Signing CA using the previous Country Signing CA Private Key. A signed list of CSCA certificates Issued by the CSCA. Carries the Docuent Signer Public Key. Stored in the inspection syste AND/OR in the MRTD s chip. 5 of 15
6 Nae Coents Stored in a Issuing State s (highly) secured environent. Docuent Signer Public Key For verification of the authenticity of the SO D. Docuent Security Object A RFC3369 CMS Signed Data Structure, signed by the DS. Carries the hashed LDS Data Groups. Stored in the MRTD s chip. MAY carry the Docuent Signer Certificate. Master List Signer Copiles, signs and publishes CSCA Master Lists; authorised by the CSCA. 6 of 15
7 2. Overview 2.1 General outline The authenticity and integrity of data stored on epassports is protected by Passive Authentication. This security echanis is based on digital signatures and consists of the following Public Key Infrastructure (PKI): 1. Country Signing CA (CSCA): Every State establishes a CSCA as its national trust point in the contet of epassports. The CSCA issues public key certificates for one or ore (national) Docuent Signers. 2. Docuent Signers (DS): A Docuent Signer digitally signs data to be stored on epassports; this signature is stored on the epassport in a Docuent Security Object. Both the CSCA Certificates and Docuent Signer Certificates are associated with a (private key) usage and a (public key) validity period. The following table gives an overview on the validity periods. Private Key Usage Public Key Validity (assuing 10 year valid passports) Country Signing CA 3-5 years years Docuent Signer 3-5 onths appro. 10 years While the CSCA Certificate reains relatively static, a large nuber of Docuent Signer Certificates will be created over tie. The ICAO PKD is intended to collect, store and publish all those Docuent Signer Certificates (as described in ore detail below), there is also another way to obtain the Docuent Signer Certificate corresponding to a Docuent Security Object read fro a passport: The Docuent Security Object itself ay contain a copy of the Docuent Signer Certificate. To use Passive Authentication, the inspection syste has to perfor the following steps: 1. Read the Docuent Security Object of the epassport. 2. Retrieve the corresponding Docuent Signer Certificate. 3. Look up the corresponding CSCA Certificate in the list of trusted CSCA Certificates. 4. Check for Certificate Revocation Lists (CRLs). 5. Verify the Docuent Signer Certificate (and possibly CRLs) with the trusted CSCA public key. 6. Verify the Docuent Security Object with the Docuent Signer public key. Independent of whether the Docuent Signer Certificate is retrieved fro the PKD or directly fro the epassport being read, the security of Passive Authentication depends on the integrity and authenticity of the trusted CSCA Certificates. One of the prie tasks surrounding this PKI is establishing and aintaining trust in a state's CSCA Certificate. The current process relies heavily on the initial echange of CSCA Certificates by diploatic eans and requires that received CSCA certificates are stored securely and cannot be substituted. The potential substitution or addition of a rogue CSCA Certificate is one of the ajor risks to the schee. The addition of the CSCA Certificate of a noneistent State is however uch harder to detect than a siple substitution of a CSCA certificate: if soeone adds the CSCA Certificate of Utopia it ay not be spotted for a long tie, but 7 of 15
8 if soeone substitutes the CSCA Certificate of a large State all respective epassports becoe invalid which ay be spotted very quickly. This Technical Report itigates the risk of the substitution/addition of rogue CSCA certificates through States publishing in a verifiable way which CSCA certificates are validated and in use by a State. 2.2 CSCA countersigning process A Master List of trusted CSCAs is used in the inspection process. Each State produces its own list of CSCA certificates that is relied on in the inspection process. Copiling this list is based on diploatic echanges and subsequent verification processes. A State MAY countersign, and publish to the PKD, its Master List of received certificates as part of the diploatic echange. It is at the receiving State s discretion to deterine the way it verifies and uses the received certificates. To illustrate the idea, consider the following eaple: State A echanges CSCA certificates with States B, X, Y and Z via trusted channels. State A copiles, countersigns and publishes a Master List containing B, X, Y, Z and A. State B echanges CSCA certificates with States A, X, Y and Z. It validates the certificates it receives against the Master List published by State A. This allows State B to double-check received certificates fro X, Y and Z. State B copiles, countersigns and publishes a Master List containing A, X, Y, Z. This provides State X with the CSCA certificates of States Y and Z which it can use, based on its confidence in the validity of the inforation provided by State A and State B. This eans that for State X the schee works even though there hasn t been any certificate echange by diploatic eans between States X, Y and Z. The sae applies to States Y and Z. The following sections give soe guidelines for the handling of CSCA Master Lists Issuing a CSCA Master List CSCA Master Lists MUST NOT be issued directly by a CSCA, instead the CSCA SHALL authorize a Master Lister Signer to copile and sign and publish CSCA Master Lists by certifying the Master List Signer according to the Certificate Profile specified in par Before issuing a CSCA Master List the issuing Master List Signer SHOULD etensively validate the CSCA certificates to be countersigned; i.e. the issuing CSCA SHOULD ensure that the certificates indeed belong to these CSCAs. Diploatic echange is an eaple of a secure validation procedure, but an issuing CSCA ay also define other policies under which it issues CSCA Master Lists. The procedures to be perfored for validation and countersigning SHOULD be reflected in the published certification policies of the issuing CSCA. The Master List issuer MUST include the issuing State s CSCA certificates in the CSCA Master List. The Master List issuer MAY include CSCA link certificates at the discretion of the issuing State in the CSCA Master List. If new certificates have been received by a CSCA Master List Signer and its validation procedures have been copleted it is RECOMMENDED that a new CSCA Master List is copiled and issued Master List Signer revocation The issuing CSCA handles the Master List Signer as it handles Docuent Signers. Revoked Master List Signers will be published in a CRL, issued by the CSCA. 8 of 15
9 2.2.3 Receiving a CSCA Master List Every Receiving State defines its own policies under which it accepts certificates contained in a countersigned CSCA Master List. Those policies are in general private inforation. 2.3 Publication on the PKD The PKD operates as a central repository for CSCA Master Lists, Docuent Signer Certificates and CRLs. The procedure for publishing a CSCA Master List is as follows: 1. CSCA Master Lists are sent to the write PKD, as part of the usual certificate upload process as defined in the PKD Interface Specification and PKD Procedures Manual. 2. The ICAO PKD office validates the signatures of uploaded CSCA Master Lists as specified in the PKD Procedures Manual. 3. Valid CSCA Master Lists are oved to the read PKD. 2.4 Relying parties Everyone who has the appropriate equipent is able to read the chip contents of the MRTD, but only the parties that are provided with the appropriate public key certificates and certificate revocation lists will be able to verify the authenticity and integrity of the chip contents. CSCA certificates are public inforation and as such are regarded to be available to all interested parties, fro both public and private sector. This also applies for the CSCA Master Lists. To be able to verify a CSCA Master List, a relying party needs to have received the corresponding CSCA certificate of the countersigning State by out of band counications. It MAY use link certificates but it MUST not use self-signed CSCA certificates contained in the CSCA Master List to verify the CSCA Master List itself. It is up to the relying party to define its own policies under which it accepts certificates contained in a countersigned CSCA Master List. 9 of 15
10 3. Technical specifications 3.1 CSCA Master List specification The CSCA Master List is ipleented as a SignedData Type, as specified in [R3], RFC Cryptographic Message Synta - July All CSCA Master Lists MUST be produced in DER forat to preserve the integrity of the signatures within the SignedData Type The processing rules in RFC3852 apply. r o andatory the field MUST be present recoended - the field SHOULD be present do not use the field MUST NOT be populated optional the field MAY be present Value Coents SignedData version Value = v3 digestalgoriths encapcontentinfo econtenttype id-icao-cscamasterlist econtent The encoded contents of an cscamasterlist certificates States MUST include the Master List Signer certificate and SHOULD include the CSCA certificate, which can be used to verify the signature in the signerinfos field. crls signerinfos It is RECOMMENDED that States only provide 1 signerinfo within this field. SignerInfo version The value of this field is dictated by the sid field. See RFC3852 Section 5.3 for rules regarding this field sid subjectkeyidentifier r It is RECOMMENDED that States support this field over issuerandserialnuber. digestalgorith The algorith identifier of the algorith used to produce the hash value over encapsulatedcontent and SignedAttrs. signedattrs Producing States ay wish to include additional attributes for inclusion in the signature, however these do not have to be processed by receiving States ecept to verify the signature value. signedattrs MUST include signing tie (ref. PKCS#9). signaturealgorith The algorith identifier of the algorith used to produce the signature value, and any associated paraeters. signature The result of the signature generation process. unsignedattrs o Producing States ay wish to use this field, but receiving States ay choose to ignore the. 10 of 15
11 3.1.2 ASN.1 specification for the CSCA Master List CscaMasterList { iso-itu-t(2) international-organization(23) icao(136) rtd(1) security(1) asterlist(2)} DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS -- Iports fro RFC 5280 [PROFILE], Appendi A.1 Certificate FROM PKIX1Eplicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) echaniss(5) pki(7) od(0) pki1-eplicit(18) }; -- CSCA Master List CscaMasterListVersion ::= INTEGER {v0(0)} CscaMasterList ::= SEQUENCE { version CscaMasterListVersion, certlist SET OF Certificate } -- Object Identifiers id-icao OBJECT IDENTIFIER ::= { } id-icao-rtd OBJECT IDENTIFIER ::= {id-icao 1} id-icao-rtd-security OBJECT IDENTIFIER ::= {id-icao-rtd 1} id-icao-cscamasterlist OBJECT IDENTIFIER ::= {id-icao-rtd-security 2} id-icao-cscamasterlistsigningkey OBJECT IDENTIFIER ::= {id-icao-rtd-security 3} END Note: Coented lines (below) to be uncoented until the TR is incorporated into id-icao OBJECT IDENTIFIER ::= { } --id-icao-rtd OBJECT IDENTIFIER ::= {id-icao 1} --id-icao-rtd-security OBJECT IDENTIFIER ::= {id-icao-rtd 1} 11 of 15
12 3.2 CSCA Master List signing certificate profile Those States conforing to the specification MUST issue certificates that confor to this profile. All security objects MUST be produced in DER forat to preserve the integrity of the signatures within the. The following profile uses the following terinology for each of the fields in the X.509 certificate: andatory the field MUST be present do not use the field SHOULD NOT be populated o optional the field MAY be present c critical the etension is arked critical, receiving applications MUST be able to process this etension Certificate Body Certificate Coponent Section in RFC 5280 Master List Signer Certificate Coents Certificate TBSCertificate see net part of the table signaturealgorith value inserted here dependent on algorith selected signaturevalue value inserted here dependent on algorith selected TBSCertificate version MUST be v3 serialnuber signature value inserted here MUST atch the OID in signaturealgorith issuer validity Ipleentations MUST specify using UTC tie until 2049 fro then on using GeneralizedTie subject subjectpublickeyinfo issueruniqueid subjectuniqueid etensions see net table on which etensions should be present Etensions Etension nae Section in RFC 5280 Master List Signer Certificate AuthorityKeyIdentifier keyidentifier authoritycertissuer o authoritycertserialnuber o SubjectKeyIdentifier o subjectkeyidentifier Coents If this etension is used this field MUST be supported as a iniu 12 of 15
13 Etension nae Section in RFC 5280 Master List Signer Certificate KeyUsage c digitalsignature nonrepudiation keyencipherent dataencipherent keyagreeent keycertsign crlsign encipheronly decipheronly CertificatePolicies o PolicyInforation policyidentifier policyqualifiers o PolicyMappings SubjectAltNae IssuerAltNae SubjectDirectoryAttributes o Basic Constraints ca PathLenConstraint NaeConstraints PolicyConstraints EtKeyUsage c CRLDistributionPoints distributionpoint reasons crlissuer InhibitAnyPolicy FreshestCRL privateinternetetensions o other private etensions N/A o Coents rfc822nae or dnsnae MUST be used. MUST be ldap, http or https, Participants of the PKD MUST include PKD-URL. If http or https is used, the url MUST point to a ldif. Note 1 - Algoriths: Refer to [R2], ICAO Doc 9303, Machine Readable Travel Docuents for approved algoriths. 13 of 15
14 Anne A Reference docuentation The following docuentation served as reference for this Technical Report: [R1] RFC 2119, S. Bradner, "Key Words for Use in RFCs to Indicate Requireent Levels", BCP 14, RFC 2119, March 1997 [R2] ICAO Doc 9303, Machine Readable Travel Docuents [R3] RFC Cryptographic Message Synta - July 2004 [R4] RFC 5280, D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk,, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, May 2008 [R5] ISO/IEC 3166, Codes for the representation of naes of countries and their subdivisions 1997 [R6] ICAO Suppleent to Doc of 15
15 Anne B Abbreviation CA CRL CSCA DER DS IC ICAO LDS MRTD PKI PKD SO D Abbreviations Certification Authority Certificate Revocation List Country Signing Certification Authority Distinguished Encoding Rule Docuent Signer Integrated Circuit International Civil Aviation Organization Logical Data Structure Machine Readable Travel Docuent Public Key Infrastructure Public Key Directory Docuent Security Object 15 of 15
MACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS (Logo) TECHNICAL REPORT PKI for Machine Readable Travel Documents offering ICC Read-Only Access Version - 1.1 Date - October 01, 2004 Published by authority of the Secretary
More informationElectronic machine-readable travel documents (emrtds) The importance of digital certificates
Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.
More informationPKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory
Procedures for the ICAO Public Key Directory last modification final 1/13 SECTION 1 INTRODUCTION 1.1 As part of the MRTD initiative by ICAO, the Participants will upload to and download from the PKD, their
More informationCertificate Path Validation
Version 1.4 NATIONAL SECURITY AUTHORITY Version 1.4 Certificate Path Validation 19 th November 2006 No.: 1891/2006/IBEP-011 NSA Page 1/27 NATIONAL SECURITY AUTHORITY Department of Information Security
More informationPKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory
Regulations for the ICAO Public Key Directory last modification final 1/8 SECTION 1 AUTHORITY These Regulations are issued by ICAO on the basis of Paragraph 3 b) of the Memorandum of Understanding (MoU)
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationPublic Key Directory: What is the PKD and How to Make Best Use of It
Public Key Directory: What is the PKD and How to Make Best Use of It Christiane DerMarkar ICAO Programme Officer Public Key Directory ICAO TRIP: Building Trust in Travel Document Security 19/10/2015 Footer
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents
Technical Guideline TR-03110-3 Advanced Security Mechanisms for Machine Readable Travel Documents Part 3 Common Specifications Version 2.10 20. March 2012 History Version Date Comment 1.00 2006-02-08 Initial
More informationDeputy Chief Executive Netrust Pte Ltd
ICAO Public Key Directory R Rajeshkumar R Rajeshkumar Deputy Chief Executive Netrust Pte Ltd The trust imperative E-Passports are issued by entities that assert trust Trust depends on the requirements
More informationETSI TS 102 280 V1.1.1 (2004-03)
TS 102 280 V1.1.1 (2004-03) Technical Specification X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons 2 TS 102 280 V1.1.1 (2004-03) Reference DTS/ESI-000018 Keywords electronic signature,
More informationGenerating Certification Authority Authenticated Public Keys in Ad Hoc Networks
SECURITY AND COMMUNICATION NETWORKS Published online in Wiley InterScience (www.interscience.wiley.co). Generating Certification Authority Authenticated Public Keys in Ad Hoc Networks G. Kounga 1, C. J.
More informationSecurity by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA
Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the
More informationNetwork Working Group. Category: Informational Internet Mail Consortium B. Ramsdell Worldtalk J. Weinstein Netscape March 1998
Network Working Group Request for Comments: 2312 Category: Informational S. Dusse RSA Data Security P. Hoffman Internet Mail Consortium B. Ramsdell Worldtalk J. Weinstein Netscape March 1998 Status of
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationStandards and Protocols for the Collection and Dissemination of Graduating Student Initial Career Outcomes Information For Undergraduates
National Association of Colleges and Eployers Standards and Protocols for the Collection and Disseination of Graduating Student Initial Career Outcoes Inforation For Undergraduates Developed by the NACE
More informationA Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract
A Security Flaw in the X509 Standard Santosh Chokhani CygnaCom Solutions, Inc Abstract The CCITT X509 standard for public key certificates is used to for public key management, including distributing them
More informationCertification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.
The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F
More informationCategory: Experimental November 2009
Network Working Group S. Farrell Request for Comments: 5697 Trinity College Dublin Category: Experimental November 2009 Abstract Other Certificates Extension Some applications that associate state information
More informationX.509 Certificate Generator User Manual
X.509 Certificate Generator User Manual Introduction X.509 Certificate Generator is a tool that allows you to generate digital certificates in PFX format, on Microsoft Certificate Store or directly on
More informationProgramme of Requirements part 3f: Certificate Policy - Extended Validation
Programme of Requirements part 3f: Certificate Policy - Extended Validation Datum 27 July 2015 Extended Validation policy OID 2.16.528.1.1003.1.2.7 Page 1 of 37 Publisher's imprint Version number 4.1 Contact
More informationProtection Profile for UK Dual-Interface Authentication Card
Protection Profile for UK Dual-Interface Authentication Card Version 1-0 10 th July 2009 Reference: UNKT-DO-0002 Introduction This document defines a Protection Profile to express security, evaluation
More informationpublic key version 0.2
version 0.2 Typeset in L A TEX from SGML source using the DocBuilder-0.9.8.4 Document System. Contents 1 User s Guide 1 1.1 Introduction.......................................... 1 1.1.1 Purpose........................................
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationInteroperability Guidelines for Digital Signature Certificates issued under Information Technology Act
for Digital Signature Certificates issued under Information Technology Act Version 2.4 December 2009 Controller of Certifying Authorities Department of Information Technology Ministry of Communications
More informationCiphermail S/MIME Setup Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail S/MIME Setup Guide September 23, 2014, Rev: 6882 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 S/MIME 3 2.1 PKI...................................
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationOperational and Technical security of Electronic Passports
European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal
More informationInternational Journal of Management & Information Systems First Quarter 2012 Volume 16, Number 1
International Journal of Manageent & Inforation Systes First Quarter 2012 Volue 16, Nuber 1 Proposal And Effectiveness Of A Highly Copelling Direct Mail Method - Establishent And Deployent Of PMOS-DM Hisatoshi
More informationCertificate Policy for OCES personal certificates (Public Certificates for Electronic Services)
Certificate Policy for OCES personal certificates (Public Certificates for Electronic Services) - 2 - Contents Rights...4 Preface...5 Introduction...6 1 Overview and scope...7 2 References...8 3 Definitions
More informationSUPPORTING YOUR HIPAA COMPLIANCE EFFORTS
WHITE PAPER SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS Quanti Solutions. Advancing HIM through Innovation HEALTHCARE SUPPORTING YOUR HIPAA COMPLIANCE EFFORTS Quanti Solutions. Advancing HIM through Innovation
More informationCertificate Policies and Certification Practice Statements
Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationImplementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationA framework for performance monitoring, load balancing, adaptive timeouts and quality of service in digital libraries
Int J Digit Libr (2000) 3: 9 35 INTERNATIONAL JOURNAL ON Digital Libraries Springer-Verlag 2000 A fraework for perforance onitoring, load balancing, adaptive tieouts and quality of service in digital libraries
More informationPKI and OpenSSL part 1 X.509 from the user s and the client software s point of view
PKI and OpenSSL part 1 X.509 from the user s and the client software s point of view Version 0.5 Richard Levitte, mailto:levittelp.se November 18, 2003 A serie of lectures PKI and OpenSSL part 1: codex.509
More informationLocal Area Network Management
Technology Guidelines for School Coputer-based Technologies Local Area Network Manageent Local Area Network Manageent Introduction This docuent discusses the tasks associated with anageent of Local Area
More informationIntroduction ICAO PKD
Introduction ICAO PKD Higher Travel Security Dr. Hermann Sterzinger Veridos COO October 2015 Border control with epassports Certificates exchanged: CSCA Certificates Document Signer Certificates Certificate
More informationThe Concept of Trust in Network Security
En White Paper Date: August 2000 Version: 1.2 En is a registered trademark of En, Inc. in the United States and certain other countries. En is a registered trademark of En Limited in Canada. All other
More informationSearching strategy for multi-target discovery in wireless networks
Searching strategy for ulti-target discovery in wireless networks Zhao Cheng, Wendi B. Heinzelan Departent of Electrical and Coputer Engineering University of Rochester Rochester, NY 467 (585) 75-{878,
More informationCertificate Policy for OCES Employee Certificates (Public Certificates for Electronic Services) Version 5
Certificate Policy for OCES Employee Certificates (Public Certificates for Electronic Services) Version 5 - 2 - Contents Rights...4 Preface...5 Introduction...6 1 Overview and scope...7 2 References...8
More informationAn Integrated Approach for Monitoring Service Level Parameters of Software-Defined Networking
International Journal of Future Generation Counication and Networking Vol. 8, No. 6 (15), pp. 197-4 http://d.doi.org/1.1457/ijfgcn.15.8.6.19 An Integrated Approach for Monitoring Service Level Paraeters
More informationInternet Engineering Task Force (IETF) Request for Comments: 5758. EMC D. Brown Certicom Corp. T. Polk NIST. January 2010
Internet Engineering Task Force (IETF) Request for Comments: 5758 Updates: 3279 Category: Standards Track ISSN: 2070-1721 Q. Dang NIST S. Santesson 3xA Security K. Moriarty EMC D. Brown Certicom Corp.
More informationThe Direct Project. Implementation Guide for Direct Project Trust Bundle Distribution. Version 1.0 14 March 2013
The Direct Project Implementation Guide for Direct Project Trust Bundle Distribution Version 1.0 14 March 2013 Version 1.0, 14 March 2013 Page 1 of 14 Contents Change Control... 3 Status of this Guide...
More informationDATEVe:secure MAIL V1.1. ISIS-MTT-Assessment Report
DATEVe:secure MAIL V1.1 DATEV eg ISIS-MTT-Assessment Report Version 1.1 Date 08. July 2004 Hans-Joachim Knobloch, Fritz Bauspiess Secorvo Security Consulting GmbH Albert-Nestler-Straße 9 D-76131 Karlsruhe
More informationProgramme of Requirements part 3h: Certificate Policy Server certificates Private Services Domain (G3)
Programme of Requirements part 3h: Certificate Policy Server certificates Private Services Domain (G3) Appendix to CP Government/Companies (G1) and Organization (G2) domains Datum 27 July 2015 Private
More informationUnderstanding SSL for Apps
Understanding SSL for Apps Brook R. Chelmo Principal Product Marketing Manager SSL for Apps Brook R. Chelmo 1 Introduction SSL/TLS is a core technology; critical to secure communications The greatest challenge
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationCertipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
More informationProtecting Small Keys in Authentication Protocols for Wireless Sensor Networks
Protecting Sall Keys in Authentication Protocols for Wireless Sensor Networks Kalvinder Singh Australia Developent Laboratory, IBM and School of Inforation and Counication Technology, Griffith University
More informationMultiple electronic signatures on multiple documents
Multiple electronic signatures on multiple documents Antonio Lioy and Gianluca Ramunno Politecnico di Torino Dip. di Automatica e Informatica Torino (Italy) e-mail: lioy@polito.it, ramunno@polito.it web
More informationPreventing fraud in epassports and eids
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationAsymmetric cryptosystems fundamental problem: authentication of public keys
Network security Part 2: protocols and systems (a) Authentication of public keys Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Asymmetric cryptosystems fundamental
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationOption B: Credit Card Processing
Attachent B Option B: Credit Card Processing Request for Proposal Nuber 4404 Z1 Bidders are required coplete all fors provided in this attachent if bidding on Option B: Credit Card Processing. Note: If
More informationSWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement
SWITCHaai Metadata CA Certificate Policy and Certification Practice Statement Version 1.0, OID 2.16.756.1.2.6.7.1.0 July 15, 2008 Table of Contents 1. INTRODUCTION...6 1.1 Overview...6 1.2 Document name
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date - April 7, 2011 Published by authority of the Secretary General ICAO/NTWG SUB-WORKING GROUP FOR NEW SPECIFICATIONS td1 CARD File Author
More informationETSI TR 102 041 V1.1.1 (2002-02)
TR 102 041 V1.1.1 (2002-02) Technical Report Signature Policies Report 2 TR 102 041 V1.1.1 (2002-02) Reference DTR/SEC-004022 Keywords electronic signature, security 650 Route des Lucioles F-06921 Sophia
More informationETSI TS 102 778-3 V1.1.2 (2009-12) Technical Specification
TS 102 778-3 V1.1.2 (2009-12) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles
More informationMachine Readable Travel Documents
Doc 9303 Machine Readable Travel Documents Part 3 Machine Readable Official Travel Documents Volume 2 Specifications for Electronically Enabled MRtds with Biometric Identification Capability Approved by
More informationMTAT.07.017 Applied Cryptography
MTAT.07.017 Applied Cryptography Public Key Infrastructure (PKI) Public Key Certificates (X.509) University of Tartu Spring 2015 1 / 42 The hardest problem Key Management How to obtain the key of the other
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-4 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 4 Applications and Document Profiles Version 2.20 3. February 2015 History Version
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationA quantum secret ballot. Abstract
A quantu secret ballot Shahar Dolev and Itaar Pitowsky The Edelstein Center, Levi Building, The Hebrerw University, Givat Ra, Jerusale, Israel Boaz Tair arxiv:quant-ph/060087v 8 Mar 006 Departent of Philosophy
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationManaging Complex Network Operation with Predictive Analytics
Managing Coplex Network Operation with Predictive Analytics Zhenyu Huang, Pak Chung Wong, Patrick Mackey, Yousu Chen, Jian Ma, Kevin Schneider, and Frank L. Greitzer Pacific Northwest National Laboratory
More informationAn Approach to Combating Free-riding in Peer-to-Peer Networks
An Approach to Cobating Free-riding in Peer-to-Peer Networks Victor Ponce, Jie Wu, and Xiuqi Li Departent of Coputer Science and Engineering Florida Atlantic University Boca Raton, FL 33431 April 7, 2008
More informationAn Innovate Dynamic Load Balancing Algorithm Based on Task
An Innovate Dynaic Load Balancing Algorith Based on Task Classification Hong-bin Wang,,a, Zhi-yi Fang, b, Guan-nan Qu,*,c, Xiao-dan Ren,d College of Coputer Science and Technology, Jilin University, Changchun
More informationValidity Models of Electronic Signatures and their Enforcement in Practice
Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research
More informationEvaluating Inventory Management Performance: a Preliminary Desk-Simulation Study Based on IOC Model
Evaluating Inventory Manageent Perforance: a Preliinary Desk-Siulation Study Based on IOC Model Flora Bernardel, Roberto Panizzolo, and Davide Martinazzo Abstract The focus of this study is on preliinary
More informationSoftware Quality Characteristics Tested For Mobile Application Development
Thesis no: MGSE-2015-02 Software Quality Characteristics Tested For Mobile Application Developent Literature Review and Epirical Survey WALEED ANWAR Faculty of Coputing Blekinge Institute of Technology
More informationassociate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationDIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI)
DIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI) Prof. Amir Herzberg Computer Science Department, Bar Ilan University http://amir.herzberg.name Amir Herzberg, 2003. Permission
More informationPostSignum CA Certification Policy applicable to qualified personal certificates
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
More informationGuidelines and instructions on security for electronic data interchange (EDI) English translation 2011-06-23 based on Swedish version 2.
Guidelines and instructions on security for electronic data interchange (EDI) English translation 2011-06-23 based on Swedish version 2.0 This is an unofficial translation. In case of any discrepancies
More informationCertificates and network security
Certificates and network security Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline X.509 certificates and PKI Network security basics: threats and goals Secure socket layer
More informationEfficient Key Management for Secure Group Communications with Bursty Behavior
Efficient Key Manageent for Secure Group Counications with Bursty Behavior Xukai Zou, Byrav Raaurthy Departent of Coputer Science and Engineering University of Nebraska-Lincoln Lincoln, NE68588, USA Eail:
More informationRepresentation of E-documents in AIDA Project
Representation of E-documents in AIDA Project Diana Berbecaru Marius Marian Dip. di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi 24, 10129 Torino, Italy Abstract Initially developed
More informationImportant Compliance Information. How to obtain and use the new documents (if fillable PDF s are mentioned above)
Copliance This Copliance is being sent to infor you that one or ore of the docuents currently contained in your Wolters Kluwer Financial Services Bankers Systes software syste or electronic docuents odule
More informationWindows Server 2008 PKI and Certificate Security
Windows Server 2008 PKI and Certificate Security Brian Komar PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft Press title, for early preview, and is subject to change
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationPIV Data Model Test Guidelines
NIST Special Publication 800-85B PIV Data Model Test Guidelines Ramaswamy Chandramouli Ketan Mehta Pius A. Uzamere II David Simon Nabil Ghadiali Andrew P. Founds I N F O R M A T I O N S E C U R I T Y Computer
More informationPERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO
Bulletin of the Transilvania University of Braşov Series I: Engineering Sciences Vol. 4 (53) No. - 0 PERFORMANCE METRICS FOR THE IT SERVICES PORTFOLIO V. CAZACU I. SZÉKELY F. SANDU 3 T. BĂLAN Abstract:
More informationBiometrics, Tokens, & Public Key Certificates
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
More informationApplying for a passenger service licence
Applying for a passenger service licence To operate a goods, passenger, vehicle recovery or rental service the law requires individuals or copanies to hold the appropriate transport service licence. This
More informationNew for 2016! Get Licensed
Financial Manageent 2016 HS There s only one place you need to go for all your professional developent needs. The Power to Know. NEW Experience a different school of learning! New for 2016! Online courses
More informationPublic Key Infrastructure. A Brief Overview by Tim Sigmon
Public Key Infrastructure A Brief Overview by Tim Sigmon May, 2000 Fundamental Security Requirements (all addressed by PKI) X Authentication - verify identity of communicating parties X Access Control
More informationIdentification and Analysis of hard disk drive in digital forensic
Identification and Analysis of hard disk drive in digital forensic Kailash Kuar Dr. Sanjeev Sofat Dr. Naveen Aggarwal Phd(CSE) Student Prof. and Head CSE Deptt. Asst. Prof. CSE Deptt. PEC University of
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationHow To Protect Your Computer From Being Hacked In European Security Policy
Comparison of «ISIS-MTT 1.1» and «Politique de Référencement Intersectorielle de Sécurité v2 (PRISv2)» Report Comparison of «ISIS-MTT 1.1» and «Politique de Référencement Intersectorielle de Sécurité v2
More informationOctober 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationINTEGRATED ENVIRONMENT FOR STORING AND HANDLING INFORMATION IN TASKS OF INDUCTIVE MODELLING FOR BUSINESS INTELLIGENCE SYSTEMS
Artificial Intelligence Methods and Techniques for Business and Engineering Applications 210 INTEGRATED ENVIRONMENT FOR STORING AND HANDLING INFORMATION IN TASKS OF INDUCTIVE MODELLING FOR BUSINESS INTELLIGENCE
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationGrid Computing - X.509
Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic
More informationModeling Parallel Applications Performance on Heterogeneous Systems
Modeling Parallel Applications Perforance on Heterogeneous Systes Jaeela Al-Jaroodi, Nader Mohaed, Hong Jiang and David Swanson Departent of Coputer Science and Engineering University of Nebraska Lincoln
More information