application layer security Contents
|
|
- Cornelius Simpson
- 7 years ago
- Views:
Transcription
1 application layer security Tim Wright Communications Security and Advanced Development Group Vodafone Limited Contents Introduction to public key cryptography WAP security MExE and MExE security Introduction to Java / J2ME Issues and challenges for application layer security
2 Digital signatures and PK Secret key cryptography - good where you trust who you re talking to Public key crypto where you don t or have problems transmitting keys A private key for every public key Encrypt with public key and decrypt with private Or the reverse - sign with private key, verify with public Certificates Public keys can be public but could be changed Possibility of spoofing Certificate is a public key signed with a higher private key Need a public key to verify that private key End up with a root at the top Public Key Infrastructure, PKI, is: Certification Authorities (CA), from which certificates are obtained Registration Authorities (RA), that check identity of client before certificate is issued interfaces between these and other nodes
3 WAP - services Initially just browsing Future: mobile e-commerce downloaded scripts and applications telephony control (WTA) links to external devices WAP - security Transport security WTLS Application security WMLScript support for digital signature (SignText), end to end client authentication WAP identity module Storage and processing of sensitive security parameters Wireless PKI To support transport security and application security
4 WTLS WTLS is the wireless equivalent of SSL/TLS Extends from WAP client to WAP gateway or WAP server New certificate format WTLS certificate compact, but can only be used for WAP gateway/server authentication WAP clients need to be initialised with appropriate root public keys by trusted means - preferably on a SIM or at terminal manufacture end to end transport layer security is still WTLS, redirected to a new gateway Digital signatures in WAP WMLScript function in WML pages to call signing or client authentication function Allows users to sign web documents and forms and/or be authenticated to end point WML provider can receive and verify signed documents from users Can be used to secure e-commerce transactions Could provide non repudiation
5 WIM Specification of an interface to a security module No specification of hardware security (best solution is IC card) WIM uses RSA PKCS#15 specification for directory structure and ASN.1 encoding of cryptographic parameters WIM can be on separate IC card (ICC) same ICC as SIM integrated into SIM WPKI Definition of certificate profiles for WAP applications Standardised way for client to obtain a certificate Specifies installation of trusted root keys Provides method of securing WTA PKI not required if just WAP gateway/server authentication and traffic encryption is needed
6 Signed content in WAP EFI - External Function Interface (WAP 1.4) Framework for WMLScripts to access functions external to the phone - second ICC, IrDA, Bluetooth, GPS Signed content may be the security mechanism Signed content is to be used for WTA security in the long term WAP security - issues Few roots on the browser Will there be at least one root that is on all terminals? Or will VASP s need multiple certificates? Operator provided root on the SIM Installation of new roots on the terminal opens up PKI commercially opens up holes in WAP security Effect of false base station MSISDN pass through for user/client id Few roots - means no restrictions on what root certificates can be used for?
7 MExE Mobile Execution Environment Framework for download of scripts, applets, applications and phone software to mobile phones Making the phone more like a PC/PDA Standardised environment - write once, run anywhere MExE classmarks Classmark 1: applications are written in WMLScript Classmark 2: applications are written in Java MExE security Mobile code for mobile phones Downloaded code can make calls, change MMI, look at user data,. Dangerous! MExE therefore has untrusted and trusted applications Trusted applications are digitally signed by their originator and can do much more than untrusted applications
8 MExE trusted domains Three trusted execution domains Operator Manufacture Third party Trusted application can only execute if signature can be verified on the client Root public keys loaded onto terminal by secure means Operator and third party keys can be loaded onto SIM User permission in MExE Applications cannot be installed without user permission Applications cannot carry out functions without user permission Three types of user permission Single action Session Blanket Trade-off between flexibility of security architecture and usability of the service How much will user understand? How easy is it to fool the user?
9 A bit about Java Write once, run anywhere - platform independent Anywhere that has the Java Virtual Machine Code transmitted is small Designed to be secure, in that the JVM can control what functions and memory can be accessed by an application A bit more Java Java Application Programming Interfaces (API s) Java Virtual Machine Platform OS
10 Java Phone Phone manufacturers could write all the phone software in Java Enable easier software re-use, and easier development through standard O/S environment Download of upgrades via MExE PersonalJava is too big - kjava, KVM developed KVM Virtual Machine re-written from scratch API s re-written and optimised for limited devices Core API s have been defined Profiles, sets of mandatory and optional API s are being defined via Java Specification Requests (JSR s)
11 KVM uses KVM will bring phone and PDA together Download of applications to phone will be a reality Opportunities for services for fraud Security architecture not yet clear Untrusted code can still be dangerous The future s bright, it s a rainbow There are no issues with application layer security? Mobile network operator provides bearer services Security at the application layer provided by the value added service provider (VASP) Terminal and infrastructure manufacturers want terminals to support many services Increased terminal value Increased numbers of service providers Increased network usage - operators should be happy
12 Clouds on the horizon Operator wants to move up the value chain Operators concerned that they will be held responsible for fraud at the application layer Issues of trust - operators know each other - they don t know the VASP s But security implies control, and control implies control of services, commercial control Application layer security can become a battleground Challenges and opportunities New and more parties involved in service provision new, complex trust model Profit potential is enormous - security left by the wayside? Security is considered important Balance between flexibility and usability/security Let s keep the mobile Internet clean
Public-Key Infrastructure
Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationA Survey of Electronic Signature Development in Mobile Devices
A Survey of Electronic Signature Development in Devices 1, 2, 3 and 4 1 University of Murcia, Department of Information and Communications Engineering, maria@dif.um.es 2 University of Murcia, Department
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2 Technical Basics: Layer 1 Methods for Medium Access: Layer 2 Chapter 3 Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS Chapter
More informationA Survey of Electronic Signature Solutions in Mobile Devices
Antonio Ruiz-Martínez 1, Daniel Sánchez-Martínez 2, María Martínez-Montesinos 3 and 4 University of Murcia, Department of Information and Communications Engineering, 1 arm@dif.um.es, 2 dsm@dif.um.es, 3
More informationWireless Application Protocol (WAP)
Wireless Application Protocol (WAP) Definition Wireless application protocol (WAP) is an application environment and set of communication protocols for wireless devices designed to enable manufacturer-,
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationMobile IP and Wireless Application Protocol
Mobile IP and Wireless Application Protocol Mobile IP Uses Enable computers to maintain Internet connectivity while moving from one Internet attachment point to another Mobile user's point of attachment
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationResearch on Mobile E-business Security Model based on WPKI Technology and its Application
, pp.119-128 http://dx.doi.org/10.14257/ijsia.2015.9.7.11 Research on Mobile E-business Security Model based on WPKI Technology and its Application Yongsheng Luo Department of Electronic and Information
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationA KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL
A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL Wangjian, Xu Guoai, Zhangmiao National Engineering Laboratory for Disaster Backup and Recovery, Beijing University
More informationStep-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)
Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3) Most of the time through Operations Manager, you may require to monitor servers and clients that
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationPage 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file
1 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 1: Introduction to Computer s Security Introduction to Computer s Security 4. security services and mechanisms 3 Approach 4 Introduction to Computer
More informationMOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES
MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES Marko Schuba and Konrad Wrona Ericsson Research, Germany ABSTRACT This paper describes the Mobile Chip Electronic Commerce
More informationSecure Communication Requirements
Secure Communication Requirements 1993-2016 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise)
More informationSolution for Non-Repudiation in GSM WAP Applications
Solution for Non-Repudiation in GSM WAP Applications CRISTIAN TOMA, MARIUS POPA, CATALIN BOJA Economic Informatics Department Academy of Economic Studies Romana Square No. 6, Bucharest ROMANIA cristian.toma@ie.ase.ro
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationIST-2000-25350 - SHAMAN
IST-2000-25350 - SHAMAN Deliverable Number Deliverable Title Date of delivery Document Reference D04 Initial report on PKI requirements for heterogeneous roaming and distributed terminals SHA/DOC/RHUL/WP3/D04/1.0
More informationInternet ID - Flexible Re-use of Mobile Phone Authentication Security for Service Access
Internet ID - Flexible Re-use of Mobile Phone Authentication Security for Service Access Marko Schuba, Volker Gerstenberger, Paul Lahaije Abstract Identity management systems like.net Passport and the
More informationMCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory
More informationThe Preferred Payment Architecture Technical Documentation
Mobey Forum / LK 3.7.2001 1/45 The Technical Documentation Requirements for manufacturers and standardisation bodies Version 1.0 Approved by the Mobey BoD on 25.06.2001 Editor: Liisa Kanniainen Workgroup
More informationAD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx
AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationAdministration Guide. Wireless software upgrades
Administration Guide Wireless software upgrades SWDT207654-207654-0727045705-001 Contents Upgrading the BlackBerry Device Software over the wireless network... 3 Wireless software upgrades... 3 Sources
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationManaged Services PKI 60-day Trial Quick Start Guide
Entrust Managed Services PKI Managed Services PKI 60-day Trial Quick Start Guide Document issue: 3.0 Date of issue: Nov 2011 Copyright 2011 Entrust. All rights reserved. Entrust is a trademark or a registered
More informationSecurity Characteristics of Cryptographic Mobility Solutions
Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic
More informationBlackBerry Enterprise Server Wireless Software Upgrades Version: 4.1 Service Pack: 7. Administration Guide
BlackBerry Enterprise Server Wireless Software Upgrades Version: 4.1 Service Pack: 7 Administration Guide Published: 2009-10-30 SWDT207654-207654-1030044737-001 Contents 1 Upgrading the BlackBerry Device
More informationStrong Security in Multiple Server Environments
White Paper Strong Security in Multiple Server Environments VeriSign OnSite for Server IDs Contents 1. Introduction 1 2. Security Solutions: The Digital ID System 2 2.1. What Is a Digital ID? 2 2.2 How
More informationSecure Architecture for the Digital Rights Management of the M-Content
Proceedings of the 5th WSEAS Int. Conference on Information Security and Privacy, Venice, Italy, November 20-22, 2006 196 Secure Architecture for the Digital Rights Management of the M-Content ION IVAN,
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationAn Overview of Oracle Forms Server Architecture. An Oracle Technical White Paper April 2000
An Oracle Technical White Paper INTRODUCTION This paper is designed to provide you with an overview of some of the key points of the Oracle Forms Server architecture and the processes involved when forms
More informationCertificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006
Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006 1 1. Generating the Certificate Request In this procedure, you will use the Internet Information Services
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationCreating and Managing Certificates for My webmethods Server. Version 8.2 and Later
Creating and Managing Certificates for My webmethods Server Version 8.2 and Later November 2011 Contents Introduction...4 Scope... 4 Assumptions... 4 Terminology... 4 File Formats... 5 Truststore Formats...
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationIntroduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...
Hush Encryption Engine White Paper Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...4 Passphrase Requirements...4 Data Requirements...4
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationGenerate CSR for Third Party Certificates and Download Unchained Certificates to the WLC
Generate CSR for Third Party Certificates and Download Unchained Certificates to the WLC Document ID: 70584 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information
More informationArcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer
Arcot Systems, Inc. Securing Digital Identities FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Today s Agenda Background Who is Arcot Systems? What is an ArcotID? Why use
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationAgent Languages. Overview. Requirements. Java. Tcl/Tk. Telescript. Evaluation. Artificial Intelligence Intelligent Agents
Agent Languages Requirements Overview Java Tcl/Tk Telescript Evaluation Franz J. Kurfess, Cal Poly SLO 211 Requirements for agent Languages distributed programming large-scale (tens of thousands of computers)
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationThe Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone
832 The Fourth International Conference on Electronic Business (ICEB2004) / Beijing The Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone Chengyuan Ku *, Yenfang
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationReport to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999
Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks
More informationStrong Encryption for Public Key Management through SSL
Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key
More informationEMV-TT. Now available on Android. White Paper by
EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationDraft Middleware Specification. Version X.X MM/DD/YYYY
Draft Middleware Specification Version X.X MM/DD/YYYY Contents Contents... ii 1. Introduction... 1 1.2. Purpose... 1 1.3. Audience... 1 1.4. Document Scope... 1 1.5. Document Objectives... 1 1.6. Assumptions
More informationA Comparison of Secure Mechanisms for Mobile Commerce
A Comparison of Secure Mechanisms for Mobile Commerce Hann-Jang Ho 1 and RongJou Yang 2 1 Department of Computer Science and Information Engineering 2 Department of Information Management WuFeng Institute
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationSSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014]
SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP
More informationLinux Web Based VPN Connectivity Details and Instructions
Linux Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationCleaning Encrypted Traffic
Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationPrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationThreat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationInstallation Procedure SSL Certificates in IIS 7
Installation Procedure SSL Certificates in IIS 7 This document will explain the creation and installation procedures for enabling an IIS website to use Secure Socket Layer (SSL). Check IIS for existing
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationIBM Cloud Manager with OpenStack
IBM Cloud Manager with OpenStack Download Trial Guide Cloud Solutions Team: Cloud Solutions Beta cloudbta@us.ibm.com Page 1 Table of Contents Chapter 1: Introduction...3 Development cycle release scope...3
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationTETRA Security for Poland
TETRA ASSOCIATION TETRA Security for Poland Brian Murgatroyd TETRA ASSOCIATION former Chairman Security and Fraud Prevention Group Warren Systems (SFPG) Independent Security Consultant brian@warrensystems.co.uk
More informationTax Control and Security of M-Commerce in 3G Environments. ZheJiang WanLi University pantiejunmail@126.com
Tax Control and Security of M-Commerce in 3G Environments PAN Tie-Jun, ZHENG Lei-na, BAI Lingbing ZheJiang WanLi University pantiejunmail@126.com Abstract This paper seeks to integrate different impressive
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationSmart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER
Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER Table of Contents.... About This Paper.... 3 Introduction... 3 Smart Card Overview.... 3 Getting Started... 4 Authenticating
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationRSA Authentication Agent 7.1 for Web for IIS 7.0 and 7.5 Installation and Configuration Guide
RSA Authentication Agent 7.1 for Web for IIS 7.0 and 7.5 Installation and Configuration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers:
More informationSSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service
Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT
More informationSEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2
SEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2 Table of Contents 1 Introduction...2 2 Procurement of DSC...3 3 Installation of DSC...4 4 Procedure for entering the DSC details of
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More information