UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS

Size: px
Start display at page:

Download "UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS"

Transcription

1 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT TOEGEPASTE WETENSCHAPPEN DEPARTEMENT COMPUTERWETENSCHAPPEN Celestijnenlaan 200A, B-3001 Leuven UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS Promotor: Prof. Dr. ir. B. DE DECKER Proefschrift voorgedragen tot het behalen van het doctoraat in de toegepaste wetenschappen door Elsie VAN HERREWEGHEN Oktober 2004

2

3 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT TOEGEPASTE WETENSCHAPPEN DEPARTEMENT COMPUTERWETENSCHAPPEN Celestijnenlaan 200A, B-3001 Leuven UNIDENTIFIABILITY AND ACCOUNTABILITY IN ELECTRONIC TRANSACTIONS Jury: Prof. H. Van Brussel, voorzitter Prof. B. De Decker, promotor Prof. F. Piessens Prof. B. Preneel Prof. P. Verbaeten Prof. R. Molva (Institut Eurécom, Sophia Antipolis, France) Prof. K. Rannenberg (Goethe Univ. Frankfurt am Main, Germany) Proefschrift voorgedragen tot het behalen van het doctoraat in de toegepaste wetenschappen door Elsie VAN HERREWEGHEN U.D.C *I21 Oktober 2004

4 c Katholieke Universiteit Leuven Faculteit Toegepaste Wetenschappen Arenbergkasteel, B-3001 Heverlee-Leuven (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektronisch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2004/7515/63 ISBN

5 Acknowledgements This work has been performed at the IBM Zurich Research Laboratory in cooperation with the Katholieke Universiteit Leuven. I thank my employer, IBM Research, for giving me the opportunity to conduct the research reported on in this work and specifically Michael Waidner, Douglas Dykeman and Matthias Schunter for allowing me to complete part of the final writing on IBM time. I am very grateful to Bart De Decker for having accepted to supervise this PhD thesis and for his continuous support, feedback and help. His positive and constructive feedback to my initial PhD plans and proposal contributed to my confidence in this project and helped me take the necessary steps to realize it. I also want to thank him for many fruitful discussions and for his thorough reading of and constructive comments on earlier versions of this work. He also helped me with many practical issues which were difficult for me to deal with remotely. Thank you! I am grateful to Professors Bart Preneel, Frank Piessens, Pierre Verbaeten, Refik Molva and Kai Rannenberg who kindly accepted to be members of the jury and to Professor Hendrik Van Brussel for accepting to chair it. I thank Bart Preneel for his in-depth reading and useful comments for improvement of the text and Frank Piessens for advice and help when completing my text. The following people readily agreed to include co-authored material in this manuscript: Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Michael Waidner, N. Asokan and Jan Camenisch. I want to thank them for that. Both Asokan and Michael Steiner I want to thank for sharing their initial thoughts on dispute handling with me and for many interesting discussions on the subject. Working with them triggered my interest in fairness and accountability and inspired my later work. A special word of gratitude goes to Gene Tsudik, with whom I also have had the pleasure to work for a number of years. His encouragement, positive feedback and invitations for cooperation during my first years with IBM have helped me find my way in this international research environment. Jan Camenisch guided me on the path of anonymous credentials and I am very grateful to him. The Idemix project and our ACM CCS paper have provided me with the inspiration how to extend my earlier work into a PhD. I want to thank him in particular for his readiness, time and patience explaining the workings of a system like Idemix to a non-cryptographer. I want to thank many friends and colleagues for lifting my spirits and for motivating words. I cannot list all of them but want to thank in particular Angelo Tosi, Anouschka Van Loon, Anthony Bussani, Klaus Kursawe, Marc Dacier, Muriel Dacier, Liba Svobodova, Marilyne Sousa Petit and Sonja Buchegger. I want to thank my family in Belgium and Indiana too many names to mention for their moral support throughout this work, often in s and phone calls. A special thanks goes to my parents for many years of encouragement and support and for again continuously encouraging me in the course of this particular endeavor. A big and very special thanks goes to my husband Paolo for his support and encouragement, for putting up with a summer without real vacations, and for taking care of our son Luca when I was working he made it possible for me to finish this. Seeing Luca come home happy and smiling after various fun outings with papà was the best support I could imagine. i

6 ii

7 Abstract Accountability, the possibility to hold an individual responsible for his actions, is an important aspect of electronic commerce transactions. Public-key signatures and infrastructures are typical means for achieving accountability: a digital signature which can be verified with a certain public key is attributed to the individual to whom the public key is certified to belong according to a certificate issued by a trusted certification authority. Accountability thus seems to imply identifiability. On the other hand, privacy concerns of users motivate the demand for systems where they can interact with various services in an unidentifiable way. The goal of this work is to demonstrate compatibility of unidentifiability and accountability. One part of this work deals with the notion of accountability. We illustrate protocol design for accountablity with the ikp payment system for secure credit and debit card payments. We then describe a language and framework for supporting accountability claims in payment systems. Using this claim language, we compare two electronic payment protocols with respect to their accountability features. A second part of this work deals with introducing unidentifiability in electronic transactions while preserving or even improving accountability. We introduce the notion of liability-enhanced public-key infrastructure and liability-enhanced certificates in which users take precise liabilities for the certificates they request and issuers take precise liabilities for the certificates they issue. In such an infrastructure, we show that any level of accountability can be achieved even when users act under pseudonyms, i.e., use certificates issued on pseudonyms rather than user identities. We then introduce Idemix, an anonymous credential system. Its credentials are issued on pseudonyms; different pseudonyms of the same user cannot be linked to each other or to the user; and different uses of the same credential cannot be linked to each other: when a user shows a credential, he only proves possession of a credential with certain attributes. At the same time, Idemix allows for enforcement of accountability through its optional features of identity-based registration and de-anonymization; both processes can be assigned to dedicated and trusted entities other than the regular credential issuers. We describe authentication, accountability and linkability characteristics of the various Idemix building blocks and illustrate how to use these descriptions in analyzing security and unidentifiability features of larger Idemix-based applications. We formulate recommendations for the design of systems with maximal unidentifiability and show that the potential of unidentifiability can be maximized if authentication and accountability requirements are derived from concrete risks. iii

8 iv

9 Contents 1 Introduction Introduction Terminology Identity-Based vs. Attribute-Based Authentication and Authorization Certificates and Credentials Belief, Provability, Accountability and Liability Pseudonymity, Anonymity, Linkability and (Un-)Identifiability Accountability in Public-Key Based Systems Protocol Design: Authentication vs. Accountability Overall System Design for Accountability Liabilities and Guarantees Authentication and Accountability in Anonymous Transactions Attribute-Based Authorization Avoiding Linkability of Transactions Re-Identification Prevention vs. Detection of Fraud and Misuse Anonymous Credentials Incentives and Disincentives for Accountability and Unidentifiability Accountability Privacy and Unidentifiability Goal and Scope of This Work Notation A Secure Account-Based Electronic Payment System 17 Preamble Introduction and Overview History and Related Work Payment Model Security Requirements The ikp Protocol Family KP v

10 vi Contents KP KP Comparison of the Protocols ZiP: Implementation and Deployment Protocol scenarios Implementation Rationales and Explanations Architecture Deployment Postscript Accountability and Dispute Handling in Payment Systems 45 Preamble Introduction Importance of Dispute Handling in Electronic Commerce Handling Disputes Expressing Dispute Claims What to Dispute? Value Transfers as Primitive Transactions Statements of Dispute Claims Supporting Claims with Evidence Architecture for Dispute Handling Evidence and Trust An Example: Evidence Tokens in ikp Summary and Conclusion Postscript Analysis of Accountability Features in SET and ikp 67 Preamble Introduction High-Level Payment Protocol Description Proving Authorizations of Primitive Transactions SET SET Protocol Overview Evidence of Authorizations Discussion Recommendations ikp ikp Protocol Overview Evidence of Authorizations Discussion

11 Contents vii 4.6 Summary Postscript Secure Anonymous Signature-Based Transactions 85 Preamble Introduction Pseudonymizing a Generic Payment System The Generic Payment Protocol Requirements for a Secure Pseudonymized Version Design for Maximum Security: PS On-line, CERT P Linked to Transaction Alternative Design: Off-Line PS Discussion Generalized Signatures and Liabilities Liability-Aware Certificates A Generic Pseudonym Server CERT REQ, CERT RES The Liabilities in CERT P Example: Auction Related and Future Work Conclusion PostScript An Anonymous Credential System 103 Preamble Introduction Idemix Protocols, Pseudonyms and Credentials Basic Credential Protocols Credential Options and Attributes Parameters of the Show Protocol Credential System Primitives Pseudonyms Credentials CredShowFeatures Protocol Primitives The Idemix Prototype OrgNymSystem and UserNymSystem Token-Based Interfaces UserSyncNymSystem and OrgSyncNymSystem Synchronous Interfaces DeAnOrgNymSystem Communication Persistent Data Storage

12 viii Contents Building Applications: Granting and Processing Requests An Example Scenario: An Anonymous Subscription to the New York Times Creating and Configuring the User and Organizations User Credential Manager and Browser Plug-In Deployment Considerations Idemix as a Generic Attribute-Based Authentication System The Role of Authenticated Communication in Linking Transactions Based on Idemix Authentication Deploying Idemix as a Privacy-Enhanced Public-Key Infrastructure with External Certification Infrastructural Issues: User Registration and Organization Updates Conclusions and Future Work Postscript Designing Applications Using Idemix Anonymous Credentials Introduction Primitives and Parameters of the Anonymous Credential System Basic primitives Signed Nym Registration Root Nym Registration Assertions on Nyms, Credentials and Transcripts Resulting from Interactive Protocols Nym Registration Signed Nym Registration Root Nym Registration Credential Issuing Showing a Credential Not Relative to a Nym Showing a Credential Relative to a Nym Local Operations on Transcripts Local De-Anonymization Global De-Anonymization Double-Spending Detection Assertions on Linkability Anonymity, Linkability and Identifiability Nym Registration Signed Nym Registration Root Nym Registration Issuing of a Non-Unique Credential Issuing of a Unique Credential Unconditionally Unidentifable Showing of a Credential Showing a Credential with Unique Parameters

13 Contents ix Showing a Credential Relative to a Nym Showing a Credential with De-Anonymizaton Showing a One-Show Credential Additional Procedures and Functionality More On Global De-Anonymization Revocation Certification Designing an Application Introducing the LostFound Application Key Material, External Certificates and Idemix Certificates Security of the Communication Channels Protocols for Registration and Service Access Verifying Organizations Accountability Requirements Verifying User Unidentifiability Requirements Trust, Accountability, Liability and Certification Trust by Users and Organizations in De-Anonymization Trust by Organizations in the System Certificates, Liabilities and Contracts A Scenario Illustrating Trust in Accountability and Unidentifiability Conclusion Certificate- and Credential-Based Anonymous Payments Introduction Payment Protocols Based on Certificates Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Payment Systems Based on Anonymous Credentials Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Analysis of Accountability and Unidentifiability of the Various Payment Protocols Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Additional Remarks on the Use of Certificates vs. Anonymous Credentials Risks Related to a Breakdown of the Credential System or Compromise of Secrets Conclusion From Identity-Based to Risk-Driven Design Non-Anonymous Applications Based On Anonymous Credentials

14 x Contents An Example Application Based on Certificates The Example Application Based on Credentials Conclusion Risk-Driven Design The Principles Revisited Risk-Driven Application Design: An Example Risk-Driven Application Design: General Method Description Risk-Driven Application Design And Design Principles for Accountability and Unidentifiability Conclusion Related Research Conclusions Summary of Contributions Summary of Conclusions Avenues for Future Work Bibliography 225 List of Publications 233 Biography 235 A Summary in Dutch i

15 List of Figures 2.1 Generic Model of a Payment System Keys and Cryptograhic Primitives Used in ikp Protocols Definitions of Atomic Fields Used in ikp Protocols Framework of ikp Protocols KP Protocol KP Protocol KP Protocol The Payment Clearance/Capture Scenario The Status Inquiry Scenario ZiP Implementation Architecture An Example Payment Transaction Value Transfer Transactions Semantics of Dispute Statements Basic Dispute Protocol Simplified ikp Protocol Global States in ikp Generic Credit Card Payment Protocol Value Transfer Transactions SET Payment with On-Line Authorization KP Payment with On-Line Authorization Generic Payment Protocol Pseudonymized Payment Protocol: On-Line PS, One-Time Pseudonym Certificate Pseudonymized Payment Protocol: Off-line PS Generic Pseudonym Server Basic Credential System Protocols De-Anonymization User, Org, and DeAnOrg Components User, Org and DeAnOrg Token-Based and Synchronous Interfaces xi

16 xii List of Figures 6.5 An Organization Application UserCredential Manager Anonymous Credential System: Overview of Basic Primitives Anonymous Credential System: Key Material and Parametrized Primitives Anonymous Credential System: Parameter Types and Contents Anonymous Credential System: Signed Nym Registration Anonymous Credential System: Root Nym Registration Global De-Anonymization Using Local De-Anonymization: V and I Cooperating Global De-Anonymization Using Local De-Anonymization: V Verifying Linking of Nyms Example Application: Key Material and Registration Example Application: Accessing LostFound Example Application: Local and Global De-Anonymization A Scenario Illustrating Trust in Accountability and Unidentifiability Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Example Certificate-Based Application: Participants, Key Material and Protocol Flows Example Credential-Based Application: Participants, Key Material and Protocol Flows Risk/Options Analysis for L LostFound Application Design

17 List of Tables 2.1 Comparison of the ikp Payment Protocols Protocol Flags Used in ZiP Attributes and Operators of Primitive Transactions Grammar for the Payment Dispute Claim Language Information of Players in a Completed ikp Transaction Mapping Evidence to Dispute Statements in ikp SET Atomic and Composite Fields ikp Atomic and Composite Fields Generic Certificate Format Example Application: Parameters of Assertions and Primitives Certificate Contents for the LostFound Example Non-Pseudonymous Account-Based Payment Protocol Based on Certificates Pseudonymous Account-Based Payment Protocol Based on Certificates Account-Based Payment Protocol Based on Anonymous Credentials Pre-Paid Payment Protocol Based on Anonymous Credentials Example Certificate-Based Applicaton: Certificate and Message Contents Example Certificate-Based Application: Evidence and Provable Statements Example Credential-Based Application: Certificate and Message Contents Example Credential-Based Application: Evidence and Provable Statements xiii

18 xiv List of Tables

19 Chapter 1 Introduction 1.1 Introduction A public-key infrastructure (PKI) can offer a secure and scalable solution for authentication and secure communication in electronic transactions. Using public-key certificates issued by a trustworthy certification authority, participants in an electronic transaction can authenticate to each other without prior sharing of a secret; this authentication also allows participants to establish communication channels with various security properties such as authentication, integrity-protection and confidentiality-protection of the data exchanged. An important application of public-key cryptography and public-key infrastructures is the digital signature (short: signature) application. A digital signature is generated using the private signature key belonging to a signer and can be verified using the public key associated with this private signature key. A digitally signed (short: signed) message or other piece of information allows to securely attribute the signed information to one possible originator, namely the unique holder of the private signature key. This feature forms the basis for claims of non-repudiation, the impossibility for the signer of a document to later successfully repudiate having signed that document. Throughout this work, we will rather use the term accountability, i.e., the possibility to hold the sender (signer) of a message accountable or responsible for the message and its contents. Accountability requires identifiability, i.e., the possibility to assign a signature key, and thus a signed message, to a particular individual, organization or company. To this end, conventional public-key certificates bind an identity or name to a public key; this allows the party successfully verifying a signature with this key to assign the signed contents to the entity with that name or identity. While the cryptographic technology supporting accountability exists, many public-key based applications and infrastructures cannot claim this property. It is indeed far from trivial to design an operational system where actions and messages can be said to be accountable: the supporting public-key infrastructure has to fulfil a number of stringent security and accountability requirements (see Sections 1.2.3, and 1.3.3). Also, accountability requirements have to be explicitly stated and taken into account in the transaction protocol design. On the other hand, privacy concerns of users in e-commerce and other electronic transaction environments motivate the demand for protocols and systems where users can interact with various servers and organizations without their identity becoming known. Designing a secure and accountable system where actions can be unidentifiable may then seem like an impossible task, as accountability requires identification of an actor. This work deals with accountability and unidentifiability in electronic transactions. It discusses the design and analysis of systems based on accountability requirements and explores the potential for unidentifiability in systems with high requirements on security and accountability. 1

20 2 Chapter 1. Introduction The remainder of this chapter is organized as follows. In Section 1.2, we first introduce some terminology related to accountability and unidentifiability. Section 1.3 then discusses requirements and challenges related to achieving accountability in electronic transactions. Section 1.4 discusses different concepts and techniques that can introduce unidentifiability in electronic transactions while preserving or enabling accountability properties. Section 1.5 discusses incentives and disincentives for accountability and unidentifiability. Section 1.6 describes the scope and goal of this work. 1.2 Terminology In this section, we introduce some terminology and concepts related to unidentifiability and accountability as they will be used in this work Identity-Based vs. Attribute-Based Authentication and Authorization Authentication is a service related to identification. Entity authentication as well as message authentication corroborate the identity of an entity (e.g., a person, a computer, etc.) associated with a communication channel or with a specific piece of information [91]. In traditional systems for access control, an entity s authorization to perform an action or to act under a certain role is typically derived from such identity authentication. This identity may have a global meaning, or it may only have a meaning to some participants in the system; it may also be a pseudonym as defined in the next section. In identity-based authorization, the authorization decision is thus based on the authenticated identity or pseudonym; the verifying (and authorizing) party derives necessary access rights from this identity or pseudonym. Identity authentication of an authenticating party A to a verifying party (also called relying party) V can be achieved using a digital certificate certifying the linking between A s public key and his identity; this linking is certified (signed) by a trusted entity such as a certification authority CA. A can now convince V of his identity by proving knowledge of the associated private key. In this work, we will also discuss attribute authentication and attribute-based authorization. With attribute authentication, an authenticating party A convinces a verifying party V of the fact that A owns certain attributes; these attributes may but need not be unique to A and need not correspond to an identity. Examples of attributes are the right to access a certain resource or the age of the attribute holder. We will use the term proving ownership of an attribute both for proving the exact value of an attribute (access right, age) as for proving a property of the attribute (e.g., age 18). As is the case with identity authentication, the fact that A owns an attribute needs to be certified by a trusted authority. Using conventional certificates, this certification is realized by including the attributes in A s certificate. Using credentials as defined in Section 1.2.2, it is realized in a similar way, i.e., by the certificate issuer signing a piece of information including the attributes and a public value associated with A s secret. As with certificates, A can then prove ownership of an attribute certified in a credential by proving knowledge of this secret. Attribute-based authorization will then allow A to perform an action, such as accessing a resource, based on the ownership of one or more attributes, rather than on his identity or on access rights derived from it by a relying party. In the context of attribute-based authorization, the term attribute covers more than only the fields in a certificate or credential carrying that name. It may stand for any property of the certificate or credential, other than the identity of the certificate holder, from which the relying party can derive necessary privileges. E.g., the fact that the certificate or credential used for authentication is signed by a certain issuer (i.e., can be verified using a specific public key) may be considered to be an attribute. Also, attribute-based authorization does not exclude that the certificate or credential may contain an identity or pseudonym; only, the authorization decision is not based on it. E.g., in the Secure Electronic Transactions (SET) [104] protocol for credit card payments, the customer s account number is not visible

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005 Payment Systems for E-Commerce Shengyu Jin 4/27/2005 Reference Papers 1. Research on electronic payment model,2004 2. An analysis and comparison of different types of electronic payment systems 2001 3.

More information

Shop floor design: layout, investments, cross-training, and labor allocation. Jos Bokhorst

Shop floor design: layout, investments, cross-training, and labor allocation. Jos Bokhorst Shop floor design: layout, investments, cross-training, and labor allocation Jos Bokhorst Published by: Labyrint Publications Pottenbakkerstraat 15-17 2984 AX Ridderkerk The Netherlands Tel: +31 (0) 1804-63962

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

PRIME. Privacy and Identity Management for Everyone/Europe. Thomas Gross (IBM Research) with a PRIME hat on. www.prime-project.eu

PRIME. Privacy and Identity Management for Everyone/Europe. Thomas Gross (IBM Research) with a PRIME hat on. www.prime-project.eu PRIME Privacy & Identity Management for Europe PRIME Privacy and Identity Management for Everyone/Europe Thomas Gross (IBM Research) with a PRIME hat on www.prime-project.eu May 2007 2007 IBM Corporation

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

Alternative authentication what does it really provide?

Alternative authentication what does it really provide? Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

A privacy-preserving ticketing system

A privacy-preserving ticketing system A privacy-preserving ticketing system Kristof Verslype Pieter Verhaeghe Jorn Lapon Girma Nigusse Vincent Naessens Bart De Decker Report CW 523, October 2008 n Katholieke Universiteit Leuven Department

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

SECTION.0100 - GENERAL ADMINISTRATION

SECTION.0100 - GENERAL ADMINISTRATION 1 1 1 1 1 1 0 1 0 1 SECTION.00 - GENERAL ADMINISTRATION.01 HOW TO CONTACT THE ELECTRONIC COMMERCE SECTION The North Carolina Department of the Secretary of State administers the Electronic Commerce Act.

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to

More information

Design and Implementation of the idemix Anonymous Credential System

Design and Implementation of the idemix Anonymous Credential System Design and Implementation of the idemix Anonymous Credential System Jan Camenisch and Els Van Herreweghen IBM Research, Zurich Research Laboratory 8803 Rüschlikon Switzerland {jca,evh}@zurich.ibm.com ABSTRACT

More information

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures, TTP.NL Scheme for management system certification of Trust Service Providers issuing Qualified Certificates for Electronic Signatures, Public Key Certificates, Website Certificates and / or Time-stamp

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Glossary of Key Terms

Glossary of Key Terms and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 6 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia Miscellaneous Publication Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia SAA MP75 1996 STRATEGIES FOR THE IMPLEMENTATION OF A PUBLIC KEY AUTHENTICATION FRAMEWORK

More information

Network-based Access Control

Network-based Access Control Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although

More information

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS)

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS) ComSign Ltd. TM Security Certificate Approval Regulations For SSL Websites (CPS) Version 1.2 Publication date: [14/12/2008 ] Recommended effective date: [14/12/2008] ComSign Building 4, Kiryat Atidim,

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

York County Sheriff's Office Identity Theft Victim s Packet

York County Sheriff's Office Identity Theft Victim s Packet York County Sheriff's Office Identity Theft Victim s Packet Information and Instructions This packet should be completed once you have received a copy of your police report from the York County Sheriff's

More information

CALIFORNIA SOFTWARE LABS

CALIFORNIA SOFTWARE LABS ; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite

More information

CS 6262 - Network Security: Public Key Infrastructure

CS 6262 - Network Security: Public Key Infrastructure CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor 1/30/13 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute

More information

Privacy in New Mobile Payment Protocol

Privacy in New Mobile Payment Protocol in New Mobile Payment Protocol Tan Soo Fun, Leau Yu Beng, Rozaini Roslan, and Habeeb Saleh Habeeb Abstract The increasing development of wireless networks and the widespread popularity of handheld devices

More information

GEOSURE PROTECTION PLAN

GEOSURE PROTECTION PLAN GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

CS 6262 - Network Security: Public Key Infrastructure

CS 6262 - Network Security: Public Key Infrastructure CS 6262 - Network Security: Public Key Infrastructure Professor Patrick Traynor Fall 2011 Meeting Someone New 2 What is a certificate? A certificate makes an association between a user identity/job/ attribute

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Adobe PDF for electronic records

Adobe PDF for electronic records White Paper Adobe PDF for electronic records Digital signatures and PDF combine for definitive electronic records and transactions Contents 1 PDF and electronic records 2 Digital certification 3 Validating

More information

ComSign Ltd. Certification Practice Statement (CPS)

ComSign Ltd. Certification Practice Statement (CPS) ComSign Ltd. Certification Practice Statement (CPS) Procedures relating to issuing electronic certificates that comply with provisions of the Electronic Signature Law and its regulations. Version 3. 1.1.

More information

Digital identity: Toward more convenient, more secure online authentication

Digital identity: Toward more convenient, more secure online authentication Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based

More information

Digital Certificate Infrastructure

Digital Certificate Infrastructure Digital Certificate Infrastructure Frequently Asked Questions Providing secure, low cost, and easy access to distributed instructional and research resources is a growing problem for campus library and

More information

A Practical Guide to Dutch Building Contracts

A Practical Guide to Dutch Building Contracts A Practical Guide to Dutch Building Contracts A Practical Guide to Dutch Building Contracts M.A.B. Chao-Duivis A.Z.R. Koning A.M. Ubink 3 rd edition s-gravenhage - 2013 3 rd edtion ISBN 978-90-78066-76-7

More information

Building Consumer Trust Internet Payments

Building Consumer Trust Internet Payments Building Consumer Trust Internet Payments Leading Co-Chair (Europe/Africa): Co-Chair (Asia/Oceania): Hermann-Josef Lamberti Executive Vice President & Member of the Board Deutsche Bank Toshiro Kawamura

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

NON-REPUDIATION WITH MANDATORY PROOF OF RECEIPT

NON-REPUDIATION WITH MANDATORY PROOF OF RECEIPT NON-REPUDIATION WITH MANDATORY PROOF OF RECEIPT ABSTRACT Tom Coffey and Puneet Saidha University of Limerick Ireland Non-repudiation allows an exchange of data between two principals in such a manner that

More information

Strategic Interactions in Franchise Relationships. Evelien Croonen

Strategic Interactions in Franchise Relationships. Evelien Croonen Strategic Interactions in Franchise Relationships Evelien Croonen Publisher: Labyrinth Publications Pottenbakkerstraat 15 17 2984 AX Ridderkerk The Netherlands Print: Offsetdrukkerij Ridderprint B.V.,

More information

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES Pursuant to article 78 and 83, paragraph 1 of the Constitution, upon the proposal of the Council of Ministers, THE ASSEMBLY OF THE REPUBLIC

More information

Intrinsic Limitations of Digital Signatures and How to Cope With Them

Intrinsic Limitations of Digital Signatures and How to Cope With Them Intrinsic Limitations of Digital Signatures and How to Cope With Them Ueli Maurer Department of Computer Science ETH Zurich CH-8092 Zurich, Switzerland, maurer@inf.ethz.ch Abstract. Digital signatures

More information

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure CSE543 - Introduction to Computer and Network Security Module: Public Key Infrastructure Professor Trent Jaeger 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Digital Identity Management

Digital Identity Management Digital Identity Management Techniques and Policies E. Bertino CS Department and ECE School CERIAS Purdue University bertino@cs.purdue.edu Digital Identity Management What is DI? Digital identity (DI)

More information

Opinion 04/2012 on Cookie Consent Exemption

Opinion 04/2012 on Cookie Consent Exemption ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is

More information

LAW ON PLEDGE OF MOVABLE ASSETS REGISTERED IN THE PLEDGE REGISTRY I. GENERAL PROVISIONS

LAW ON PLEDGE OF MOVABLE ASSETS REGISTERED IN THE PLEDGE REGISTRY I. GENERAL PROVISIONS LAW ON PLEDGE OF MOVABLE ASSETS REGISTERED IN THE PLEDGE REGISTRY (Published in the Official Gazette of the Republic of Serbia No. 57/03, 61/05, 64/06) I. GENERAL PROVISIONS Subject Matter of the Law Art.

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Qualified mobile electronic signatures: Possible, but worth a try?

Qualified mobile electronic signatures: Possible, but worth a try? Qualified mobile electronic signatures: Possible, but worth a try? Lothar Fritsch 1, Johannes Ranke 2, Heiko Rossnagel 1 Interest level of audience: 3 - for application developers (interested in IT security)

More information

IEEE Journal of Selected Areas in Communications, VOL?, NO.?,? 2000 1 Design, Implementation and Deployment of the ikp Secure Electronic Payment System Mihir Bellare, Juan A. Garay, Ralf Hauser, Amir Herzberg,

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

National Certification Authority Framework in Sri Lanka

National Certification Authority Framework in Sri Lanka National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document

Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document This law sets organizational, legal grounds for use of Electronic signature and Electronic document, their application

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems

More information

What Are Certificates?

What Are Certificates? The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form

More information

Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe

Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe Utility Storage r Many different target audiences r Business r Content distribution r Off-site backup r Archival r Consumer r Content

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

Introduction. About Image-X Enterprises. Overview of PKI Technology

Introduction. About Image-X Enterprises. Overview of PKI Technology Digital Signature x Introduction In recent years, use of digital or electronic signatures has rapidly increased in an effort to streamline all types of business transactions. There are two types of electronic

More information

SECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS

SECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark

More information

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status 10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

West Palm Beach Police Department s Identity Theft Victim s Packet

West Palm Beach Police Department s Identity Theft Victim s Packet West Palm Beach Police Department s Identity Theft Victim s Packet Information and Instructions This packet should be completed once you have contacted West Palm Beach Police Department and obtained a

More information

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

Forms Packet Copyright 2013

Forms Packet Copyright 2013 Forms Packet Copyright 2013 ACES Print only what is needed The instructions and terms/conditions must be read but do not need to be printed. Please print only the pages you need to send to IdenTrust. For

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Understanding E-Signatures: A Beginner s Guide

Understanding E-Signatures: A Beginner s Guide Understanding E-Signatures: A Beginner s Guide Content Summary 1 Overview 2 Technology / Terminology Electronic signatures have seen significant adoption in the past decade within insurance, lending, government

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

White Paper: Multi-Factor Authentication Platform

White Paper: Multi-Factor Authentication Platform White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all

More information

Modelling, Design, and Analysis of Secure Mobile Payment Systems

Modelling, Design, and Analysis of Secure Mobile Payment Systems Modelling, Design, and Analysis of Secure Mobile Payment Systems Supakorn Kungpisdan A Thesis Submitted for Fulfillment of the Requirements for the Degree of Doctor of Philosophy Faculty of Information

More information

Privacy by Design in Federated Identity Management

Privacy by Design in Federated Identity Management 1 Privacy by Design in Federated Identity Management Interpreting Legal Privacy Requirements for FIM and Comparing Risk Mitigation Models 2015 International Workshop on Privacy Engineering IWPE 15 - MAY

More information

How much do you pay for your PKI solution?

How much do you pay for your PKI solution? Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.

More information

Inter-domain authorization and delegation for business-to-business e-commerce.

Inter-domain authorization and delegation for business-to-business e-commerce. Inter-domain authorization and delegation for business-to-business e-commerce. Pietro Michiardi and Refik Molva {First Name.Last Name}@eurecom.fr Institut Eurécom, 2229 Route des Crêtes BP 193 06904 Sophia-Antipolis

More information

ELECTRONIC SIGNATURES FACTSHEET

ELECTRONIC SIGNATURES FACTSHEET ELECTRONIC SIGNATURES FACTSHEET Electronic signatures mean that you can exchange information with others electronically and securely safe in the knowledge that everyone is who they claim to be and that

More information

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

Investigation and Prosecution of Identity Theft

Investigation and Prosecution of Identity Theft Investigation and Prosecution of Identity Theft In an effort to assist you in dealing with problems related to Identity Theft, the Menomonee Falls Police Department has prepared this packet of information

More information

Bankruptcy Act. (Act No. 75 of June 2, 2004)

Bankruptcy Act. (Act No. 75 of June 2, 2004) Bankruptcy Act (Act No. 75 of June 2, 2004) Chapter I General Provisions (Article 1 to Article 14) Chapter II Commencement of Bankruptcy Proceedings Section 1 Petition for Commencement of Bankruptcy Proceedings

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information