HSM: A Must Have. Applications are everywhere SafeNet Inc. All rights reserved.
|
|
- Posy Thornton
- 8 years ago
- Views:
Transcription
1 What is an HSM
2 HSM: A Must Have Applications are everywhere
3 HSM: A Must Have Secrecy, Control, Payment, Rights are all attributes of applications Security & Keys are used
4 HSM: A Must Have Keeping Keys Safe keeps the application safe HSM
5 Why Hardware Security Modules? Keys are valuable Private keys for identity no one else should be able to get a copy of private signing key Symmetric keys for confidentiality keys on the host computer are subject to memory scanning attacks Protection outside hardware will always have a weakness Typically involves some form of password-based encryption passwords are easy to snoop from keyboard Easy access to keys stored on hard drive Software on host computer subject to attack Trojan horse Masquerade
6 The Role of an HSM 1. They are devices for keeping keys in hardware making the keys secure Keys underpin all the security mechanisms so they must be kept securely Keeping a Key in Hardware means that you can control when, where and how it is used 2. They Perform Cryptographic Operations on those Keys 1. If the keys are in hardware they wouldn t be secure if each time you needed to use them, you had to copy them off to another computer. 2. Since most of the asymmetric crypto operations are very computationally expensive the HSM needs to perform them quickly 3. They come in a variety of form factors, performance and storage capacities 1. Attached to a network 2. Embedded in a Server 3. Portable 4. Password Authenticated or 2 factor Authenticated with MofN 4. They offer different programming interfaces 1. PKCS11, JCE, CAPI 5. Provide a clear audit trail for all key materials
7 Summary Any application that makes use of Cryptography makes use of Keys If the application is sensitive enough protection of those keys is vital Whether the application is small, mobile and embedded in a cell phone, or large, distributed and needs to be fault tolerant if protection of keys is a requirement an HSM is required
8 Planning for Security in your application
9 Factors to Consider Vendor Security Scalability & Performance Ease of Integration
10 Vendor Considerations Global and Stable organization Broad HSM product Suite Integration options Toolkit offering Well documented API s A Software Emulation HSM for development Hosting and securing code in addition to Keys Partner Relationships offering a wide range of Solutions Reputation Document, Database, Payment, XML, PKI, Rights Management Security applications What proportion of Global F1000 trust the vendor
11 Security Key Generation of all private keys in hardware Key Storage of private keys 100% of the time in hardware Certificate Signing performed on hardware Key Backup in controlled hardware 100% of the time Trusted Path used to enter critical security parameters Recognized validation from FIPS or Common Criteria
12 FIPS Crypto module validation NOT security evaluation Conformance testing against standard Testing performed by NVLAP accredited labs Validation & certification by NIST/CSE Formerly just N.A. standard Now applicable in U.K. Labs accredited in U.K. and Germany
13 Common Criteria ISO defines criteria for specifying and evaluating security functional and assurance requirements Target of Evaluation (TOE) evaluated against requirements defined in Security Target (ST) ST contains Description, Assumptions, Threats, Objectives, Functional Requirements, Assurance Requirements & High-level Specification Evaluation Assurance Levels (EAL) are packages of Assurance Requirements intended to meet common assurance needs EAL 1 through 7
14 Common Criteria (cont) Emphasis on design assurance and testing for strength of security functions No prescribed list of conformance test requirements Mutual Recognition Arrangement (MRA) signatories recognize evaluations performed in other countries up to EAL 4 Recognized world-wide European market DoD requirement DoD Instruction
15 Best Practices for Hardware Security Modules 1. Hardware-secured key generation 6. Controlled physical access 2. Hardware-secured key storage 3. Hardware-secured key backup 7. Host independent 2-factor authentication 8. Enforced operational roles 4. Hardware-secured digital signing 9. Independent Audit 5. PKI authenticated software 10. FIPS validation
16 Operational Roles Lifecycle Operational Role Function Custodian Initialization Initialization (one time only) Vault Initialization Admin Security Officer Token Administration Set token security policy Select token initialization parameters Create Users Chief Security Officer Domain Cloning Token Backup Set Cloning Policy Create/Transfer Cloning Domains Token Backup Domain Administrator Operation User M of N Key Generation Signing Decryption Shared Secret M of N authentication M keys of N key set required to authenticate System Administrator IT Staff
17 Breadth of HSM Technology
18 Why all the different products? Programmable Sophistication All sorts of Crypto Sign, Verify and other Key ops Just Generate a Key A few Several hundreds and thousands per second operations on keys
19 Toolkits 3 rd Party or Customer Developed Host Application PKCS#11, Java, CAPI, Custom API, Payments API s Windows, Solaris, Linux, HP UX, AIX Networked to single or multiple SSM Write your own applications and load them directly onto the device secure sensitive code or place applications in untrusted environments Early-stage development all in Software
20 Build vs Buy
21 Case Studies
22 SafeNet Securing Banking Transactions SafeNet HSM Large Banks SafeNet HSM Small Banks Financial Transaction Infrastructure Applications Payments & Cash Mgt Treasury & Derivatives Trade services Pre-Settlement/trade Access Control via 2 or 3 factor SafeNet HSM Key Management SSL Acceleration FIPS certified Certificate Authority Directory Applications Clearing services Custody services
23 Check Clearing Process Embedded Example User Auth Luna PCI Root Key Storage, Signing, Encryption Luna PCI Root Key Storage, Signing, Encryption Luna PCI Root Key Storage, Signing, Encryption Signed & Encrypted Outward Electronic Check MICR & image Signed & Encrypted Outward Electronic Check MICR & image Clearing House Interface (Presenting Bank) Inward Check MICR & images Clearing House Outward return Check MICR Clearing House Interface (Paying Bank) Check MIRC data & images are captured at the Presenting Bank Sign & Enc data OCSP & Enc data Auth & license control Database encryption Luna SA Electronic Check Archive Auth & license control
24 Egg s PIN Processing with Luna SP 2 (VPS) ViewPIN Server 1 User enters CVV from card CVV 5 2 VPS encrypts CVV for card issuer 1 3 Bank Web Portal 3 Forward encrypted CVV to issuer via bank 4 Issuer decrypts CVV and looks up PIN Encrypts PIN for VPS decoding Sends back to VPS via bank 4 PIN database Card Issuer 5 VPS decrypts PIN and displays to user over SSL
25 ViewPIN Architecture Encryption of CVV2 and Decryption of PIN Luna SP Application security module deployed in the DMZ Integrated FIPS Level 3 HSM Provides tamper-protection for ViewPIN Level 3 type physical security Hardened operating system Protected application container ViewPIN Server User Web Site PIN Database With standard browser With ViewPIN link and page ViewPIN Pages Logic Authentication System With FIPS Level 3 HSM PIN HSM User
26 Database Encryption: Visa & Mastercard ` HSM used for Master Key storage & operations DB Server Application Server Manage Security Policy FIPS compliance Hardware bias in many IT organizations View Database DataProtector ` Security Manager Audit and Reporting Key Management PKCS11 Data Storage Master key Storage and Operations
27 HSM and Manufacturing PKI is not just for people PKI can also be used to create digital identities for devices like phones and computers Cisco uses SafeNet HSMs to create the digital identities for their IP phones & Routers Motorola uses HSMs to issue identities for cell phones, set-top boxes and Cable Modems As well as to protect Intellectual Property in 3rd Party Manufacturing environments SafeNet uses HSM to load firmware into HSM at manufacturing location preventing the exposure of code outside of SafeNet
28 Manufacturing PKI for IP Phones IP Phone IP phone requests certificate from Manufacturing CA Manufacturing CA Luna HSM 2 CA generates a new certificate that Luna signs with the root key 3 Certificate is sent to the phone 4 Phone now has a unique digital identity baked in by Cisco
29 Secure Hard Drive Authentication PKI Certificate Authority Manufacturing Site Identity Issuance RA Key Gen (Extracts keys to Luna SP) Luna SP Sends Keys to Hard Drives Cable modems BIOS applications. Hard drives
30 Use Case: High Assurance Bundle Security Officer 2 5 Code Signing Certificate Inspect Activate 3 Authorize Provision 4 1 Drop Ship Signing Authority Application Developer Trusted Manufacturer Deploy 7 6 Signed Code Release 1 st, 2 nd, or 3 rd Party IT Department
31 ID Card Manufacturer Solution HSM Generates new Keys and wraps for export Key Issuance Application (e.g.intercede, Oberthur, Gemplus, G&D, Datacard, Ubiq, etc) Injects wrapped keys into Smartcards Used for generating keys at manufacturing for initializing smartcards with keys for secure communication in future
32 ID Card Issuance Database PKI Root CA CMS Key Issuance Application (e.g. Intercede, Microsoft, ActivIdentity, Gemplus, BellID, Datacard, etc) Injects wrapped user keys into Smartcards HSM Manages new Keys and wraps for export Sub CAs CMS Keys End user s SC Keys Used for secure comms. with Smart Cards for issuing Digital IDs to end users
33 ID Card in FIPS201 (USGov) Many Issuers Local, state, Federal Public, private Military, civilian Separate databases No communication between organizations Many Cards Multiple badges for the same individual Multiple privileges for issued cards No validation of these credentials Unknown Privileges Issued from standalone databases No validation across organizations Not linked to identity
34 A word from my sponsor
35 Luna SA: World s first Network HSM PKI Financial Transactions Web Server (SSL acceleration) Security FIPS level 3 & Common Criteria EAL4+ Performance 4000 s/s Flexibility upto 20 Virtual HSMs Cost Shared hardware Applications PKI Root Key Protection Financial Transactions Shared SSL Acceleration
36 Advantage: Partition capable HSM Luna SA can be partitioned into virtual HSMs (up to 20) Separate administrative controls for each partition Multiple HSM applications hosted on the same unit
37 Advantage: Network Sharing PKI Sub-Root CA Network Trust Link Network Trust Link E-commerce transactions Secure Document Access Network Trust Link Network Trust Link Web Server (SSL) Reduced cost of ownership Amortize Luna SA over multiple applications, organizations, services Fewer boxes to buy, install and manage Centrally managed cryptographic keys More secure and simpler to administer
38 Network Trust Links HSM is operated by secure remote control over the network All crypto keys and operations remain inside the HSM 1 IP address Four Layers of Security 2 SSL 3 Digital certificates for server & client 4 Process-level password Application Server Network Trust Link
39 High Availability & Load Sharing Application Servers Load balanced Pair On-site Disaster Recovery Unit Off-site Luna SA s can be clustered from anywhere on the network HSM requests are cycled between active SA units Increased availability, performance, disaster recovery
40 Advantage: Multi-Person Authentication 2-Factor Authentication 2-Factor Authentication Password + + Multi-person Authentication Password +
41 Advantage: Keys always in hardware Creation Destruction Hardware- Secured Key Lifecycle Storage Usage Distribution
42 Advantage: 3 Layers of Security Tamper Resistant Hardware Multi-Person Two-Factor Access Control Encrypted Keys
43 Looking to the Future
44 Next Decade - Market Drivers Networked applications will continue to shift from a connection to a transaction orientation Valued transactions will shift from manual/paper based processes to electronic ones as confidence in security technology increases Authenticity will surpass secrecy as the primary network security driver Adoption of new and simpler Cryptographic APIs will speed the integration and deployment of hardware assisted security to applications Security for transaction oriented applications requires deeper integration with the host application and the encryption, signing and verification of atomic units of data as opposed to bulk line encryption. This model of security encourages the use of HSM technologies Cash (paper based transaction), passport/identity, legal documents (i.e. mortgage applications, land registry) and other paper based systems are migrating to online e-type solutions Cash and other transactions place more importance on assuring the identity of the parties than secrecy of the transaction. Assuring identity of people or entities requires PKI-like structure for issuance and validation. HSMs provide the backbone of this infrastructure Cryptography is not simple and the high degree of integration required with applications demands more simple methods for integration that can be applied by non-cryptography experienced engineers whose primary skills revolve around building and supporting the host application and not security. Web Services and other technologies being widely adopted help meet these goals
45 Applications using security / Document / Database DRM (on demand rights management) ewallet, eid (issuance & verification) 1. PKI Root Key Protection & SSL 1. HSM used to protect corporate, banking and retail identities for ecommerce. This application resurges by 2010 for intercorporation value transfers 2. XML & Federated Identity technologies and Corporate Governance issues drive internal need to ensure integrity of data 3. Cash is replaced with electronic wallets and states issue electronic identities. Reduces retail costs, secure borders and reduces fraudulent use of national services (such as healthcare) 4. Music, Video and Games delivered on demand to multiple platforms (itv, PC, handheld) requires platform independent security technology
46 Thank You
Complying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationPKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013
2013 PKI Made Easy: Managing Certificates with Dogtag Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 Agenda What is PKI? What is Dogtag? Installing Dogtag Interacting with Dogtag using REST Future
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationEfficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules
Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationRSA Digital Certificate Solution
RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationINFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW
Summary Purpose Business Value Product Type Technical function/certifications Product Family Name 1 General purpose Hardware Security Modules (HSMs) To securely protect cryptographic keys wherever they
More informationKey Management Best Practices
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationHow To Protect Your Data From Harm With Safenet
SafeNet Information Security Government Solutions Disk & File Encryption Database & Application Encryption Network & WAN Encryption Identity & Access Management Application & Transaction Security Information
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationAEP Systems. Federal PKI Technical Working Group June 2003
AEP Systems Federal PKI Technical Working Group June 2003 Company Background Founded: 1998 Employees: 62 The marriage of two companies: Baltimore Technologies Hardware Group (Zergo) (Security) AEP Systems
More informationWhy self-signed certificates are much costlier and riskier than working with a trusted security vendor
The Hidden Costs of Self-Signed SSL Certificates Why self-signed certificates are much costlier and riskier than working with a trusted security vendor Introduction Even when business is booming, smart
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationEmbedded Java & Secure Element for high security in IoT systems
Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product
More informationapple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
More informationCertification Report
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationThales e-security Key Isolation for Enterprises and Managed Service Providers
Thales e-security Key Isolation for Enterprises and Managed Service Providers Technical White Paper May 2015 Contents 1. Introduction 1. Introduction... 2 2. Business Models.... 3 3. Security World...
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationStrong data protection. Strategic business value. www.thales-esecurity.com
Someone is stalking your sensitive data. Coveting your intellectual property. Waiting for the slightest crack in the window of opportunity to hack it, misuse it, and run. How can you best protect and control
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationFuture directions of the AusCERT Certificate Service
Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationPrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
More informationAlliance Key Manager Cloud HSM Frequently Asked Questions
Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager
More informationGlobal eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa
Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationMXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T +44 1256 844161 F +44 1256 844162 www.farncombe.
MXMedia CipherStream Preliminary Assessment 1.0 Author: T +44 1256 844161 F +44 1256 844162 www.farncombe.com Copyright 2012 Farncombe Belvedere Basing View Basingstoke RG21 4HG This document and the information
More informationREGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationBest Practices in Identity Management
Best Practices in Identity Management Introduction There are many definitions, both academic and scientific, for 'information security'. Some are technical, some are even philosophical - most are difficult
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationPreface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide
Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide Preface Preface 2012 SafeNet, Inc. All rights reserved. Part Number: 007-012077-001 (Rev B, 06/2012) All intellectual property
More informationIBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
More informationThai Digital ID Co.,Ltd.
Thai Digital ID Co.,Ltd. Building Trusted National Root CA - Thailand s Experience ISO27001 Enabling Trust and Security for Reliability of your Business TDID & CA Service Standard PKI Environment CA Hosting
More informationSAFEAPP TECHNOLOGY PROGRAM
SAFEAPP TECHNOLOGY PROGRAM Join our dynamic community of technology application developers that recognize the advantages of SafeNet security solutions. SafeNet Overview................. 3 Partnering with
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCitrix Password Manager, Enterprise Edition Version 4.5
122-B COMMON CRITERIA CERTIFICATION REPORT No. CRP235 Citrix Password Manager, Enterprise Edition Version 4.5 running on Microsoft Windows and Citrix Presentation Server Issue 1.0 June 2007 Crown Copyright
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationIntegration Guide. CyberArk Microsoft Windows
Integration Guide CyberArk Microsoft Windows Integration Guide: CyberArk Imprint copyright 2014 Utimaco IS GmbH Germanusstrasse 4 D-52080 Aachen Germany phone +49 (0)241 / 1696-200 fax +49 (0)241 / 1696-199
More informationCertificate Management
Certificate Management Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationPROXKey Tool User Manual
PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationSP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter
SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationCryptoNET: Security Management Protocols
CryptoNET: Security Management Protocols ABDUL GHAFOOR ABBASI, SEAD MUFTIC CoS, School of Information and Communication Technology Royal Institute of Technology Borgarfjordsgatan 15, SE-164 40, Kista,
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationWhite Paper: Managing Security on Mobile Phones
White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More informationIncorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka
Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Presentation by Sunimal Weerasooriya, CEO LankaClear (Pvt) Ltd. Introduction to LankaClear Originated as Sri
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationMicrosoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes
More informationImplementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware
Implementing Federal Personal Identity Verification for VMware View By Bryan Salek, Federal Desktop Systems Engineer, VMware Technical WHITE PAPER Introduction This guide explains how to implement authentication
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationThe Costs of Managed PKI:
The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations
More informationCitrix MetaFrame XP Security Standards and Deployment Scenarios
Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSafeNet Securing Microsoft Solutions
SafeNet Securing Microsoft Solutions SafeNet and Microsoft work closely to enhance the security of Microsoft solutions. The Microsoft on Windows provides customizable services for creating and managing
More informationA Strategic Approach to Enterprise Key Management
Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationSafeNet Authentication Service Security Considerations
SafeNet Authentication Service Security Considerations Publication Date: Nov. 2012 Revision 1.1 Information provided is confidential and proprietary to SafeNet, Inc. ( SafeNet ) Executive Summary Service
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationThe Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices
The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices Essay Authors Ted Shorter, CTO, Certified Security Solutions, Inc. Wayne Harris, PKI Practice Lead, Certified Security
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationNeed to be PCI DSS compliant and reduce the risk of fraud?
Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction
More informationSecuring Your Software for the Mobile Application Market
WHITE PAPER: SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET White Paper Securing Your Software for the Mobile Application Market The Latest Code Signing Technology Securing Your Software for
More informationPrivateServer HSM EKM Provider for Microsoft SQL Server
PrivateServer HSM EKM Provider for Microsoft SQL Server January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationAdministrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation
The PCI DSS Lifecycle 1 The PCI DSS follows a three-year lifecycle PCI DSS 3.0 will be released in November 2013 Optional (but recommended) in 2014; Required in 2015 PCI SSC Community Meeting Update: PCI
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More information