Public-Key Infrastructure
|
|
- Jonah Malone
- 8 years ago
- Views:
Transcription
1 Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards and on some of the new and exciting applications that will consume PKI services and at last fulfill their promise of efficiency and effectiveness in the emerging e-commerce market.
2 Contents Introduction... 3 What is a PKI?...3 How does PKI relate to online business and e-commerce?...3 How is PKI technology integrated in the application?... 3 Major Market Drivers... 4 E-commerce Security Requirements...4 PKI Technology and Architecture...5 Basic PKI Architecture and Data Flow... 6 What is a Public-Key Certificate?...6 What is a Digital Signature?...7 Data integrity in PKI...7 User authentication in PKI...8 The Primary Technical Components of PKI...8 PKI toolkits Application Contexts Used in E-Commerce PKI Policies Certification Practice Statement (CPS) Certificate Policy...13 Conclusions...14 PKI-Related Standards...15 List of Acronyms Used
3 Introduction What is a PKI? A Public-Key Infrastructure (PKI) is the set of policies, procedures, people, facilities, software, and hardware that allow for the issuance, distribution and ongoing management of public-key certificates. In practical terms, PKIs manage relationships and establish a level of trust in distributed environments. They do this by managing and controlling the use of cryptographic keys and certificates. Without the management and trusted services of PKI, cryptographic-based security cannot be used to support the majority of e- commerce applications. How does PKI relate to online business and e-commerce? In the online world, the things that concern administrators the most are the policies defining the rules and flow of the online business. All PKIs are operated, administered, or managed according to a business-specific policy defining PKI configuration, deployment, and operations. It is important to make this distinction: the PKI is not just the technology/software/product, but is in essence the rules under which the technology/software/product is integrated, administered, and used. So, PKIs are specific to business flow and business operations first, and to technical architecture second. Properly designed PKI products are capable of supporting multiple business frameworks. An overview of good design practices and features for PKI products will be provided later. How is PKI technology tntegrated in the application? Most PKI-technology components run in the network as application services. The exception is the developer s toolkit component. The toolkit treats the complex underlying cryptographic services and protocols on behalf of an application programmer. The toolkit is a bundle of local software providers that implement security standards and a high-level interface that allows any developer to PKI-enable their application. The importance of the toolkit includes the following: - It allows the application programmer to focus on what he/she does best, rather than become a cryptography or PKI expert. This reduces time and resources needed to integrate security with applications. - It allows consistent security integration across all applications. - It allows those maintaining the overall solution to easily meet new demands as application environment and requirements evolve over time. 3
4 Major Market Drivers The increasing use of online commerce applications like those listed below constitutes the primary business driving the deployment of PKIs. - Wireless and web e-commerce - Electronic content distribution via public networks - Online payments - Extranets (private networks that support trading partners) - Intranets (private networks that support employees) While the use of these new applications promise tremendous gains in productivity to almost all organizations, they also introduce serious security risks such as: Masquerading as a legitimate user Denial of participation in an online transaction Tampering with data Eavesdropping Unauthorized access E-Commerce Security Requirements Businesses operating online have specific security needs, all of which can be met through carefully implemented PKI. PKI provides management of relationships, keys, and certificates necessary to make cryptography useful in business. PKI services and objects will be covered later in this document. To learn about basic cryptography, see An Introduction to Information Security at ). Today there is widespread consensus that the security requirements of online applications are best met by cryptography, but only when these applications are PKI-enabled. To be PKI-enabled, the application must have the ability to access PKI resources like the certification authority and the certificate directory as well as the ability to process the objects that are commonly exchanged within the PKI, like digital signatures and public-key certificates. A carefully implemented PKI addresses online businesses requirements for Authentication: to prevent masquerading, verifies the identity of an entity (individual, device, organization, role) prior to an online exchange, transaction, or allowing access to resources. 4
5 When the application is PKI-enabled, it can use digital signature and publickey certificate processes to authenticate individuals, servers, nodes or whatever entity is participating in the business flow. Authorization: to prevent unauthorized activity, verifies that an entity has permission to participate in an activity, a transaction, or is allowed access to resources. When an application is PKI-enabled, it can cross-reference an entity s verified identity (which it authenticated using a public-key certificate) with a privilege (or policy-enforcement) list before it authorizes (grants or denies) an entity s request for participation or access. Non-repudiation: provides the tools that make it easy to prove that an individual has participated in a transaction. PKI-enabled applications can bind a participant to his activity and the date and time that the activity occurred because they have the capability to verify digital signatures, process public-key certificates, and maintain an audit log (record) of the transaction. Privacy: prevents eavesdropping or unauthorized access. PKI-enabled applications are also capable of encrypting data when privacy is needed. While the encryption service is not provided by the PKI, the management and exchange of encryption and decryption keys is a necessary service usually provided by the PKI. Integrity: prevents data tampering, ensures that data is not altered, either by accident or on purpose, while in transit or in storage. Digital signatures are a preferred method for protecting data from tampering. If digital signature verification is positive, the integrity of the transaction is deemed to be intact, if not the transaction data has been modified and will be discarded. PKI-enabled applications are capable of applying digital signatures to transactions, of verifying digital signatures and so can verify the integrity of transactions. These requirements are best met with PKI-enabled applications that support the services (cryptographic, access, and audit) commonly found in operational PKIs. PKI Technology and Architecture Good PKI architectures are openly documented, provide clear application interfaces, and support standards. The set of PKI technologies includes software and hardware that implement the functions of the End-Entity Application (EE) 5
6 Registration Authority (RA) Certification Authority (CA) PKI Directory Basic PKI Architecture and Data Flow The major technical components and operational flow of a PKI are shown in Fig. 1. Fig. 1. The major technical components and operational flow of a PKI. What is a Public-key Certificate? A public-key certificate is a data object or container that binds a public key to a set of information identifying the key pair owner (an entity such as a person, organization, node, or Website). The public key in the certificate is associated with the corresponding private key in the pair. The key pair owner is known as the subject of the certificate. A certificate is used by a participant involved in secure transaction (or in a secure, authenticated-communications session) who relies upon the accuracy of the identity (Subject) and public key contained in the certificate. With a trusted, accurate identity and 6
7 public key it is possible for one participant to authenticate the other before executing an online transaction. In order to help visualize the contents of a public-key certificate, a diagram (Fig. 2) is provided here. Fig. 2. Contents of a public-key certificate. What is a Digital Signature? As the name suggests, digital signatures are the electronic equivalent of traditional handwritten signatures. But a digital signature cannot be visually recognized like a handwritten signature. Instead, digital signatures are recognized (created, stored, transmitted, and verified) by PKI-enabled applications that have access to key management and cryptographic services. The generic cryptographic operations used in creating and verifying a digital signature are shown in Fig. 3. Digital signatures and public-key certificates provide two primary security services in a PKI: data integrity and user authentication. Data Integrity in a PKI As indicated above, in order to create a digital signature, both the transaction data that is to be signed and the user s private key must be used as inputs to the signing process. To verify a digital signature, the data that was
8 signed, the user s public key, and the digital signature itself are used as inputs to the verification process. Since the transaction data is always involved in producing and verifying a digital signature, if the data is modified after signing, the signature will not verify; therefore digital signatures have become a preferred method for ensuring the integrity of transactions. Fig. 3. A generic representation of the operations used in creating and verifying a digital signature. User Authentication in a PKI Public-key certificates ensure that the public key used to verify a digital signature belongs to the user that produced the signature. As indicated in the previous certificate diagram the certificate contains both the user s public key and identity. So if the signature verification process is successful, the verifier also knows for certain the identity of the signer because the CA that issues the public-key certificate guarantees the user s identity when it places it in the certificate along with the user s public key. For a more detailed review of digital signatures, please see An Introduction to Information Security at The Primary Technical Components of PKI Following are the primary technical components of a PKI. With the exception of the toolkit, each is implemented as a software module that may interoperate with other software modules in the PKI and over the network. End Entity Application (EE): Implemented as software for the end-user, its functions include: Generate, store and allow access to a user s public-key pair Complete, sign and submit first-time certificate applications 8
9 Complete, sign and submit certificate renewal requests Complete, sign and submit certificate revocation requests Search for and retrieve certificates and revocation information Validate certificates and read the certificate contents Generate and verify digital signatures Registration Authority (RA): Implemented as software for the designated Registration Authority user(s) in the PKI. It is interoperable and fully compatible with the EE and CA and supports the same basic functions of key generation, storage, access, and digital signature and certificate processing. The RA is usually capable of supporting multiple CAs and EEs in the PKI. Its primary use is to support the special tasks of the RA user such as: User enrollment: the process by which a user is registered as a potential participant in the PKI. The RA creates a user object in a special database. User objects may contain any number of user attributes as specified by the registration policy like: user name, title, address, etc. Due Diligence: the process by which the RA verifies the identity of a certificate applicant (subject) for the first time and confirms that a specific public key (the one that is to be certified) belongs to the applicant. Approval of end-user requests: the RA will approve or deny requests made by end-users like requests for first-time certificates and renewal of expired certificates. Certificate revocation: The action taken by the RA that orders the CA to revoke a user s certificate. The RA may or may not provide a reason for revocation according to the PKI s revocation policy. Certification Authority (CA): usually implemented so that it can run autonomously after it has been installed, configured, and launched by the designated CA administrator. Think of the CA as a highly trusted signing engine. It is responsible for signing certificates, revocation requests, and other supporting-transactions according to a predefined set of conditions and in this way plays a key role in enforcing the rules of the business that rely on the PKI. In practice the CA is responsible for: Key certification: the transaction that results in the CA signing a subject s public key and issuing the certificate. Certificate renewal: the transaction that issues a new certificate to the subject when the current certificate has expired. 9
10 Certificate revocation: the transaction that adds a users certificate to the revocation list making the certificate invalid from that date and time onward. Certificate posting: the transaction that places the certificate in the PKI directory where PKI users can search for and retrieve it. Revocation list maintenance: the set of transactions that keep the certificate revocation list current within the PKI. Revocation list posting: the transaction that places the certificate revocation list in the PKI directory where PKI users can search for and retrieve it. PKI directory: The PKI directory is an online repository available to all participants in the PKI for searches and retrievals of certificates, revocation information and policy information. Only special users or components are designated with Directory write and delete privileges. Most commonly, directories are implemented based on the IETF Lightweight Directory Access Protocol (LDAP). The directory architecture includes two primary components: a LDAP client (usually implemented as part ofthe EE Application) and a LDAP server a networked server that hosts the directory information and processes search, read, write, delete, and update requests made by authorized users in the PKI. These processes are illustrated in Fig. 4. PKI Toolkits Without the ability to integrate the PKI with applications (making the applications PKI-enabled), the PKI has no value in business. Therefore, good PKIdesigns focus on application interfaces and the best practice here is to implement the interfaces and standards in the form of developer toolkits. The toolkits allow for tight integration of applications, minimize the resources needed to integrate the PKI with applications, and allow the PKI solution to meet demands as the application environment and requirements evolve over time. Although the PKI toolkit is transparent to users and administrators, it plays a critical role in PKI deployments and ongoing maintenance, so it is also a key technical component of the PKI. 10
11 Fig. 4. A representation of an EE application requesting a certificate from (and receiving) a public-key certificate from an LDAP server. Common PKI Toolkit: A developer s toolkit that contains all of the PKI libraries and interfaces necessary to allow a third party application to become PKI-enabled. Ideally, all other components in the PKI (EE, RA, CA) are developed using the same toolkit. Having this type of common foundation insures compatibility among PKI components and allows rapid additions/ modifications for new features and bug fixes, and by supporting standards may facilitate the mixing and matching of PKI components from different vendors. A generic PKI toolkit design is represented in Fig. 5. Fig. 5. A generic PKI toolkit design. Application Contexts Used in E-Commerce Several application contexts support e-commerce applications. These are not the e-commerce applications themselves but are the generalized application contexts that are employed in a wide variety of e-commerce applications. The 11
12 commonly used application contexts and the PKI-enabled standards that they rely for securing e-commerce are shown in Table 1. Wireless Transport Layer Security (WTLS) is a PKI-enabled transport security protocol. It can authenticate the communicating parties and encrypt the Wireless Markup Language (WML) data when it is in transit. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are also PKI-enabled transport-security protocols and are used in the same manner as WTLS only for Web-based transactions. Internet Protocol Security (IPSec) is a PKI-enabled network-security protocol that is used mainly to establish Virtual Private Networks (VPN) for the purpose of support an extranets or intranets. This protocol applies integrity and encryption at the IP data packet level and authentication of the originating and receiving network devices at either end of the communications session. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a PKI-enabled application-security protocol that applies integrity, encryption and sender/recipient authentication to messages. Many techniques for secure content distribution exist. Content types and standards vary for music, books, images, software, etc., but PKIs can support the applications that are responsible for secure distribution of content and management of the rights to own and use it. Table. 1. The commonly used application contexts and the PKI-enabled standards on which they rely. Application Context Supporting PKI-enabled Standard WML WTLS (WAP-199-WTLS A) HTML SSL and TLS S/MIME VPN IPSec 12
13 PKI Policies There are two main policies that determine the operational and technical practices of a PKI: (1) the Certificate Policy (CP) and (2) the Certification Practice Statement (CPS). A guide for those that will write CPs and CPSs may be found at This is IETF RFC 2527 Internet X.509 PKI Certificate Policy and Certification Practice Framework. It is a roadmap for Certificate Policies and Certification Practice Statements. In particular, the framework provides a comprehensive list of topics that may need to be covered in PKI policy definition. Certification Practice Statement (CPS) The degree to which a user can trust a certificate depends on the operational practices of the PKI as defined in the Certification Practice Statement. As already mentioned, the policies that govern the rules of the business are also the policies that the PKI must support and enforce. These policies will, in effect, govern how the PKI participants create, administer, use, and access keys and certificates. It is the CPS that defines these policies and in doing so will indicate a level of trust that may be associated with the PKI. The CPS may cover items like the enrollment process for users and administrators, the CA s overall operating policy, procedures, and security controls; the subject s obligations (for example, in protecting their private key); and the stated undertakings and legal obligations of the CA (for example, warranties and limitations on liability). The CPS must define practices and policies that will provide a level of trust in the PKI that is at least equal to the value level of the business transactions that rely on the PKI. In the e-commerce world trust-level must be equal to or greater than value-level and the CPS is one way to ensure and verify this. Certificate Policy Online businesses and the PKIs that support them are not isolated and over time tend to evolve to encompass more and more customers, partners, and employees. It is also likely that these new entities will reside under different business and management domains and may already have established PKIs and PKI-enabled applications. To that end, it is important that a PKI define policies for standards and interfaces referred to as the Certificate Policy. Through a well-defined Certificate Policy and by employing a product that can support it, interoperation between PKI domains may be possible without causing serious downtime or interrupting workflow. 13
14 Conclusions PKIs encompass a set of complex technologies that work with the applications supporting e-commerce and online business (as well as other PKIs). As a result, application interfaces and standards are important. PKI technology can support a wide range of online applications. The demand for PKI support will increase and evolve into the foreseeable future as PKI designs, standards and technologies track the evolution and expansion of e-commerce requirements. The PKI itself is not just technology but is the manner in which the technology, certificates, and keys are administered and used. Finally, the administration and use of PKI must follow the rules of business. 14
15 PKI-Related Standards Abstract Syntax Notation 1 (ASN.1) is an ISO and IETF standard used to describe objects such as certificates, signatures, and encryption keys. ASN.1 Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER) are ISO and IETF standards, also referred to as transfer or encoding syntax. These are the rules by which data objects are electronically encoded before they are digitally signed, transmitted, or stored. ANSI X9.62 Elliptic Curve Digital Signature Algorithm (ECDSA) is the Financial Services Industry s latest standard for digital signatures. This standard defines techniques for generating and validating digital signatures. It is the Elliptic Curve analog of the original ANSI Digital Signature Algorithm (DSA) (ANSI X9.30 Part 1). Elliptic Curve systems are public-key (asymmetric) cryptographic algorithms that are typically used to create digital signatures (in conjunction with a hash algorithm), and to establish secret keys securely for use in symmetric-key cryptosystems. NIST FIPS PUB is the US Digital Signature Standard (DSS). This standard now recognizes three different cryptographic subsystems (1) the original Digital Signature Algorithm (DSA), (2) the Elliptic Curve Digital Signature Algorithm (ECDSA) as defined in ANSI X9.62, and (3) the Rivest-Shamir- Adleman (RSA) digital signature. IETF RFC 2307 is an experimental standard covering an approach for using LDAP as a Network Information Service. IETF RFC 2459 is the standard that provides the Internet profile of X.509 Certificate and CRL formats. IETF RFC 2510 is the Internet X.509 Public Key Infrastructure Certificate Management Protocols (CMP) standard. IETF RFC 2511 is the Internet X.509 Certificate Request Message Format (CRMF) standard. 15
16 IETF RFC 2527 is the Internet X.509 PKI Certificate Policy and Certification Practice Framework. It presents a framework for Certificate Policies (CP) and Certification Practice Statements (CPS). In particular, the framework provides a comprehensive list of topics that may need to be covered in policy definition. ISO/IEC /ITU-T Recommendation X.509 provides the generalized public-key certificate and CRL formats, a public-key trust model and security framework, and some of the first formal descriptions of public-key based entity authentication protocols. ISO/IEC on Certificate Extensions, Final Text of Draft Amendment DAM 1 provides one of the earliest comprehensive lists of extensions and descriptions in ASN.1 of X.509 v3 certificate extensions. JCE: Java Cryptographic Extensions from JDK v1.2 are the cryptographic libraries provided to Java application developers that allow access to cryptographic serves such as key generation, encryption/decryption, digital signature generation and verification, and X.509 certificate and CRL processing. PKCS 7 Cryptographic Message Syntax describes general syntax for data that may have cryptography applied to it, such as digital signatures. PKCS 10 Certification Request Syntax describes syntax for a request for certification of a public key, a name, and a set of attributes. PKCS 11 Cryptographic Token Interface specifies an API, called Cryptoki, to devices like smart cards which hold cryptographic information and perform cryptographic functions. PKCS 12 Personal Information Exchange Syntax specifies a portable format for storing or transporting a user s private keys, certificates, and other secrets. SEC 1: Elliptic Curve Cryptography specifies public-key schemes based on Elliptic Curve Cryptography, in particular signature schemes, encryption schemes and key management schemes. 16
17 SEC 2: Recommended Elliptic Curve Domain Parameters helps insure interoperation among PKI-enabled applications that use elliptic curve cryptography (ECC). It specifies profiles for standard domain parameters for those implementing ECC according to SEC 1, ANSI X9.62 or FIPS PUB WAP Public-Key Infrastructure: WAP-217-WPKI profiles the existing IETF PKIX PKI standards for the specific requirements of the wireless application environment. 17
18 List of Acronyms Used ANSI ASN.1 BER CA CP CPS CRL DAM DER DSS DSA ECC ECDSA E-Commerce EE FIPS HTML IEC IETF I/F IP IPSec ISO ITU JCE JDK LDAP NIST PKCS PKI American National Standards Institute Abstract Syntax Notation One Basic Encoding Rules Certification Authority Certificate Policy Certification Practice Statement Certificate Revocation List Draft Amendment Distinguished Encoding Rules Digital Signature Standard Digital Signature Algorithm Elliptic Curve Cryptography Elliptic Curve Digital Signature Algorithm Electronic Commerce End Entity Electronic Mail Federal Information Processing Standard HyperText Markup Language International Electro-technical Commission Internet Engineering Task Force Interface Internet Protocol Internet Protocol Security International Standards Organization International Telecommunications Union Java Cryptographic Extensions Java Developers Kit Lightweight Directory Access Protocol National Institute of Standards and Technology Public-Key Crypto Systems Public-Key Infrastructure 18
19 RA RFC RSA SEC S/MIME SSL TLS VPN WML WPKI WTLS Registration Authority Request For Comment Rivest-Shamir-Adleman Standards for Efficient Cryptography Secure/Multipurpose Internet Mail Extensions Secure Sockets Layer Transport Layer Security Virtual Private Network Wireless Markup Language (Script) Wireless Application Protocol Public-Key Infrastructure Wireless Transport Layer Security 19
20 Certicom Office Locations Industrial Blvd. Hayward, CA USA Tel: Fax: Explorer Drive 4th Floor Mississauga, Ontario, L4W 5L1 Canada Tel: Fax: Sales Support: Tel: Fax: com Application Engineering and Customer Support: Tel: Fax: Investor Inquiries: Contact Starla Ackley Certicom Corporation 2001 tp wp 001-1
Neutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationPublic Key Infrastructure for a Higher Education Environment
Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware
More informationAD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx
AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationCertificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2
Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust
More informationCERTIFICATE POLICY KEYNECTIS SSL CA
CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationComodo Certification Practice Statement
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
More informationNISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David
More informationphicert Direct Certificate Policy and Certification Practices Statement
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
More informationencryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.
The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.
More informationCERTIFICATION PRACTICE STATEMENT. EV SSL CA Certification Practice Statement
CERTIFICATION PRACTICE STATEMENT EV SSL CA Certification Practice Statement Emmanuel Montacutelli September 1, 2015 OpenTrust_DMS_EV Statement SSL CA Certification Practice Manage d Services Signature
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationDigiCert Certification Practice Statement
DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,
More informationehealth Ontario PKI Certification Policy Manual
ehealth Ontario PKI Certification Policy Manual Part One: Concept of Operations Part Two: Certification Policies Version: 1.1 2005 January 25 Document Control Document Identification Title Location: Maintained
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationStrong Encryption for Public Key Management through SSL
Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key
More informationUNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION
UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More information- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1
- X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank
More informationTeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB
Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationThe Security Framework 4.1 Programming and Design
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationEuropeanSSL Secure Certification Practice Statement
EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationReport to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999
Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationGandi CA Certification Practice Statement
Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10
More informationBiometrics, Tokens, & Public Key Certificates
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
More informationVisa Public Key Infrastructure Certificate Policy (CP)
Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential
More informationGlobe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States
Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...
More informationStartCom Certification Authority
StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationRSA Security RSA Keon Certificate Authority PKI Product
Kristen Noakes-Fry Product Report 1 August 2003 RSA Security RSA Keon Certificate Authority PKI Product Summary RSA Keon Certificate Authority a PKI platform for Internet and e-commerce applications serves
More informationAn Introduction to Entrust PKI. Last updated: September 14, 2004
An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationSSL.com Certification Practice Statement
SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com
More informationCertification Practice Statement
Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationExpert Reference Series of White Papers. Fundamentals of the PKI Infrastructure
Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationA Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract
A Security Flaw in the X509 Standard Santosh Chokhani CygnaCom Solutions, Inc Abstract The CCITT X509 standard for public key certificates is used to for public key management, including distributing them
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03
ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03 Comodo CA, Ltd. ECC Certificate Addendum to Comodo EV CPS v. 1.03 6 March 2008 3rd Floor, Office Village, Exchange Quay,
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationValidity Models of Electronic Signatures and their Enforcement in Practice
Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationComodo Certification Practice Statement
Comodo Certification Practice Statement Comodo CA, Ltd. Version 3.0 22 September 2006 3rd Floor, Office Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom Tel: +44 (0) 161
More informationREGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationCA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT
CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original
More informationNational Security Agency Perspective on Key Management
National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National
More informationInnovations in Digital Signature. Rethinking Digital Signatures
Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance
More informationBusiness Issues in the implementation of Digital signatures
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015
ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document
More informationTrust Service Principles and Criteria for Certification Authorities
Trust Service Principles and Criteria for Certification Authorities Version 2.0 March 2011 (Effective July 1, 2011) (Supersedes WebTrust for Certification Authorities Principles Version 1.0 August 2000)
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationElectronic and Digital Signatures
Summary The advent of e-government and e-services has changed the way state agencies and local government offices do business. As a result, electronic systems and processes have become as important as
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationMCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory
More informationMetropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version 6.1 10 th February 2012 NOT PROTECTIVELY MARKED
Metropolitan Police Service Enterprise PKI Root Certificate Authority, Certificate Policy Version 6.1 10 th February 2012 Version Control Issue Release Date Comments A 02/11/07 First draft release of CP
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationStrong Security in Multiple Server Environments
White Paper Strong Security in Multiple Server Environments VeriSign OnSite for Server IDs Contents 1. Introduction 1 2. Security Solutions: The Digital ID System 2 2.1. What Is a Digital ID? 2 2.2 How
More informationDigital Certificates Demystified
Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The
More informationRSA Digital Certificate Solution
RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong
More informationComodo Extended Validation (EV) Certification Practice Statement
Comodo Extended Validation (EV) Certification Practice Statement Comodo CA, Ltd. Version 1.0 8 December 2006 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United
More informationVodafone Group CA Web Server Certificate Policy
Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationCMS Illinois Department of Central Management Services
CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationA Survey of State of the Art in Public Key Infrastructure
A Survey of State of the Art in Public Key Infrastructure NR Rapport nr. 995 Shahrzade Mazaher Per Røe August 2003 Copyright Norsk Regnesentral 1 Tittel/Title: A survey of state of the art in Public Key
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More information