National Certification Authority Framework in Sri Lanka



Similar documents
Using etoken for SSL Web Authentication. SSL V3.0 Overview

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Cryptography and Network Security Chapter 14

Overview. SSL Cryptography Overview CHAPTER 1

The Concept of Trust in Network Security

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Savitribai Phule Pune University

7 Key Management and PKIs

Introduction to Network Security Key Management and Distribution

Web Security: Encryption & Authentication

Using etoken for Securing s Using Outlook and Outlook Express

Business Issues in the implementation of Digital signatures

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Obtaining a digital signature certificate

eid Security Frank Cornelis Architect eid fedict All rights reserved

Introduction to Cryptography

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Angel Dichev RIG, SAP Labs

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

CERTIFICATION PRACTICE STATEMENT UPDATE

Concept of Electronic Approvals

SSL/TLS: The Ugly Truth

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

Asymmetric cryptosystems fundamental problem: authentication of public keys

Class 3 Registration Authority Charter

esign Online Digital Signature Service

GT 6.0 GSI C Security: Key Concepts

Security Digital Certificate Manager

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Security Digital Certificate Manager

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS)

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Trust Service Principles and Criteria for Certification Authorities

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

How To Understand And Understand The Security Of A Key Infrastructure

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

Key Management and Distribution

Network Security Protocols

Ericsson Group Certificate Value Statement

Digital certificates. Name Vivek kumar EM No Subject E-Business technologies Prof. Dr. Eduard heindl

Neutralus Certification Practices Statement

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Siemens PKI Certificate Authority (CA) Hierarchy

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Digital signature Solution for the Secure Electronic invoicing application

PostSignum CA Certification Policy applicable to qualified personal certificates

Module 7 Security CS655! 7-1!

CALIFORNIA SOFTWARE LABS

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Authentication Applications

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

Cornerstones of Security

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Key Management and Distribution

Understanding digital certificates

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

SEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

1 Definitions

Simple Guide to Digital Signatures

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL

Conclusion and Future Directions

Using BroadSAFE TM Technology 07/18/05

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

SecureStore I.CA. User manual. Version 2.16 and higher

Public Key Infrastructure

Ciphire Mail. Abstract

Comodo Certification Practice Statement

WiMAX Public Key Infrastructure (PKI) Users Overview

Forging Digital Signatures

SSLPost Electronic Document Signing

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Transcription:

National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer

What is digital Signature? According to UNCITRAL Text 25. Digital signature is a name for technological applications using asymmetric cryptography, also referred to as public key encryption systems, to ensure the authenticity of electronic messages and guarantee the integrity of the contents of these messages. Public key encryption Public key encryption uses a combination of a private key and a public key. The private key is known only to your computer while the public key is available for any computer.

Use of Digital Signature

Verification of Digital Signature UNCITRAL Text 33. To verify a digital signature, the verifier must have access to the signatory s public key and be assured that it corresponds to the signatory s private key. However, a public-key and private-key pair has no intrinsic association with any person; it is simply a pair of numbers. An additional mechanism is necessary to associate reliably a particular person or entity to the key pair. Digital Certificate- The digital certificate certifies the ownership of a public key by the named subject of the certificate. certification authority (CA) is an entity that issues digital certificates.

Public Key Infrastructure (PKI) UNCITRAL Text Certification authorities are being organized hierarchically into what is often referred to as a public key infrastructure (PKI). Certification authorities within a PKI can be established in a hierarchical structure, where some certification authorities only certify other certification authorities, which provide services directly to users.

PKI hierarchy UNCITRAL Text (a) a unique root authority, which would certify the technology and practices of all parties authorized to issue cryptographic key pairs or certificates in connection with the use of such key pairs and would register subordinate certification authorities; (b) various certification authorities, placed below the root authority, which would certify that a user s public key actually corresponds to that user s private key (i.e. has not been tampered with); and (c) various local registration authorities, placed below the certification authorities, which would receive requests from users for cryptographic key pairs or for certificates in connection with the use of such key pairs, requiring proof of identification and checking identities of potential users. In

National Certification Authority (NCA) of Sri Lanka Run the Root CA for Sri Lanka Established under the provisions of Electronic Transactions Act,No.19 of 2006 Section 18- Designation of a Certification Authority Section 19- Powers of Certification Authority Section 20- Accreditation of Certification Service Providers

Functions of NCA Issue certificates to the secondary level certificate service providers (CSPs) Accreditation of CSPs

Existing CAs in Sri Lanka LANKASIGN Root CA LGNCA Root CA LankaCertify Root CA LANKASIGN Working CA LGNCA Working CA LankaCertify Working CA Servers Users Servers Users Servers Users

Hierarchy of NCA Root CA (NCA) LANKASIGN Root CA LGNCA Root CA LankaCertify Root CA LANKASIGN Working CA LGNCA Working CA LankaCertify Working CA Servers Users Servers Users Servers Users

Current challenges Inserting the Root Certificate to Browsers (should undergo through Web Trust Standard) Having a viable business model

Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information