PKI Credentialing Handbook
|
|
- Jean White
- 5 years ago
- Views:
Transcription
1 PKI Credentialing Handbook
2 Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA) Key security (HSM) Management tools PKI use cases...14 Logical and physical access Digital signature encryption Endpoint protection The bigger picture...20 Wrapping up...23
3 An introduction to PKI and Credential Management Public Key Infrastructure or PKI is a well-known security ecosystem used by top enterprises, defense departments and governments around the world. Regulations, increased use of cloud-based services and the Internet of Things (IoT) are prompting a surge in PKI adoption. Many well-known organizations, such as the Department of Defense, the FBI, and Microsoft depend on Gemalto PKI solutions for user authentication and physical access. PKI also offers additional security functionalities. With PKI, you can encrypt data, hard disks, and , as well as digitally sign. These functions are becoming increasingly important as companies need to protect digital file exchange and encrypt content to prevent hackers from intercepting communications. Even though PKI has been around for many years, it s still a vital, top security protocol offering military-grade security and the highest assurance level. This handbook will provide an overview of PKI and its many use cases to protect users, networks and devices.
4 Dissecting PKI for identity and credential management A PKI supports the distribution and identification of public digital certificates. It is a collection of hardware, software, and processes that support the use of public key cryptography and the means to verify the authenticity of public keys. PKI enables users and computers to verify the identity of parties they re communicating with, and securely exchange data over private networks as well as public networks such as the Internet.
5 With the assurance of identities, the concept is similar to a secret handshake. Users may exchange an envelope with a message written in code; but with PKI, both parties can be certain the person they re exchanging with is truly who they say they are. That assurance of identity comes in the form of a digital certificate from a certificate authority (CA). A pair of cryptographic keys one public and one private are used to encrypt, sign and decrypt data. The private key is maintained by the end user and remains secure. The public key is available as part of a digital certificate within a directory that can be freely accessed. The digital certificate links the personal details of an individual to their public key. The CA that issues the digital certificate signs it using its own private key. Some entity must be trusted in the entire chain, and that boils down to the certificate authority.
6 Components of PKI Digital certificates A digital certificate is a form of identification, much like a driver s license or passport, only in electronic form. X.509 is a standard certificate for PKI and defines the different information you could find on the certificate, such as information about the identity of the owner, SAMPLE CERTIFICATE INFORMATION Version (X.509 v2, v3) Serial Number Algorithm ID (signature algorithm) Issuer (CA) (X.500 name*) Validity (Not Before..., Not After...) Owner (X.500 name*) Owner s Public Key Information Public Key Algorithm: e.g. RSA Owner Public Key: 1f 0a a 5a 1c cc ab 1b f1 13 e8 Issuer/owner Unique Identifiers (Optional) Extensions (Optional) as well as other data such as serial number, issuer name, validity period, public key algorithms, and much more. A digital certificate must be issued by a certificate authority that ultimately guarantees the validity of the information in the certificate. The digital certificate is what pairs the key to a person s identity and what guarantees you can trust the sender is who he claims to be.
7 Public and private keys Public and private keys are each comprised of a long string of random numbers and alphabetic characters. The public key can be shared, but the private key is known only to the owner. The public and private key pair is mathematically related, so data encrypted with a public key may only be decrypted by its corresponding private key and vice versa.
8 Smart cards The private key is the most sensitive data in computer security. It must be stored in a place where no one will have access, and in such way that if someone tries to steal or use our private key without our consent we ll know about it (tamper proof and tamper evident). A smart card is an electronic integrated circuit, a microprocessor (a chip) that is designed to store cryptographic keys and preform cryptographic mathematical operations in a secure and efficient way. There are a couple of differences between a regular microprocessor and a smart card. The smart card usually has a cryptographic co-processor, which makes cryptographic operations very fast. More importantly, a smart card has physical attributes and electrical components that make breaking in to the card and almost impossible.
9 Smart cards, often referred to as secure elements, can be found in many forms, which enables different communications methods. The most common form factors are smart cards, SIMs, USB tokens, virtual smart cards, chip form factors that can be placed on the PCs mother board (TPM), micro SD cards and more. Smart cards should hold an industry certification, such as FIPS or Common Criteria.
10 Certificate Authority (CA) In a typical PKI, the trusted party is a CA. The CA is a trusted entity that generates digital certificates. We must trust the CA to verify the person s identity before issuing a digital certificate. In many ways, this is similar to a passport or driver s license (used as ID), but the trusted party there is the government.
11 The CA responsibilities include: > > Issuing certificates for intended identified owners. > > Including attributes in a certificate and verifying them. > > Managing which certificates were issued, when they were issued, and who holds them. > > Policies ensure every certificate applicant goes through a known procedure that verifies his/her identity > > Policies enable clients of the CA to evaluate the amount of trust that can be given to a digital certificate > > Policies control and monitor how the CA and certificate publishers are issuing and publishing certificates and CRLs > > Issuing and publishing the certificate revocation lists (CRLs), to which revoked certificates are added.
12 Key security (HSM) The private keys of the CAs are the heart of the security of the PKI. In a multi-tier environment, each CA, including a root CA, has its own unique private key. It s critical to guard these keys, as a compromise means revoking all the certificates issued by a compromised CA and re-issuing all the certificates. The best security practice is to store the keys of CAs in a hardware security module (HSM). An HSM is a FIPS certified dedicated hardware device, which is separately managed and stored outside of the operating system software. It comes with multiple tamper-resistant and self-destructing features in case there s evidence of continuous attacks. HSMs can be partitioned to store different keys for each client.
13 Management tools Credential Management Systems (CMS) are critical for the day-to-day operations of a PKI environment. CMS software automates much of the manual work, such as issuing certificates for users, helping user unblock their device PIN, etc.
14 PKI use cases Logical and physical access Adding PKI using smart cards can significantly improve client logon security by requiring multi-factor authentication. Adding multiple factors ensures secure login to workstations and enterprise networks, eliminates complex and costly passwords and significantly reduces helpdesk calls. Along with permission needed for logical access (such as Windows logon), many organizations have the need to protect physical locations, including doors, parking facilities and secure zones. A converged badge solution combines logical access and physical access. Adding a converged badge solution has clear benefits for the office user who only needs to carry one credential and remember a single PIN code or a short password to use in conjunction with their badge.
15 Digital signature PKI provides additional security features to digitally sign documents, files, forms, and transactions anywhere using SafeNet etokens or IDPrime smart cards as the Secure Signature Creation Device (SSCD) or Qualified Secure Signature Creation Device (QSCD), ensuring compliance with regulatory requirements, and a seamless transition towards a paperless office environment. Code signing and online tender/bid signing are the most notable uses of digital signature.
16 Digitally signed documents and transactions are sealed electronically, providing evidence of signer and document authenticity and guaranteeing document integrity and thus are resistant to fraud and tampering. This is known as nonrepudiation. With PKI-based trusted credentials, the level of assurance is typically higher than that of electronic signatures protected only by a password. Standards-based Gemalto PKI solutions enable compliance with security and privacy standards. Using PKI for Digital Signature THIS IS JACK Hash Algorithm Encryption Digitally Signed Document Network Hash Algorithm Dencryption Hash When hash values are equal, signature is valid Digitally Signed Document Hash THIS IS JILL
17 encryption A PKI can be configured to include a cryptographic process to provide encryption that can only be decrypted by the intended recipient. encryption with PKI smart cards and USB tokens use Multi-Purpose Internet Mail Extensions (S/MIME), a system for sending securely using encryption and digital signatures. Gemalto smart cards and USB tokes all support symmetric (secret) key algorithms Data Encryption Standard (DES) and Advanced Encryption Standard (AES), as well as asymmetric (public/private) key algorithms RSA and Elliptical Curve Cryptography (ECC). Implementing security is easy, as most users already have Outlook and security built into their ecosystem.
18
19 Endpoint protection Other advanced security features supported by PKI include pre-boot authentication and full-disk encryption. Gemalto credential management solutions provide a crypto framework that integrates with many applications that provide these security processes. Implementing pre-boot authentication and disk encryption helps ensure security of hard drive data. For example, if a device is lost or stolen, requiring authentication before the operating system boots makes it nearly impossible for thieves to get to the data it remains secure and encrypted.
20 The bigger picture: Moving to the cloud Most organizations today are moving to the cloud, seeking quick time to value, minimal maintenance overhead and superior scalability. Security, however, continues to be a source of concern especially to many organization that want to maintain high assurance PKI authentication schemes. These organizations would like to extend PKI authentication to cloud applications, and in some cases, combine PKI with other authentication methods to create a more nuanced approach that allows them to fit an appropriate assurance level to a business scenario or regulatory need.
21 Gemalto s access management and authentication solutions give organizations the means to rationalize their existing PKI authentication scheme and integrate it into a broader policy configuration framework. By extending PKI credentials to the cloud and combining them with other methods of authentication within access policies that provide centralized risk management and SSO, organizations can ultimately retain optimal security and improve users login experience. Extending PKI Credentials to the Cloud PKI compatible App Existing use cases Winlogon U: P: SafeNet Trusted Access Extend PKI to cloud apps
22
23 Wrapping up In addition to providing peace of mind that your data, users and systems are protected, PKI provides many business advantages such as: > > Military-grade security: PKI provides the highest protection of your sensitive documents and authentication of your users. > > Additional security functionalities: With PKI, you can encrypt data, disk, and , as well as digitally sign. > > Optimized authentication and cost savings: Password management is costly. PKI eliminates the need for users to remember long, complex passwords that they will need to change frequently. A single credential will give users access to multiple applications. > > Improved business processes: Eliminating password protocols will reduce helpdesk calls and an overall IT overhead. The bottom line PKI authentication provides the highest level of security. It is ideal for high assurance multi-factor authentication and when there is a need to comply with security regulations, as well other use cases including converged physical / logical access, encryption and digital signing.
24 Through its acquisition of SafeNet, Gemalto offers one of the most complete portfolios of enterprise security solutions in the world, enabling its customers to enjoy industryleading protection of digital identities, transactions, payments and data from the edge to the core. Gemalto s newly expanded portfolio of SafeNet Identity and Data Protection solutions enable enterprises across many verticals, including major financial institutions and governments, to take a data-centric approach to security by utilizing innovative encryption methods, best-in-class crypto management techniques, and strong authentication and identity management solutions to protect what matters, where it matters. Through these solutions, Gemalto helps organizations achieve compliance with stringent data privacy regulations and ensure that sensitive corporate assets, customer information, and digital transactions are safe from exposure and manipulation in order to protect customer trust in an increasingly digital world. Contact Us: For all office locations and contact information, please visit safenet.gemalto.com/contact-us Follow Us: blog.gemalto.com/security GEMALTO.COM Gemalto 2018.eB (EN)-Jan Design: ELC
Identity and Authentication PKI Portfolio
Identity and Authentication PKI Portfolio Gemalto offers comprehensive public key infrastructure (PKI) authentication solutions that provide optimal levels of security. Supporting a wide portfolio of IDPrime
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationGetting to Grips with Public Key Infrastructure (PKI)
Getting to Grips with Public Key Infrastructure (PKI) What is a PKI? A Public Key Infrastructure (PKI) is a combination of policies, procedures and technology that forms a trust infrastructure to issue
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto and/or its subsidiaries who shall have and keep the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationA Practical Step-by-Step Guide to Managing Cloud Access in your Organization
GUIDE BOOK 4 Steps to Cloud Access Management A Practical Step-by-Step Guide to Managing Cloud Access in your Organization Cloud Access Challenges in the Enterprise Cloud apps in the enterprise have become
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationDeliver Data Protection Services that Boost Revenues and Margins
FAMILY BROCHURE Gemalto s SafeNet Identity and Data Protection Solutions for Service Providers Deliver Data Protection Services that Boost Revenues and Margins Today, your customers and prospects are facing
More informationIndeed Card Management Smart card lifecycle management system
Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These
More informationKeep your fingers off my keys today & tomorrow
SIGS SE February 2017 Keep your fingers off my keys today & tomorrow Marcel Dasen VP Engineering Securosys SA Keys? Encryption keys asymmetric e.g. RSA, ECC public/private key pairs for wrapping symmetric
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationThe SafeNet Security System Version 3 Overview
The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationMU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationMobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents
MobilePASS SOFTWARE AUTHENTICATION SOLUTIONS Security Features Contents Introduction... 2 Technical Features... 2 Security Features... 3 PIN Protection... 3 Seed Protection... 3 Security Mechanisms per
More informationEBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?
EBOOK The General Data Protection Regulation What is it? Why was it created? How can organisations prepare for it? How the General Data Protection Regulation evolved and what it means for businesses The
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationFAMILY BROCHURE. Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication
FAMILY BROCHURE Gemalto Authenticators Diverse Form Factors for Convenient Strong Diverse Form Factors for Convenient Strong. Offering the broadest range of authentication methods and form factors supported
More informationSENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY
SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY WHO SHOULD READ THIS DOCUMENT System Integrators, Cloud and Data Centre Service Providers, Layer 2 Data Networks
More informationhidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL
Still Going Strong SECURITY TOKENS FROM HID GLOBAL Contents Protecting Identities and sensitive data 03 Defining the Right Approach 05 HID Global Authentication Devices 06 HID Global Authentication Ecosystem
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto and/or its subsidiaries who shall have and keep the
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationA HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage
A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION Establish Create Use Manage SIMPLE. SECURE. SMART. ALL FROM A SINGLE SOURCE. As the ways to access your organization and its sensitive data increase,
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationTFS WorkstationControl White Paper
White Paper Intelligent Public Key Credential Distribution and Workstation Access Control TFS Technology www.tfstech.com Table of Contents Overview 3 Introduction 3 Important Concepts 4 Logon Modes 4 Password
More informationCertificate Enrollment for the Atlas Platform
Certificate Enrollment for the Atlas Platform Certificate Distribution Challenges Digital certificates can provide a secure second factor for authenticating connections from MAP-wrapped enterprise apps
More informationMake security part of your client systems refresh
Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationWindows 10 IoT Core Azure Connectivity and Security
Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a
More informationMoser Baer Group 25 years of excellence
Moser Baer Group 25 years of excellence Introduction to the Moser Baer Group Established in 1983 25 years legacy as India s leading technology manufacturing company 8,000 Employees Rs11,000 Crores in Assets
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationElectronic Signature Policy
Electronic Signature Policy Definitions The following terms are used in this policy. Term Definition Electronic Signature An electronic signature is a paperless method used to authorize or approve documents
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationUsing PIV Technology Outside the US Government
Using PIV Technology Outside the US Government Author: Bob Dulude Publishing: 10/19/15 Introduction A common perception of many who have heard of the US Government s Personal Identity Verification (PIV)
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More information$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales
WHITE PAPER Flexible Key Provisioning with SRAM PUF SRAM PUF Benefits Uses standard SRAM Device-unique keys No secrets reside on the chip No key material programmed Flexible and scalable Certifications:
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationStudy on data encryption technology in network information security. Jianliang Meng, Tao Wu a
nd International Workshop on Materials Engineering and Computer Sciences (IWMECS 05) Study on data encryption technology in network information security Jianliang Meng, Tao Wu a School of North China Electric
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More information3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS)
3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS) 3.1 Introduction In any public key infrastructure deployment, the protection of private key material (application keys) associated with the public/private
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More informationThe Gemalto offer for PKI market in Russia
The Gemalto offer for PKI market in Russia Miroslaw TOCICKI, Technical Consultant September 18th, 2014 Agenda Introduction Gemalto IdA portfolio Java PKI cards for developers GOST certified solution IDPrime
More informationHARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY
HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY HARDWARE SECURITY MODULES Deployment strategies for enterprise security Organizations around the world are creating open, flexible
More informationEncryption and Key Management. Arshad Noor, CTO StrongAuth, Inc. Copyright StrongAuth, Inc Version 1.1
Encryption and Key Management Arshad Noor, CTO StrongAuth, Inc 1 I. Introduction 2 Who is StrongAuth? Cupertino CA-based private company Founded in 2001 Focused on Architecture, Design, Development & Support
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationNew Paradigms of Digital Identity:
A Telefonica White Paper New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) February 2016 1. Introduction The concept of identity has always been the key factor
More information