UELMA Exploring Authentication Options Nov 4, 2011
|
|
- Rafe Garrison
- 5 years ago
- Views:
Transcription
1 UELMA Exploring Authentication Options Nov 4, 2011 A U T H E N T I C A T I O N M E T H O D S P R E L I M I N A R Y R E P O R T B R A D L E E C H A N G X C E N T I A L G R O U P B R A X C E N T I A L. C O M
2 Overview Many ways to authenticate primary legal documents Solutions have varying capabilities Costs range from nearly free to nearly $200,000. We explored: Basic Methods Commercial Product Offerings Six Typical Configurations Advantages & Disadvantages Costs 2
3 Agenda 3 I. Requirements II. Authentication Methods II. Components of Authentication Solutions III. Sample Scenarios, Costs and Benefits IV. Discussion
4 Requirements 4 Authenticity of Origin - verification that the document is actually from the source that it claims to come from (e.g. the State of California Office of Legislative Counsel). Document Integrity - verification that the document has not been altered since it left its source.
5 What We Are Authenticating 5 Chaptered Bills (Statutes) Chaptered Resolutions Constitutional Amendments State Constitution State Codes
6 For Whom 6 General Public Future Public Libraries Other Governmental Bodies Private Sector Organizations
7 Agenda 7 I. Requirements II. Authentication Methods II. Components of Authentication Solutions III. Sample Scenarios, Costs and Benefits IV. Discussion
8 Authentication Building Blocks 8 fb4e a67d CA CA CA
9 Hash Codes 9 fb4e a67d
10 Hash Codes (a.k.a. Digests) Fingerprint of a document If doc changes hash changes Impossible to recreate doc from hash Infeasible to forge a doc matching a hash 10 Hashing Algorithms SHA-1 Widely used, but no longer recommended 1 SHA-2 Currently recommended 1 SHA-3 Future development MD5 Widely used, but proven to be weak (1)
11 Creating a Hash Code 11 Generate Hash Code fb4e a67d Many hash generation utilities
12 Verifying a Hash Code 12 Generate Hash Code fb4e a67d Compare Secure Server/ Website Retrieve Hash Code Secure Communications fb4e a67d
13 Advantages Simple to implement Ensures Document Integrity Hash Codes Can be extended to ensure Authenticity of Origin Supports any file type Disadvantages Does not explicitly authenticate the origin Can be vulnerable to man-in-the-middle and phishing attacks Requires trusted retrieval of hash codes or a trusted verification service Must have a method to match a document with its stored hash Vulnerable to loss or corruption of true hash codes Examples: Utah, Minnesota 13
14 Digital Signatures 14 fb4e a67d Adds Encryption and Certificates to Hashing Enables Authentication without external service or data
15 Public Key Encryption Mathematically created key pair Private key Public key 15 Encrypt data using private key Only public key can decrypt Encrypt data using public key Only private key can decrypt
16 Encrypting the Hash 16 Generate Hash Code Encrypt with Private Key fb4e a67d 37ac d2f6 37ac d2f6
17 Verifying an Encrypted Hash 17 37ac d2f6 Decrypt with Public Key fb4e a67d Generate Hash Code fb4e a67d Compare
18 Digital Certificates 18 International Standard Format (x.509) Identity Contact Information Issuing Authority Public Key Self-Created Issued by a Certificate Authority
19 Creating a Signed Document 19 Generate Hash Code Encrypt with Private Key Certificate fb4e a67d 37ac d2f6 fb4e a67d Signed Document
20 Signed Document in Adobe Reader 20 Reader must be told to trust this Certificate
21 Advantages Digital Signatures Verifiable Document Integrity Verifiable Authenticity of Origin Robust Industry Support (esp. Certificates, PDF) Disadvantages The signer must be trusted Signer could be impersonated 21 Example: See Self-Signed PDF
22 Public Key Infrastructure (PKI) 22 fb4e a67d CA CA CA
23 Public Key Infrastructure Trusted Certification Authorities (CAs) Verifies identity and issue Certificates: Public Key Verified info (identity) Signed by CA, vouches for identity of public key owner Trust CA Trust Certificates issued by CA E.g. web browsers have list of trusted CAs for secure web connections (SSL) E.g. Adobe Reader has list of CAs for PDF sigs 23
24 PKI Signed Document 24 Same as Signed Document Only the Certificate is Different Adobe VeriSign CA Office of Leg. Counsel
25 PKI Signed Document in Adobe Reader 25
26 Advantages PKI Certificates Same as Signed Document, plus: Verifiable as long as any certificate in the chain is trusted Can be verified even if the source is no longer available. Automatic verification in Adobe Reader (CDS) Disadvantages More expensive to implement 26 Example: GPO
27 Hashing Methods Summary Core feature of all authentication Partial solution which can be made whole Vulnerable to some risks Digital Signature Complete solution Must trust the signer Vulnerable to impersonation Public Key Infrastructure Establishes a Chain of Trust High level of security 27
28 Other Considerations 28 Archiving Formats (e.g. PDF/A) Long Term Authentication Controlling Document Usage Printing, form filling, etc. Key Management Certificate renewal, revocation
29 Long Term Validation Sig validity at signing time is what matters Certificates expire, can be revoked Need to prove when signature was made Crypto algorithms can weaken over time EU Directive 1999/93/EC requirements Technical solutions: ETSI standards CAdES, XAdES, PAdES Involve authenticated timestamping & embedding of certificate chain in signatures 29
30 Agenda 30 I. Requirements II. Authentication Methods II. Components of Authentication Solutions III. Sample Scenarios, Costs and Benefits IV. Discussion
31 Components of a Solution File Type Considerations 2. Certificates 3. Signing Software 4. Validation Software
32 1. File Type Considerations Some Files Support Embedded Signatures PDF, some word processing formats XMLDSig External Signatures & Envelopes Any file format can have detached signature Validation highly inconvenient Anything goes into a signed envelope Slightly less inconvenient (can't lose sig) PDF can be a signed envelope Automated Validation PDF Only 32
33 Self-signed 2. Certificates Who signed it? 33 Free! Nobody trusts it! Need trusted distribution (e.g. secure web site) Well-known CA (PKI) Not free Various purposes, levels of assurance, prices VeriSign, GeoTrust, Entrust, GlobalSign CDS Certificate Automatically trusted by Adobe Reader Requires hardware support
34 3. Signing Software 34 Desktop PDF Standard Programming Libraries itext Adobe LiveCycle
35 Desktop PDF Signing Apps Adobe Acrobat, Aloaha PDF Signator PDF only Low cost, unless many copies needed Any kind of certificate Including hardware tokens Fully manual signing Open PDF, sign and save Aloaha has batch mode, scripting capability 35
36 Standard Programming Libraries Java, MS-CAPI,.NET, etc. Crypto algorithms, certificate handling XML DSig implementations Not applications => custom software needed to use Free => cost is in developing app Can be used to sign XML, HTML, anything 36 But not embedded PDF signatures Can validate same
37 itext 37 Programming library for PDF documents Not an application => custom software needed to use Free (open source) and paid versions Any kind of certificate Including hardware tokens (to be confirmed) Suitable for automated mass signing
38 Adobe LiveCycle ES 2 Large server-side application Digital Signatures is one module PDF only Expensive CDS certificates Supports HSMs Fully automated mass signing 38
39 4. Validation Software 39 PDF Readers Hash Comparators Signature Validation Libraries Online Services (Austria, MN)
40 Adobe Reader PDF Readers Automatically validates signed PDFs Trusts certificates tracing back to: Adobe Root (Reader v6 & up) Any root cert in AATL (Reader v9 and up) (at user option) Any cert in Windows cert store Free, highly convenient, proprietary Foxit Reader User activates signature validation Seems to trust only certs in Windows store Free, slightly less convenient, bug encountered 40
41 Hash Comparators 41 Essentially the same as Hash Generators and Signing Libraries. Contained in many programming libraries For integration in validation apps Desktop apps (often free) Web apps
42 Signature Validation Libraries Ready-made libraries to validate digital signatures 42 Built on top of standard libraries Additional capabilities: server integration, file type detection, file type handling, certificate management, etc. E.g. Open Source library used officially in Austria Can be integrated in mass validation application Can be integrated in online validation service
43 Online Services Web site allowing file upload for signature/hash verification Hash verification requires access to trusted hash list Must rely on file name, or search list for matching hash Minnesota prototype Signature verification more generic Except for list of trusted root certificates State of Austria implementation: 43
44 44
45 Agenda 45 I. Requirements II. Authentication Methods II. Components of Authentication Solutions III. Sample Scenarios, Costs and Benefits IV. Discussion
46 Sample Configurations 46 Wide Range of Combinations possible Picked 6 Typical Configurations Manual to High Volume Automated
47 Six Samples Manual PDF 2. Mass Signing with itext 3. Highly Automated with Adobe LiveCycle 4. XML Signing with Java Libraries 5. PDF with Embedded XML and HTML 6. Signing and Secure Website
48 Six Samples Sample Security Volume Doc Types 48 Initial Cost Annual Cost Manual PDF High Low PDF $1,049 $618 PDF with itext High High PDF $22,100 $9,670 PDF with LiveCycle High High PDF $170,100 $39,270 XML with Java Medium High XML Dev. Only (Moderate) PDF (XML, HTML) High High XML, HTML, PDF Multi-Doc Type High High Any Dev. Only (Higher) TBD $22,100 $9,670 TBD (Higher)
49 1. Manual PDF signing 49 Entrust Group CDS certificate Unsigned PDF Signed PDF Adobe Acrobat X with operator
50 1. Manual PDF signing Initial Cost : $1,049 (Cert,Acrobat) + labor + PC On-going Cost : $618/year for certificate renewal Advantages 50 Low Initial Cost (for low volume) CDS Certificate Simple Process Disadvantages: Labor Intensive impractical for high volume Error Prone
51 2. Mass Signing with IText 51 HSM Entrust CDS certificate Unsigned PDF itext Libraries + Custom Software Signed PDF
52 Initial Cost: 2. Mass Signing with IText $2,000 itext (1 server, free dev servers) $7,000 Entrust Enterprise Lite Certificate $13,100 SafeNet Luna SA HSM $22,100 Total Plus customization, system integration, server hardware On-going Cost: $400 itext Maintenance $6,650 Entrust Enterprise Lite Certificate Renewal $2,620 SafeNet Luna SA HSM Maintenance $9,670/year Total 52
53 Advantages 2. Mass Signing with IText Automated High Volume PKI/CDS Certificate Moderate Cost Disadvantages Custom software needs to be developed 53
54 3. Highly Automated with Adobe LiveCycle 54 HSM Entrust CDS certificate Unsigned PDF Signed PDF
55 3. Highly Automated with Adobe LiveCycle Initial Cost $150,000 LiveCycle DS (2 CPU + 1 Dev Server) $7,000 Entrust Enterprise Lite Certificate $13,100 SafeNet Luna SA HSM $170,100 Total Plus customization, system integration, server hardware On-going Cost $30,000 LiveCycle DS Maintenance $6,650 Entrust Enterprise Lite Certificate Renewal $2,620 SafeNet Luna SA HSM Maintenance $39,270/year Total 55
56 3. Highly Automated with Adobe LiveCycle Advantages High Volume PKI/CDS Certificate 56 Integrated in a larger document management framework: Workflow, Forms, PDF generation from MS Office documents Disadvantages Expensive Cost increases for multi-cpu setups
57 4. XML Signing with Java Libraries 57 A certificate (self-signed) Unsigned XML Signed XML Java Libraries + Custom Software
58 4. XML Signing with Java Libraries 58 Initial Cost : Custom software Optional certificate from a CA On-going Cost Optional certificate Advantages Inexpensive Standardized Authentication (XMLDSig) Disadvantages Validation needs additional software
59 5. PDF with Embedded XML and HTML 59 Unsigned Documents HSM Entrust CDS certificate itext Libraries + Custom Software Signed PDF
60 5. PDF with Embedded XML and HTML 60
61 5. PDF with Embedded XML and HTML Initial Cost: $2,000 itext (1 server, free dev servers) $7,000 Entrust Enterprise Lite Certificate $13,100 SafeNet Luna SA HSM $22,100 Total Plus customization, system integration, server hardware On-going Cost: $400 itext Maintenance $6,650 Entrust Enterprise Lite Certificate Renewal $2,620 SafeNet Luna SA HSM Maintenance $9,670/year Total 61
62 5. PDF with Embedded XML and HTML Advantages Automated High Volume PKI/CDS Certificate Validation of PDF, XML and HTML in one step Moderate Cost Disadvantages Custom software needs to be developed Human requires Adobe Reader or Acrobat to extract data Automated processes need a PDF library to extract data 62
63 5. PDF with Embedded XML and HTML Advantages 63 Automatic validation of PDF, XML and HTML in one step Disadvantages Human requires Adobe Reader or Acrobat to extract data Automated processes need a PDF library to extract data
64 6. Multi-Doc Signing and Validation 64 A certificate (self-signed) Signing Process Java Libraries + Custom Software XML, HTML, PDF, etc. XmlDSig, Signed PDF, CMS/PKCS #7, etc.
65 6. Multi-Doc Signing and Validation 65 Validation Process Document Secure Server Integration Software Validates SSL Internet Open Source Code Supported documents: XMLDSig, Signed PDF, CMS/PKCS #7, etc. Authentic or Altered or Bad Sig
66 6. Multi-Doc Signing and Validation Initial Cost Development costs Web server On-going Cost Little Advantages Numerous types of document may be verified Disadvantages 66 Requires online access to verify document s authenticity Validation service must be maintained
67 Agenda 67 I. Requirements II. Authentication Methods II. Components of Authentication Solutions III. Sample Scenarios, Costs and Benefits IV. Discussion
68 Discussion 68 Questions? Suggestions? Additional Topics? Next Steps?
69 Discussion Ideas 69 Individual User Convenience Batch Validation Visual Fidelity Source Content Images Archive File Formats - PDF, XML HTML,?
Digital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationEDTA, itext and INBATEK Conference. Bangkok, July 27, 2017
EDTA, itext and INBATEK Conference Bangkok, July 27, 2017 Digital Signatures in PDF Basic concepts applied to PDF Architectures: server-side vs. client-side Digital signatures and document workflow Long
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationeidas-compliant signing of PDF
PDF Days Europe 2018 eidas-compliant signing of PDF Technical implications of eidas conformance in PDF processing Bernd Wild intarsys AG, Member of the Board of A Presentation 2018 by!11 72% of EU individuals
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationIFY e-signing Automated for scanned invoices
IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationTransforming the Document Signing Process
July 2015 Transforming the Document Signing Process Copyright Ascertia 2015 Sam Crook Key Account Manger Agenda About us Why are digital signatures inevitable? What are digital signatures? What can you
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationElectronic Seal Administrator Guide Published:December 27, 2017
Electronic Seal Administrator Guide Published:December 27, 2017 Copyright Version 4.25.2.3 Copyright 2003-2018 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights
More informationCertificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between
Certificate Enrollment- and Signing Services for the Cloud A behind-the-scenes presentation of a successful cooperation between Introduction Based on our experience and the request from the market we would
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationHandwritten signatures are EOL Panos Vassiliadis
Handwritten signatures are EOL Panos Vassiliadis Managing Director The use of paper would be reduced and maybe eliminated in offices by 1995 and all documents would be on computer and electronic due to
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationIntertek esignature Customer Reference Document
Version 3.8 Page 1 of 17 Document History Version Amendments Date Amended by 2.1 Corrected index numbering, revised Section 1.6 and references to 1.6; Corrected formatting 30-Jul-2014 Application Support
More informationSHA-1 to SHA-2. Migration Guide
SHA-1 to SHA-2 Migration Guide Web-application attacks represented 40 percent of breaches in 2015. Cryptographic and server-side vulnerabilities provide opportunities for cyber criminals to carry out ransomware
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationQUANTUM SAFE PKI TRANSITIONS
QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver
More informationProfile for High-Performance Digital Signatures
CYBERNETICA Institute of Information Security Profile for High-Performance Digital Signatures Version 1.2 Margus Freudenthal T-4-23 / 2017 Copyright c 2017 Margus Freudenthal. Cybernetica AS, Department
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationSecurity Vulnerabilities of the NDEF Signature Record Type
Security Vulnerabilities of the NDEF Signature Record Type Michael Roland Upper Austria University it of Applied Sciences,, Austria 3 rd International Workshop on Near Field Communication 22 February 2011,,
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationCertificate implementation The good, the bad, and the ugly
Certificate implementation The good, the bad, and the ugly DOE Security Training Workshop James A. Rome Oak Ridge National Laboratory April 29, 1998 A wealth of riches? I decided to use certificates for
More informationGovernment PKI Factors Influencing Architecture for the Equal Employment Opportunity Commission
Government PKI Factors Influencing Architecture for the Equal Employment Opportunity Commission December 14, 2000 Steve Bruck Khurram Chaudry Francis Yuan 1 EEOC Business Cases for PKI Citizens complaints
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 DNSSEC 2 2 DNS: Data Flow Zone administrator
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationImplementing Secure Socket Layer
This module describes how to implement SSL. The Secure Socket Layer (SSL) protocol and Transport Layer Security (TLS) are application-level protocols that provide for secure communication between a client
More informationSSL/TSL EV Certificates
SSL/TSL EV Certificates CA/Browser Forum Exploratory seminar on e-signatures for e-business in the South Mediterranean region 11-12 November 2013, Amman, Jordan Moudrick DADASHOW CEO, Skaitmeninio Sertifikavimo
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationbbc Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader PDF Creation Date:
bbc PDF Creation Date: September 5, 2008 Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader Version 9.0 2008 Adobe Systems Incorporated.
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationSectigo Security Solution
Sectigo Email Security Solution 2018 Sectigo. All rights reserved. Email hacking is a commonly used malicious tactic in our increasingly connected world. Business email compromise (BEC), or email account
More informationResolution of comments on Drafts ETSI EN to ETSI EN May 2014
Resolution of comments on Drafts ETSI EN 319 142-1 to ETSI EN 319 142-7 31 May 2014 PAdES Foreword: Please note that the following disposition of comments is provided to the light of the current context
More informationINSTRUCTION FOR OPERATION WITH DESKTOP SIGNER
INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER Version 1.50, February 2017 B-Trust Instruction Page 1 TABLE OF CONTENTS I. About the Program... 3 II. System requirements... 3 III. Installation... 4 IV.
More informationCian Kinsella CEO, Digiprove
Cian Kinsella CEO, Digiprove cian.kinsella@digiprove.com Malaga 7 th June 2013 Been developing software since 1972 Commercial and Freelance Co-founder of 3 Software Product Companies Have had many different
More informationRedesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian
Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA,
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationThe Uniform Electronic Legal Material Act
The Uniform Electronic Legal Material Act Implementation in Minnesota Prepared By: Melissa Patsch, Software Developer Office of the Revisor of Statutes For: NALIT Professional Development Seminar Date:
More informationCertificate-based authentication for data security
Technical white paper Certificate-based authentication for data security Table of Contents Introduction... 2 Analogy: A simple checking account... 2 Verifying a digital certificate... 2 Summary... 8 Important
More informationPublic-key Infrastructure Options and choices
Public-key Infrastructure Options and choices Tim Moses Director, Advanced Security Technology April 98 1997 Entrust Technologies Overview General-purpose and Dedicated PKIs Trust models Two-key architecture
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationTest Signature Policy Version 1.0
Test Signature Policy Version 1.0 This document describes the policy requirements for the creation of test signatures. 04-10-2018 Name COMPL_POL_TestSignaturePolicy OID 1.3.6.1.4.1.49274.1.1.5.1.0 Applicable
More informationIntroducing Hardware Security Modules to Embedded Systems
Introducing Hardware Security Modules to Embedded Systems for Electric Vehicles charging according to ISO/IEC 15118 V1.0 2017-03-17 Agenda Hardware Trust Anchors - General Introduction Hardware Trust Anchors
More informationUELMA Preservation. Jason Judt & Daniel Kruse Office of the Revisor of Statutes, Minnesota
UELMA Preservation Jason Judt & Daniel Kruse Office of the Revisor of Statutes, Minnesota UELMA System Overview Server-side authentication Complete versioning system Tracking and auditing tools developed
More informationAutomated Court Reporter Application. Digital Signatures
Automated Court Reporter Application Digital Signatures Doc Version 1.5 December 1, 2010 Administrative Office of the U.S. Courts Revision History Date Version Description of Revision 2/10/2009 1.0 Initial
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationOverview & Specification
Electronic Signature Overview & Specification Version: 1.0 Author: Qatar Public Key Infrastructure Section Document Classification: PUBLIC Published Date: May 2018 Version: 1.0 Page 1 of 31 Document Information
More informationRethinking IoT Authentication & Authorization Models
Rethinking IoT Authentication & Authorization Models 2017 ISSA SoCal Security Symposium September 14, 2017 Hilton Orange County, Costa Mesa Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationIntroduction to Cryptography Lecture 10
Introduction to Cryptography Lecture 10 Digital signatures, Public Key Infrastructure (PKI) Benny Pinkas January 1, 2012 page 1 Non Repudiation Prevent signer from denying that it signed the message I.e.,
More informationVSP18 Venafi Security Professional
VSP18 Venafi Security Professional 13 April 2018 2018 Venafi. All Rights Reserved. 1 VSP18 Prerequisites Course intended for: IT Professionals who interact with Digital Certificates Also appropriate for:
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationDigital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE
Digital Certificate Operation in a Complex Environment A project within the Joint Information Systems Committee s Authentication, Authorisation and Accounting middleware programme PKI ARCHITECTURE QUESTIONNAIRE
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationDocument Signing Certificate Getting Started Guide
Certificate Services Document Signing Certificate Getting Started Guide Using the SafeNet Authentication Client: 8.3 Document issue: 1.0 Date of issue: March 2017 For software release 12.1 Document Signing
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationAdd or remove a digital signature in Office files
Add or remove a digital signature in Office files This article explains digital signatures (also known as digital ID), what they can be used for, and how you can use digital signatures in the following
More informationPRICE LIST TRUST SERVICE PRODUCTS. Price List Version 5.9 Berlin, April Copyright 2018, Bundesdruckerei GmbH. Seite 1/9
PRICE LIST TRUST SERVICE PRODUCTS Price List Version 5.9 Berlin, April 2018 Copyright 2018, Bundesdruckerei GmbH Seite 1/9 Qualified Single Signature Cards D-TRUST Card 3.0 EU Signature card according
More informationFIS and DCS User Guide - Supplement
FIS and DCS User Guide - Supplement Adobe Acrobat and Adobe Reader Configuration How to Digitally Sign PDF Documents with Adobe Acrobat and Adobe Reader Version 1.0 Exostar LLC September 2016 1 Table of
More informationInteragency Advisory Board Meeting Agenda, February 2, 2009
Interagency Advisory Board Meeting Agenda, February 2, 2009 1. Opening Remarks (Tim Baldridge, NASA) 2. Mini Tutorial on NIST SP 800-116 AND PIV use in Physical Access Control Systems (Bill MacGregor,
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationETSI TR V1.1.1 ( )
TR 119 400 V1.1.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 Kerberos History: from UNIX to Networks (late 80s) Solves: password eavesdropping Also mutual authentication
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Kerberos History: from UNIX to Networks (late
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationElectronic Signature Format. ECOM Interoperability Plug Test 2005
Electronic Signature Format ECOM Interoperability Plug Test 2005 Final Report Executive Summary January 2006 Next Generation Electronic Commerce Promotion Council of Japan (ECOM) Security Working Group
More informationEnterprise / Insurance Companies. Safe Online Operations
Enterprise / Insurance Companies Safe Online Operations Introduction: Meet the presenter VP Strategic Sales - EMEA Senior Executive GlobalSign - Belgium RONALD DE TEMMERMAN T +32 (0) 16 891908 M +32 (0)
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationInternet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track ISSN: 2070-1721 A. Jerman Blazic S. Saljic SETCCE T. Gondrom July 2011 Abstract Extensible Markup Language Evidence
More informationADOBE 9A Adobe LiveCycle ES Application Developer.
ADOBE 9A0-081 Adobe LiveCycle ES Application Developer http://killexams.com/exam-detail/9a0-081 QUESTION: 57 Which three technologies are used to create digital signatures? (Choose three.) A. hashing B.
More information