Public Key Infrastructures Chapter 06 Private Keys
|
|
- Tamsin Oliver
- 5 years ago
- Views:
Transcription
1 Public Key Infrastructures Chapter 06 Private Keys Cryptography and Computer Algebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier
2 Personal security environments Store Private keys Certificates Other data Provide Compatibility Portability Availability Access protection 2
3 Personal security environments Secure storage of private keys in Software in Hardware Standardized (e.g. PKCS#12) OS / language specific (e.g. Java KeyStore) Application specific (e.g. Netscape) Hardware Security Module (HSM) USB-Token Smartcard 3
4 PKCS#12 structure Secure key storage and use AuthenticatedSafe ContentInfo Plain data Encrypted data Enveloped data 4
5 PKCS#12: ASN.1 PFX ::= SEQUENCE { version INTEGER {v3(3)}(v3,...), authsafe ContentInfo, macdata MacData OPTIONAL } file://../certificates/p12/cs_student.cxt AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted 5
6 PKCS#12: Content Plain data mode: No encryption is applied. Password Privacy Mode (encrypted data): Encryption with a symmetric key which is derived from a password. Public Key Privacy Mode (enveloped data): Encryption with a symmetric key which is encrypted with the public key of the receiver. 6
7 PKCS#12: Authentication Password Integrity Mode: A MAC is calculated with a symmetric key which is derived from a password. Public Key Integrity Mode: Signed with the private key of the issuer. 7
8 Java KeyStore 8
9 Java KeyStores Implementation of the KeyStore Class Different implementations: JKS Proprietary algorithms Weak encryption JCEKS Standard algorithms Strong encryption Part of the JCE (Java Cryptography Extensions) Since Java 1.4 Own implementation (proprietary) Easy Administration with keytool 9
10 Application specific Windows Internet Explorer, Outlook/Express The standard implementation is proprietary Through Cryptographic Service Provider The format for the import usually is PKCS#12 11
11 Private key import in Firefox file://../firefoxportable/firefoxportable.exe 12
12 Private key access in Firefox file://../firefoxportable/firefoxportable.exe 13
13 Private key import in Windows file://../certificates/p12/cs_student.p12 14
14 Private key access in Windows 15
15 Hardware Security Module Secure key storage and use (Pseudo)random number generation Key pair generation Key archiving Encryption / decryption Generating / verifying signatures Hashing Acceleration for cryptographic schemes (e.g. TLS) 16
16 Network Attached HSM Shared HSM Speed Availability Robustness 17
17 Hardware Security Module Protect the keys against Mechanical attacks Temperature attacks Manipulation of the voltage Chemical attacks The keys are destroyed in case of danger 18
18 Hardware Security Module Usually homologated (e.g. FIPS Level x) Usually sold as a black boxes no audit by users possible => Brazil developed open source HSM Access usually via PKCS#11 Most HSM provide proprietary PKCS#11 extensions Usually HSMs provide backup functionality Depending on evaluation level and purpose of the HSM 19
19 PKCS#11 "Cryptographic Token Interface Support functions like: Change PIN, Sign, Decrypt, Write certificate But: Some functions are not supported (e.g. change PUK) Different libraries are needed for supporting different cards and readers. Available at: 20
20 Smartcards Secure key storage and use Key pair generation (not all) (Pseudo)random number generation (not all) Calculation of digital signatures Decryption Access via: PKCS#11 CT-API PC/SC 21
21 PKCS#15 Specifies the structure of the file system on the chip card Every directory on the card is an application Pointers to cryptographic objects (ODF) Private Key Public Key Certificate There is a newer specification based on it: ISO Available at: 22
22 Structure PKCS#15 (Root directory) MasterFile (MF) (Meta data) Descriptor DF(PKCS#15) Userdata EF (DIR) Further DFs/EFs ODF PrKDF CDF ADF TokenInfo Object Directory File: Pointers to directories: PrivateKey Data, Certificate Data, Authentication Data (PIN) and Token Information (Serial number) 23
23 E4 NetKey (TeleSec) E4 evaluated (according to ITSEC) Global files (serial number, etc.) SigG application Pre-keyd with one key-pair according to SigG (Signature Act) NetKey application 3 key pairs (pre-keyed) Null-PIN scheme (patented) 24
24 Java Cards No filesystem but applets JCRE (Java Card Runtime Environment) manages: the resources of the card the communication with the outside world the execution of the applets controls: the compliance with the security limitations 25
25 Java Cards Like normal Java code, but without: Long, double, float Characters and strings Multidimensional arrays Threads Object serialization und cloning Dynamic loading of classes (like drivers) Security Manager Garbage Collector not always present 26
26 PSE: comparison PKCS #12 HSM Smart card Cost O Interoperability Portability Security Speed N/A very bad - bad O fair + good ++ very good 27
27 Private key lifecycle recover deposit States Steps in a private keys life restore store storable deliverable nonexistent deposited usable copy copy use Transitions Tasks to be done with private key during its life deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
28 Generate recover deposit Appropriate algorithms and parameters restore store storable deliverable nonexistent deposited usable copy copy use Secure (P)RNG Shielding against eavesdropping deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
29 Copy recover deposit Usually to be avoided, but may be reasonable restore store storable deliverable nonexistent deposited usable copy copy use Easy for authorized users Impossible for unauthorized users deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
30 Store / deposit recover deposit Persistent storage Deletion from the generator restore store storable deliverable nonexistent deposited usable copy copy use Appropriate access protection deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
31 Restore/ recover recover deposit Correct reestablishment Easy for authorized users restore store storable deliverable nonexistent deposited usable copy copy use Impossible for unauthorized users deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
32 Deliver / retract recover deposit Correct receiver Guaranteed delivery restore store storable deliverable nonexistent deposited usable copy copy use Appropriate transport security mechanisms deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
33 Use recover deposit Easy for the authorized users Impossible for the restore store storable deliverable nonexistent deposited usable copy copy use unauthorized users Shielding against eavesdropping, manipulation deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
34 Destruct recover deposit Unrecoverable All (intended) copies are to restore store storable deliverable nonexistent deposited usable copy copy use be destroyed deliver retract Source: A. Wiesmaier. Secure Private Key Management in Adaptable Public Key Infrastructures. PhD thesis, Cryptography and Computer Algebra Group, Technische Universität Darmstadt, September Mensch und Buch Verlag, Berlin. ISBN-13:
35 Life cycle of private keys Example 1: PGP (user generates keys) file://../thunderbirdportable/thunderbirdportable.exe 36
36 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 37
37 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 38
38 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 39
39 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 40
40 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 41
41 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 42
42 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 43
43 PGP: Generation file://../thunderbirdportable/thunderbirdportable.exe 44
44 PGP: Storing file://../thunderbirdportable/thunderbirdportable.exe 45
45 PGP: Transport file://../thunderbirdportable/thunderbirdportable.exe 46
46 PGP: Transport file://../thunderbirdportable/thunderbirdportable.exe 47
47 PGP: Transport File contents file//../certificates/test User.cxt 48
48 PGP: Use file://../thunderbirdportable/thunderbirdportable.exe 49
49 PGP: Use file://../thunderbirdportable/thunderbirdportable.exe 50
50 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 51
51 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 52
52 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 53
53 PGP: Backup file://../thunderbirdportable/thunderbirdportable.exe 54
54 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 55
55 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 56
56 PGP: Recovery file://../thunderbirdportable/thunderbirdportable.exe 57
57 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 58
58 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 59
59 PGP: Destruction file://../thunderbirdportable/thunderbirdportable.exe 60
60 Life cycle of private keys Example 2: TUD Card (TC generates keys) 61
61 TUD Card: Generation The manufacturer creates the keys input output 62
62 TUD Card: Storing Contains the private key A file exists that holds the private key. Security condition: PSO (Perform Security Operation) after PIN has been correctly given. 63
63 TUD Card: Transport By snail mail 64
64 TUD Card: Use First Use detection Null-PIN technique 65
65 TUD Card: Use PIN-Entry necessary for PSO 66
66 TUD Card: Use Set PIN See PUK Download certificate file://../cardmanager.jnlp 67
67 TUD Card: Destruction Physical destruction of the card. high temperature, etc 68
68 TUD Card: Backup Each encryption key is stored in a PKCS#12 file input output 69
69 Life cycle of private keys Example 3: Java KeyStore (user generates keys) 70
70 KeyStore: Generate..\BatchFiles\keytool.bat 71
71 KeyStore: Store..\BatchFiles\keytoolList.bat 72
72 KeyStore: Use Get certificate request keytool -certreq -keystore keystore.ks -file csr.txt -alias myalias 73
73 KeyStore: Use Get certificate from accepted authority And many more 74
74 KeyStore: Use Import certificate keytool -import -file test.crt -alias myalias -trustcacerts - keystore keystore.ks 98
75 Backup A simple copy of the file to: a CD a USB stick an external hard disc or similar The password may be changed. 99
76 Recovery Recovery from the copy location. Password is needed. 100
77 Destruction 101
78 Life cycle of private keys Other examples: OpenSSL Firefox with Key Manager Add-on ELSTER Elektronische Gesundheitskarte Neuer Personalausweis And many more 102
Personal Security Environment (PSE) Token properties. Realisation of PSEs : Tokens. How to store private keys? Chapter 6.
Personal Security Environment (PSE) Public Key Infrastructures Chapter 6 Private Keys How to store private keys? Cryptography and Computeralgebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier 2 Realisation
More informationPublic Key Infrastructures
Public Key Infrastructures How to store private keys? Chapter 6 Private Keys Cryptography and Computeralgebra Vangelis Karatsiolis Alexander Wiesmaier 1 2 Personal Security Environment (PSE) Realisation
More informationPublic Key Infrastructures
Public Key Infrastructures Chapter 6 Private Keys Cryptography and Computeralgebra Johannes Buchmann 1 How to store private keys? 2 Personal Security Environment (PSE) Private keys are stored in PSEs 3
More informationPublic Key Infrastructures
Public Key Infrastructures How to store private keys? Chapter 6 Private Keys Cryptography and Computeralgebra Vangelis Karatsiolis 1 2 Personal Security Environment (PSE) Realisation of PSEs : Tokens Secure
More informationPublic Key Infrastructures Chapter 11 Trust Center (Certification Authority)
Public Key Infrastructures Chapter 11 Trust Center (Certification Authority) Cryptography and Computer Algebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier Trust center (TC) Trusted third party
More informationPKCS #15: Conformance Profile Specification
Table of Contents PKCS #15: Conformance Profile Specification RSA Laboratories August 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 2 3 SYMBOLS AND ABBREVIATIONS...
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationQuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen
QuoVadis The Swiss solution for digital certificates with worldwide distribution QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen Overview!! Check list for Root signing or managed PKI!!
More informationSECURE YOUR INTEGRATIONS. Maarten Smeets
SECURE YOUR INTEGRATIONS Maarten Smeets 07-06-2018 About Maarten Integration consultant at AMIS since 2014 Several certifications SOA, BPM, MCS, Java, SQL, PL/SQL, Mule, AWS, etc Enthusiastic blogger http://javaoraclesoa.blogspot.com
More informationIntroduction to Public Key Infrastructures
Introduction to Public Key Infrastructures Johannes A. Buchmann Evangelos Karatsiolis Alexander Wiesmaier Introduction to Public Key Infrastructures 123 Johannes A. Buchmann FB Informatik TU Darmstadt
More informationContents. Notices Terms and conditions for product documentation.. 45 Trademarks Index iii
Overview IBM ii Overview Contents Product overview........... 1 What's new in this release.......... 1 Supported languages........... 3 Features overview............ 3 Key serving.............. 4 Encryption-enabled
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationContents. Notices Terms and conditions for product documentation.. 43 Trademarks Index iii
Overview IBM ii Overview Contents Product overview........... 1 What's new in this release.......... 1 License usage metrics........... 2 Supported languages........... 3 Features overview............
More informationXenApp 5 Security Standards and Deployment Scenarios
XenApp 5 Security Standards and Deployment Scenarios 2015-03-04 20:22:07 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents XenApp 5 Security Standards
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationDigital it Signatures. Message Authentication Codes. Message Hash. Security. COMP755 Advanced OS 1
Digital Signatures Digital it Signatures Offer similar protections as handwritten signatures in the real world. 1. Difficult to forge. 2. Easily verifiable. 3. Not deniable. 4. Easy to implement. 5. Differs
More informationPKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore
PKI Standards Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 PKCS Why PKCS? Even
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationPKCS #15 v1.0: Cryptographic Token Information Format Standard
PKCS #15 v1.0: Cryptographic Token Information Format Standard Table of Contents RSA Laboratories April 23, 1999 1 INTRODUCTION... 3 2 REFERENCES AND RELATED DOCUMENTS... 5 3 DEFINITIONS... 7 4 SYMBOLS
More informationEntrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4
Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4 July 2008 Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSharing Secrets using Encryption Facility - Handson
Sharing Secrets using Encryption Facility - Handson Lab Steven R. Hart IBM March 12, 2014 Session Number 14963 Encryption Facility for z/os Encryption Facility for z/os is a host based software solution
More information3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS)
3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS) 3.1 Introduction In any public key infrastructure deployment, the protection of private key material (application keys) associated with the public/private
More informationGuide Installation and User Guide - Mac
Guide Installation and User Guide - Mac With Fujitsu mpollux DigiSign Client, you can use your smart card for secure access to electronic services or organization networks, as well as to digitally sign
More informationThales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen
Thales e-security Security Solutions PosAm, 06th of May 2015 Robert Rüttgen Hardware Security Modules Hardware vs. Software Key Management & Security Deployment Choices For Cryptography Software-based
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationSecurity Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets
Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...
More informationIBM i Version 7.2. Security Cryptography IBM
IBM i Version 7.2 Security ryptography IBM IBM i Version 7.2 Security ryptography IBM Note Before using this information and the product it supports, read the information in Notices on page 275. This
More informationCertificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between
Certificate Enrollment- and Signing Services for the Cloud A behind-the-scenes presentation of a successful cooperation between Introduction Based on our experience and the request from the market we would
More informationEncrypt Data (QC3ENCDT, Qc3EncryptData) API
Page 1 of 16 Encrypt Data (QC3ENCDT, Qc3EncryptData) API Required Parameter Group: 1 Clear data Input Char(*) 2 Length of clear data Input Binary(4) 3 Clear data format name Input Char(8) 4 Algorithm description
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1
ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation April 2012 Copyright 2012 Algorithmic Research This document
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationSymantec Encryption Desktop
RSA Ready Implementation Guide for RSA SecurID Last Modified: December 12, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Symantec
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationOwner of the content within this article is Written by Marc Grote
Owner of the content within this article is www.msexchange.org Written by Marc Grote www.it-training-grote.de Securing E-Mails with S/MIME and Smartcards in Exchange 2003 Written by Marc Grote - mailto:grotem@it-training-grote.de
More informationPublic Key Infrastructures
Public Key Infrastructures Trust Models Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun We trust certificates because we trust the system(s). Direct trust Web of trust Hierarchical
More informationBlackBerry Enterprise Solution Security
Release 4.1 Technical Overview 2006 Research In Motion Limited. All rights reserved. Contents Wireless security... 4 BlackBerry Enterprise Solution security... 4 New security features...6 BlackBerry encryption
More informationProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy
ProtectV StartGuard FIPS 140-2 Level 1 Non-Proprietary Security Policy DOCUMENT NUMBER: 002-010841-001 AUTHOR: DEPARTMENT: LOCATION OF ISSUE: SafeNet Certification Team R & D Program Managaement Redwood
More informationInterface. Circuit. CryptoMate
A C O S 5 - C T M C r y p t o M a t e U S B T o k e n Version 1.5 03-2007, Email: info@acs.com.hk Website: www.acs.com.hk CryptoMate USB Token 1.0 Introduction Frustrated by network breaches like Trojan
More informationShort Public Report. 2. Manufacturer or vendor of the IT product / Provider of the IT-based service:
Short Public Report 1. Name and version of the IT product or IT-based service: DIGITTRADE High Security HDD HS256S 2. Manufacturer or vendor of the IT product / Provider of the IT-based service: Company
More informationeroaming platform Secure Connection Guide
eroaming platform Secure Connection Guide Contents 1. Revisions overview... 3 2. Abbrevations... 4 3. Preconditions... 5 3.1. OpenSSL... 5 3.2. Requirements for your PKCS10 CSR... 5 3.3. Java Keytool...
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationDBsign for HTML Applications Version 4.0 Release Notes
DBsign for HTML Applications Version 4.0 Release Notes Copyright 2010 Version 4.0 Copyright Notice: The Release Notes has a copyright of 2000-2010 by Gradkell Computers, Inc. This work contains proprietary
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationmidentity midentity Basic KOBIL midentity Basic Mobile, Secure and Flexible
KOBIL Mobile, Secure and Flexible KOBIL is the ideal product for the mobile, yet safe transportation of your data and the protection of your digital identity. The perfectly integrated smartcard technology
More informationEncryption Wizard 3.2 User Guide
Encryption Wizard 3.2 User Guide Autonomic Trusted Sensing for Persistent Intelligence (ATSPI) Technology Office Last Updated: 19 May 2009 For EW versions >= 3.2.4 This work funded in part by the DDR&E
More informationKey Lifecycle Security Requirements. Version 1.0.2
Key Lifecycle Security Requirements Version 1.0.2 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail: eid@bsi.bund.de Internet: https://www.bsi.bund.de
More informationPower LogOn s Features - Check List
s s - Check List Versions The software is available in two versions, to meet the needs of all types and sizes of organizations. The list below indicates the features that are included in each version.
More informationIBM. Security Cryptography. System i. Version 6 Release 1
IBM System i Security ryptography Version 6 Release 1 IBM System i Security ryptography Version 6 Release 1 Note Before using this information and the product it supports, read the information in Notices,
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationIBM Systems and Technology Group
IBM Systems and Technology Group Encryption Facility for z/os Update Steven R. Hart srhart@us.ibm.com 2013 IBM Corporation Topics Encryption Facility for z/os EF OpenPGP Support X.509 vs. OpenPGP Certificates
More informationSSL Configuration Oracle Banking Liquidity Management Release [April] [2017]
SSL Configuration Oracle Banking Liquidity Management Release 12.4.0.0.0 [April] [2017] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP SSL ON ORACLE
More informationGuide Installation and User Guide - Linux
Guide Installation and User Guide - Linux With Fujitsu mpollux DigiSign Client, you can use your smart card for secure access to electronic services or organization networks, as well as to digitally sign
More informationEnterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EI-TC Agenda What is an EI? Components of an EI Auditing an EI ISACA members
More informationETSI TS V7.1.0 ( )
TS 102 266 V7.1.0 (2006-01) Technical Specification Smart Cards; USSM: UICC Security Service Module; Stage 1 2 TS 102 266 V7.1.0 (2006-01) Reference RTS/SCP-R0002r1 Keywords smart card, security 650 Route
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationExtending Security Functions for Windows NT/2000/XP
Abstract Extending Security Functions for Windows NT/2000/XP Ing. Martin Kákona martin.kakona@i.cz S.ICZ a. s., J. Š. Baara 40, České Budějovice, Czech Republic The paper describes the possibilities of
More informationSecurity Policy Document Version 3.3. Tropos Networks
Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact
More informationJava Card Technology-based Corporate Card Solutions
Java Card Technology-based Corporate Card Solutions Jack C. Pan, Leader and Sr. Architect Hervé Garcia, Tech. Project Manager econsumer Emerging Technologies, Citibank Overall Presentation Goal The objectives
More informationEncryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018
Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018 Agenda Basic Theory: encryption and hashing Digital Certificates Tools for Digital Certificates Design
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationKey Management Interoperability Protocol (KMIP)
www.oasis-open.org Management Interoperability Protocol (KMIP) April 2 nd, 2009 1 Agenda The Need for Interoperable Management KMIP Overview KMIP Specification KMIP Use Cases 2 The Need for Interoperable
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More information1. Product Overview 2. Product Features 3. Product Value 4. Comparison Chart 5. Product Applications 6. Q & A
www.acs.com.hk 1. Product Overview 2. Product Features 3. Product Value 4. Comparison Chart 5. Product Applications 6. Q & A 2 3 ACOS5 Series (32KB EEPROM) Cryptographic Smart Card and Token Module ACOS5
More informationVMware vrealize Operations for Horizon Security. 20 SEP 2018 VMware vrealize Operations for Horizon 6.6
VMware vrealize Operations for Horizon Security 20 SEP 2018 VMware vrealize Operations for Horizon 6.6 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationHARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY
HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY HARDWARE SECURITY MODULES Deployment strategies for enterprise security Organizations around the world are creating open, flexible
More informationIntegral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy
Integral Memory PLC. Chassis) and Crypto Dual Plus (Underlying FIPS 140-2 Security Policy Table of Contents 1. INTRODUCTION... 1 1.1 Purpose....1 1.2 References... 1 1.3 Document History... 1 2. PRODUCT
More informationINSTRUCTIONS FOR INSTALLING AND USING ELECTRONIC SIGNATURE CERTIFICATES UNDER LINUX
INSTRUCTIONS FOR INSTALLING AND USING ELECTRONIC SIGNATURE CERTIFICATES UNDER LINUX Version 1.0 May 2006 CONTENTS I. SYSTEM REQUIREMENTS II. INSTALLING A SMART CARD READER DEVICE DRIVER III. INSTALLING
More informationACOS 3 Contact Card. Functional Specification. Subject to change without prior notice
ACOS 3 Contact Card Functional Specification Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Features...3 1.2. Technical Specifications...3 1.2.1. Electrical...3 1.2.2.
More informationInternet Engineering Task Force (IETF) Request for Comments: 7292 Category: Informational. S. Parkinson A. Rusch M. Scott RSA July 2014
Internet Engineering Task Force (IETF) Request for Comments: 7292 Category: Informational ISSN: 2070-1721 K. Moriarty, Ed. EMC M. Nystrom Microsoft Corporation S. Parkinson A. Rusch M. Scott RSA July 2014
More informationArchitecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions
SecureToken Architecture 1 3 2 32-bit microprocessor smart chip Support onboard RSA key pair generation Built-in advanced cryptographic functions 4 5 6 7 8 9 10 Support onboard digital signing Supports
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationQUICK SET-UP VERIFICATION...3
TABLE OF CONTENTS 1 QUICK SET-UP VERIFICATION...3 2 INSTALLING CERTIFICATES...3 3 IF YOU USE MS INTERNET EXPLORER...3 3.1 INSTALLING THE CERTIFICATE...3 3.2 SSL3 ACTIVATION:...3 3.3 JAVASCRIPT ACTIVATION...3
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationNCP Secure Client Juniper Edition (Win32/64) Release Notes
Service Release: 10.10 r31802 Date: September 2016 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release: Windows 10 32/64 bit Windows 8.x 32/64
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationConfiguring File Server Resource Manager (FSRM)
Configuring File Server Resource Manager (FSRM) LESSON 5 70-411 EXAM OBJECTIVE Objective 2.2 Configure File Server Resource Manager (FSRM). This objective may include but is not limited to: install the
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More information1. Product Overview 2. Product Features 3. Comparison Chart 5. Q & A
www.acs.com.hk 1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Q & A 2 3 ACOS5 Series (32KB EEPROM) Cryptographic Smart Card and Token 5 Time-to-market Mask chip
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationSLE66CX322P or SLE66CX642P / CardOS V4.3B Re_Cert with Application for Digital Signature
Security Confirmation and Report T-Systems.02182.TE.11.2006 SLE66CX322P or SLE66CX642P / CardOS V4.3B Re_Cert with Application for Digital Signature Siemens AG Confirmation concerning Products for Qualified
More informationIBM Presentations: Implementing SSL Security in WebSphere Partner Gateway
IBM Software Group IBM Presentations: Implementing SSL Security in WebSphere Partner Gateway Presenter: Max Terpolilli WPG L2 Support WebSphere Support Technical Exchange Agenda IBM Software Group Digital
More informationDERIVED UNIQUE TOKEN PER TRANSACTION
SESSION ID: ASEC-W04 DERIVED UNIQUE TOKEN PER TRANSACTION Jeff Stapleton VP Security Architect Wells Fargo X9F4 workgroup chair Application Security Solution: tokenization technology Substitute sensitive
More information