Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Published byTania Stitt Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011."— Presentation transcript:

1 Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011

2 SSLX Features and Benefits Real-Time Security – real-time authentication of users and servers Superior Performance – up to 300 times faster Easy to Deploy – no certificates to distribute or manage Easy to Use – transparent to end-users, easy for administrators Scalable Trust – enables new business models and enhances existing ones Federated Trust – provides flexible, dynamic networking of users and services Transparency – uses existing SSL infrastructure without changes, and provides automatic switching to SSL if SSLX is not available Improvements allow SSLX to be used all the time, creating a faster, safer Internet SSLX is Next-Generation SSL

3 How SSLX Works Circle of Trust Web Browser Server SSLX Public Administrator Directory Services Private Directory Service

4 SSLX Infrastructure Governing body awards and monitors Public Directory Services Trusted third-party installs DS application and database Available: Windows server SSLX-VPN closed-community secure communication package/device Available: Windows server Enables a real-time, easily verifiable trust partnership Web Browser Server SSLX Public Administrator Directory Service Private Directory Service User updates browser with Add-on for Firefox Site admin upgrades server. Available module: Apache mod_sslx

5 SSLX Summary Superior features and benefits – open source, high quality code available for testing, pilot, demonstration and/or full production Implementation has no obstacles – easily fits into existing infrastructure without any disruption of current SSL capability Full documentation – method, process, architecture and code available for download, peer review, analysis, comment, correction and optimization Quality business model – multiple parties engaged to allow a real world- community Trust Partnership SSLX offers a successful transition to the next- generation of internet security SSLX is Next-Generation SSL

6 Federated Trust Web applications often require dynamic collaboration among users and services. The federated trust model of SSLX allows services to be provided that can create dynamic communities of trust so that applications can provide transaction level security where all parties are properly authenticated in a continuous manner. Communities of trust can be ‘shared’ between individuals and their respective communities. Of Users and Services Enables users and services to establish a network of trust that is based on the requirements of the application rather than fitting the application to the security model.

7 Community of Trust Enables Dynamic Collaboration SSLX allows users to connect privately with other people, share data and documents online and add or delete user access in real-time. SSLX ensures that only authorized individuals can access the content as defined by the content owner. SSLX provides user-managed security for web applications using standard browser access.

8 How SSLX Works – Verified Setup Optional Easy Instant As often as desired Required Easy Instant As often as desired Verified Setup (VSU) Web servers (or browsers) initially authenticate to a Directory Service by providing several publicly verifiable data elements using two distinct communication channels and two distinct data encryption mechanisms. The result is mutually authenticated, real-time, third-party trust communication 256-bit, shared, Session Master Key Server Web Browser Directory Service

9 How SSLX Works – Real-time Handshake 1. SSLX Request 2. Secure Replies 4. Secure Reply 3. Verify Request Real-time Handshake 1.Initial SSLX communication begins with a browser request for a secure page 2.The server securely replies with one half of the Session Master Key (SMK) to an agreed upon DS. The server also replies securely directly back to the browser with the second half of the SMK and the DS identifier. 3.The browser then sends a request for the other key half to the DS using the identifier. 4.The DS then securely replies and the browser now has a SMK to continue secure communications with the server. Handshakes can be done as often as required by the site or browser. There are 5 SSLX handshake security levels – a composite is shown Server Web Browser Directory Service

10 How SSLX Works – Secure Traffic Authentication Every communication in each direction includes the use of the SMK to generate unique authentication output that can only be verified by the other end of the established connection using the same SMK Data Encryption Every communication in each direction uses the SMK to generate a unique 128-bit (or higher) AES government standard encryption key to secure all content. The AES key can only be recreated by the other end of the established connection using the same SMK to properly decrypt each communication Continuous Mutual Authentication and Data Encryption After a successful handshake, the browser and server now have a 256-bit Session Master Key (SMK) which is used in the core SSLX algorithm to provide authentication and data encryption Server Web Browser

11 How SSLX Works – Public Verification Optional DS and/or WS Verification Public Verification At any time during a connection, either the server administrator or the web browser may check the public veracity of the Directory Service with the SSLX Public Administrator (SSLXPA). Each party can also check the public veracity of the other within the records of the DS. Public scrutiny happens in real-time, at any time Optional DS and/or Browser Verification SSLX Public Administrator Server Web Browser Directory Service

12 How SSLX Works Real-Time Handshake Continuous Mutual Authentication & Data Encryption Public Verification Verified Setup Verified Setup Public Verification SSLX Public Administrator Server Web Browser Directory Service

13 SSLX Public Administrator Respected, independent third-party oversees SSLX trust Provides governance of worldwide Public Directory Services (DS) - similar to ICAAN with DNS Leads worldwide representative Policy Board ensuring fair representation of diverse DS community members Determines and administers fee structure for community of DS Allocates licenses for DS to operate franchise Provides quality control and compliance standards for DS Authority for DS lookup, validating DS for users Additional revenue opportunity through advertising to lookup viewers

14 Directory Service Respected, independent third-party manages SSLX trust between server and browser Provides real-time key exchange under multiple SSLX security levels Offers public search and display of Verified Setups (VSUs) for web domains all the way down to the individual server IP address Offers private repository of browser performed VSUs in order to mutually authenticate a specific client browser Follows SSLXPA directed quality control, data integrity, information protection and public display requirements Determines and administers fee structure for premium trust services, including extended validation Revenue opportunities: server IP monitoring and alerts, anti- phishing, on-the-fly alerts, spoof watches, portfolio site management, advertising, etc. If granted a sublicense, provide Private DS licensing for SSLX- VPN secure private community communication

15 Private Directory Service Controlled third-party, generally managed by the site content owner(s), to provide SSLX trust between servers and member browsers. Provides real-time key exchange under multiple, but generally a specified, SSLX security level Offers private search and display of Verified Setups (VSUs) for member browsers including the specific authentication credentials dictated by this private community Offers private search and display of the VSU information for the controlled domain(s) and server(s) for the member browser Follows their own directed quality control, data integrity, information protection and display requirements. Determines and administers SSLX User ID codes and other member credential requirements. Unique configuration of security levels, extranet connectivity, login requirements, site content layering – all can be individually configured to meet the unique requirements of the closed community.

16 Contact Information Info@TheRPMLab.com www.TheRPMLab.com

Download ppt "Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Microsoft Passport www.passport.com Waldemar Swiercz.

Microsoft Passport Waldemar Swiercz.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Similar presentations

Ads by Google