Presentation is loading. Please wait.

Presentation is loading. Please wait.

Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message.

Published byAntony Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message."— Presentation transcript:

1

2 Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message Confidentiality (S/MIME) Session Confidence Session Confidence (SSL) Access Control Access Control (SSO/CSO) Non- repudiation Non- repudiation (SET) Integrity (Signature) 1. Certificate Granting Agent 2. Trusted Third Party 3. Security Servers and Agents 4. Certified Delivery System 5. Digital Notary Server 6. Digital Signature Generation 7. Digital Signature Verification 8. Confidentiality Key Exchange 9. Key Pair Generation PKI Certificate Management PKI Certificate Management Policy Approval Certificate Revocation Certificate Revocation Certification Archiving Certification Archiving Repository Naming and Recognition 4 4 5 5 1 1 2 2 3 3 8 8 9 9 6 6 7 7 Data Archives

3 SupplierCustomer Collaborative Commerce Intellectual Property Search, Discovery, Offering Reputation EFTValue Logistics/SCMTheft Trusted Transactions Integrity CRM — Intimate Knowledge Privacy Marketing Selling Shipping Service and Support Design Receivables Shopping Purchasing Using, Maintaining Development Payables Receiving E-Business Information Security Vulnerabilities

4 Prioritizing PKI Applications ApplicationPriority Secure VPN Secure Web AccessHigh Secure E-mail Overall Risk Reduction High New Business Opportunity High Digital Signature Server IDs Desk/LapTop Encryption Medium Consolidated Sign-On SET Low

5 SSL - A No Brainer  Cyber-browser visits a secure site. Web Server Server Server’s public key  The Web server submits its site/server public key certificate to the browser. The channel is encrypted, the Web server identified.  The Primary PKI App today

6 Signing and Sealing the E-Mail Envelope X.400 PEM PGP MOSS S/MIME V.3 OpenPGP Signature DMS/MSP BeingDeployed Not Being Deployed

7 Web Access: Portals Through the Firewall Public Web site Customer extranet Supplier extranet Employee intranet Channels extranet

8 EDI Transactions Require Digital Signatures and Encryption Transaction Type Invoice Application Advise Price Sales Catalog Contract Award Summary Trading Partner Profile Request for Quote Response to Request for Quote Purchase Order, Delivery Order Purchase Simple Contracts Purchase Order Change Text Message Order Status Report Functional Acknowledgment Digital Signature Required Yes No Yes No Encryption Capability Needed No Yes No

9 PKI Integration With Acrobat

10 California Independent Systems Operator PKI Architecture Master Directory Server (LDAP/X.500) Network Policy Creation Authority CA Signing Certificates Medium Assurance Medium CA High Assurance High CA Basic Assurance Basic CA Register Users Revoke Certs Registration Authority Workstation Policy Approval Authority Client Applications PKI Mail Server

11 ACES Architecture Subscriber App 1 CAM Browser CA 1 Cert CA 2 Cert CA N Cert App 1 PrivateKey App 1 Cert (FIPS 140-1) SubscrbrPrivateKey Subscrbr Cert (HW Token Opt’l) Agency List of Invalid Cert IDs Audit Log CA 1 Cert CA 2 Cert CA N Cert CAM: -Parse Cert -Verify SubscrbrCert Issuer as an ACES CA -Verify SubscrbrCert Issuer’s signature -Verify SubscrbrCert’s operational period -Check cached Invalid Cert IDs -Get route to Issuer -Send signed Status Request & Cert data to Issuer -Receive signed Status Response -Verify Status Response signature -Pass status & cert data to App -Log audit data App API CAM ACES CA N (FIPS 140-1) CA N PrivateKey ACES CA 2 (FIPS 140-1) CA 2 PrivateKey ACES CA 1 (FIPS 140-1) CA 1 PrivateKey RSA DSA ECDSA Crypto API CA API cert status + cert fields RSA, DSA DSA, ECDSA RSA CA 1 SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert RSA CA 2 SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert RSA CA N SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert

12 “Brand B” CA Private Key Token Digital ID “Four Corner Transaction” ManufacturerTrading Partner Place Order Receive Order Digital Order 10 18975BBE E41675DE 6F4593D8 71D2BDA7 20 D519E511 6B7824C5 0B70E1E7 40C1BC36 30 C2AD5ACD 80CB4616 419D066A E707418C 40 C08BACF5 1A172119 ED2BF17 2E55DBF2 50 F657EE32 27A84F70 51A2FB63 Digitally Signed Private Key Token Digital ID Provides verification of identities & signatures and assurance (“TRUST”) Facilitate interbank certificate checking Utilize tools to allow interoperability across CA’s and supplies software developers toolkit with standard functionality to member banks Private Key Token Digital ID BANK A BANK B “Brand A” CA Private Key Token Digital ID Source: Entegrity Solutions

13 European Private Banking (Anon) Private, personal, retail banking & brokerage services Operation in fiscal haven with strict bank secrecy laws Worldwide Customer Base Smartcards with certificate client credentials SSL, User ID, password model was not appropriate Transparent certificate management Initial smartcard/certificate issuance

14 Bolero directory services registration authority sends public key certification of public key registry certification authority identification exchange of EDI messages exporter carrier bank private key sent by registration authority

15 Transuranic Reporting and Inventory Processing System (TRIPS)

16 PKI Case Studies

17 PKI Integration Scorecard Comments Web BrowsersASSL --> TLS and Wireless E-MailAS/MIME;PGP -->OpenPGP VPNsB+IPSec, IPV6 E-FormsB+Signing, Encrypting PackagedDDriven by Webification, ASPs Applications Legacy/CustomFBridging RACF, DCE/Kerberos Applications

18 Wireless Application Protocol Compare/Contrast to Web

Download ppt "Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
CP3397 ECommerce.

CP3397 ECommerce.
Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Similar presentations

Ads by Google