Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Published byChloe O’Neal’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague."— Presentation transcript:

1 Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague

2 Overview Joint effort from OATH community A protocol to dynamically issue a symmetric key to a device Specify use cases and requirements Explicitly use PSKC as the default key container Support web service Keep it simple and extensible RFC Draft submitted to KeyProv WG http://www.ietf.org/internet-drafts/draft-pei-keyprov- dynamic-symkey-prov-protocol-00.txt http://www.ietf.org/internet-drafts/draft-pei-keyprov- dynamic-symkey-prov-protocol-00.txt

3 Protocol Overview XML message based HTTP / SOAP binding One request and response over a secure channel GetSharedSecret GetSharedSecretResponse Two round trips for a client to use non-secure channel 1. Acquire a server nonce GetAuthNonce GetAuthNonceResponse 2. Acquire shared secret GetSharedSecret GetSharedSecretResponse

4 Protocol Feature Client authentication Either a shared secret (called activation code) or device certificate Authentication Data = HASH (activation code) Acquire a random server nonce to send keyed authentication data Authentication Data = HMAC(activation code, serverNonce) Used over a non-secure channel to achieve data confidentiality Server authentication Server certificate or shared secret Client capabilities in request Requested key type Requested algorithm type Crypto-algorithm negotiation (Supported encryption algorithm) Response delivery method (HTTP/S or SMS) Device Information Supported logo types Supported delivery user interface attributes Extensible to support future new attributes

5 Protocol Feature Credential container in server response Portable Symmetric Key Container (PSKC) as the default Allow others such as PKCS#12, PKCS#5 XML format Opaque structure is used for other formats Service provider documents its format profile for a client to consume Encryption key for credential data Shared secret (activation code derived key) that the user has had Server pre-loaded shared secret with a device (Smart Card) Public key of device certificate Encryption methods List of PBE List of symmetric key encryption methods (e.g, 3DES) Asymmetric keys Extensions fields allowing additional parameters needed by future key types or organization specific extension

Download ppt "Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Provision of Symmetric Keys (KEYPROV) WG Thursday, July 30, 2009 Morning Session I 0900-1130 Todays presentations available at: https://datatracker.ietf.org/meeting/75/materials.html.

Provision of Symmetric Keys (KEYPROV) WG Thursday, July 30, 2009 Morning Session I Todays presentations available at:
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
IETF OAuth Proof-of-Possession

IETF OAuth Proof-of-Possession
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group www.oasis-open.org Hannes Tschofenig.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23, 2014 1.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Chapter 8 Web Security.

Chapter 8 Web Security.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
The Dynamic Symmetric Key Provisioning Protocol (DSKPP)

The Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Similar presentations

Ads by Google