SlideShare una empresa de Scribd logo

PKI Interoperability

Conferencias FIST
Conferencias FIST
Tecnología
1 de 32
Descargar para leer sin conexión
FIST Conference September/Madrid 2005 PKI Interoperability Raúl Guerra Jiménez
About the Author Raúl Guerra Jiménez CISSP, CISA Technical consultant Grupo SIA 1989 www.siainternational.com 2
Index Cryptography Public Key Infrastructure (PKI) Applications Integration e-DNI 3
Security Requirements Confidentiality. Ensure confidentiality of data. Integrity. The original data has not been changed. Authentication. Proof of identity. Non Repudiation. Prevent denial of transaction. The originator cannot deny it. 4
Paradigm Solution CONFIDENTIALITY INTEGRITY AUTHENTICATION NON-REPUDIATION HASH ENCRYPTION DIGITAL SIGNATURE PUBLIC KEY ENCRIPTION DIGITAL CERTIFICATE CERTIFICATION AUTHORITY PUBLIC KEY INFRASTRUCTURE (PKI) 5
PKIs are not CAs… PKI: • Issue certificates • Revoke certificates • Key management – Creation CA: – store • Issue certificates – Update • Revoke certificate – backup/recovery • Cross-certification • Certificate Repository (Directory) • Application software • RA (Registration Authority) • Client • etc
Third-party trust Certification Authority Trust Trust Raúl Raquel “third-party trust” 7
Cross-Certification Cross-Certification Certificaction Authority Certification Authority third-party trust Alicia Juan Elena Pedro AC “A” AC “B” 8
Subordinate CA CA1 (“Root”) CA2 CA3 CA4 CA5 CA6 CA7 U1 U2 U3 U4 U5 U6 U7 U8 U9 Classical trust-model has no end root
The certificate Version: 3 Serial Number: 8391037 Signature: RSA Issuer: o=SIA, c=ES Validity: 1/5/97 1:02 - 7/5/98 1:02 Subject: cn=Raúl Guerra, o=SIA, c=ES Subject Public Key Info: ---------------------------------------------------- Extensions SubjectAltName: rguerra@sia.es CRL DP:cn=CRL2, o=SIA, c=ES The CA signs the certificate 10
Certificate Revocation List Unique name of CRL DN: cn=CRL2, o=SIA, c=ES Period of validity Start: 1/5/97 1:02 End: 1/6/97 1:02 Revoked: Serial number 191231 4/24/96 10:20 Cessation of of Operation Revoked 123832 4/25/ 16:20 Key Compromise certificates 923756 4/25 16:30 Affiliation Change and reason CA DN: o=SIA, c=ES CA’s digital signature on the CRL 11
Keys in the client Key generation Issue certificates o Certificate validation Key usage Expired Key update 12
PKI Web E-mail Applicati Applicati ERP’s, ERP’s, Legacy Legacy Application Application on on SSO, ... SSO, ... app. app. without PKI- without PKI- PKI-enabled PKI-enabled GSS-API, GSS-API, Enabled module Enabled module Application CAPI, ... Toolkits Toolkits PKI-Enable PKI-Enable Application CAPI, ... PKI PKI module module PKI client PKCS#11 BAPI ID in disk (MemoryCard (Biometric LDAP PKIX-CMP s, API) SmartCards, SmartCards, .ep PC/SC) Biometric Biometric f devices devices Directorio PKI 13
Architecture: Example Client CA PKIX-CMP Firewall LDAP RA Directory 14
Application Internet e-Commerce Remote Access EDI VPN (Virtual Private Network) ERPs Security in Intranet Secure Single-Sign On 15
Internet Application Secure Web Communications •Netscape/Microsoft Browsers Netscape/Microsoft •Netscape/Microsoft Servers Netscape/Microsoft •muchos mas ... Secure e-mail •Novel GroupWise •Lotus Notes •Netscape Messenger •Microsoft Outlook •cc:Mail 16
Secure Remote Acess Remote Access Authentication •Security Dynamics •LeeMah DataComm •CryptoCard •Secure Computing (SafeWord) SafeWord) Remote Access •Digital Pathways (Defendor) Defendor) Authentication Firewalls •Application specific CheckPoint (Firewall-1) Firewall- implementations Raptor Systems (Eagle) Eagle) MilkyWay (Blackhole) Blackhole) TIS (Gauntlet) (Gauntlet) ANS (Interlock) (Interlock) Secure Computing FireWalls (Sidewinder) Sidewinder) & Routers Border Network (Borderware) Borderware) IBM (NetSP) (NetSP) Harris Systems' Systems' (CyberGuard) CyberGuard) Remote user Sagus Security (Defensor) Routers •Cisco •Ascend •Bay Networks •BBN 17
VPNs Intranet Virtual Private Networks Extranet •Firewall Vendors (Ej. FW-1) FW- •Link Encryptors •Security Dynamics SecurVPN •Entrust/Access Entrust/Access •KyberPass End Users 18
Security in the Intranet Application Specific Network Security Security •McAfee Network Security Suite •RACF, ACF2, TopSecret •NetLock •Application level passwords •Cygnus (KerbNet) KerbNet) •Proprietary data security (Notes) •Other (via RSA toolkits) toolkits) Network Security •Encrypt the traffic •Secure access to resources Application Specific Security •Databases (Oracle…) Oracle… •Heritage applications (Mainframe...) Mainframe...) •GroupWare (Notes…) (Notes… 19
Desktop security File Security •Norton Your Eyes Only •PGP for Personal Privacy •Querisoft SecureFILE •McAfee VirusScan Security Suite •RSA SecurPC •AT&T SecretAgent •Entrust ICE •Email •Entrust Entelligence •Files •Client/Server Client/Server apps •E-forms •Browsers Y más... má
Enterprise Resource Planning (ERPs) Business-to-Business ERP •SAP/R3 •PeopleSoft Client/Server •Oracle services •... Client to server security Web services 21
PKI: Homogeneous solution Specific systems Web Server Security •E-Commerce especifica •Internet Banking •Databases (Oracle, ...) Oracle, •Secure Web Sites s •Mainframe •GroupWare Network Security •Traffic cyphering •Secure Access Firewalls & Routers Remote PKI ERP Authentication •SAP/R3 VPN’s VPN’ •PeopleSoft •Oracle •... Internet Users Desktop Security •Secure Web •Email •Secure Mail •Files •E-Commerce (SET) •Client/Server apps Client/Server •E-forms •Browsers And more...
PKIs Success (I) Integration with the software applications. Practical solutions--> Bye, bye SET. Users recognition. Trust. Do you trust CA? What or who used my private key? Is my PC safe? Security issues in the OS or the browser (crypto Software) Is your private key in a smart card? 23
PKIs Success (II) Are the certification practices secure(CPS)? The CA must guarantee that the signed data (certificate) is correct. There is a risk if you trust the user. Do you verify the certificate from the web server in a SSL connection? To learn more: “Ten risks of PKIs: What you´re not being told about Public key Infrastructure” by Bruce Schneier and Carl Ellison 24
e-DNI Smart Card Polycarbonate card with high security from FNMT Certificates Identity (authentication) and signature (non-repudiation) certificates No encryption certificate PKI Providers: Entrust, Safelayer Hierarchy of CAs (root and Subordinate CAs) 25
e-DNI. Questions (I) Are other certificates necessary? Certificate status validation methods. Cross-Certification with commercial CAs? 26
e-DNI. Questions (II) Other certificates? YES, because No encryption certificate. So, to support business protection, where there is encrypted data, a decryption is necessary(private) key backed up---> Encryption certificate Physical identity. What about legal entities? Use of certificate with other information. For example, medical data (medical smartacard) Use in private sector: home-banking, corporate Enterprise smartcard, etc 27
e-DNI. Questions (III) Certificate status validation methods The system should ensure that the verification certificate is valid (and not on CRL) If an entity would like technical interoperability with e-DNI system, it is necessary to know the certificate status. 28
e-DNI. Questions (IV) Certificate status validation methods Different validation entities Public: relations of citizens with the Administration ---> free?? Private sector: Bank, insurance, etc. Money, money...$$?? Cost of the validation: free, by price (and how much?) 29
e-DNI. Questions (V) Cross-Certification with other CAs? NO, because The same as the traditional national DNI.(ID Card) Issued by DGP (Ministry of Interior). It is a legal document in Spain If you just accept it will happen. Do you give state and private organization sectors the same level of trust? 30
Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make the license terms of this work clear to others. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 31
@ FIST Conference Raúl Guerra Madrid, September 2005 www.fistconference.org

Recomendados

The Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs DeveloperThe Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs Developerbeires
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card AuthenticationDan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
OpenID Connect via WebIntents
OpenID Connect via WebIntentsOpenID Connect via WebIntents
OpenID Connect via WebIntentsNov Matake
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
PKI-In-A-Box
PKI-In-A-BoxPKI-In-A-Box
PKI-In-A-BoxChin Wan Lim
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Webinar: Distributed OSGi nodes with Spagic
Webinar: Distributed OSGi nodes with SpagicWebinar: Distributed OSGi nodes with Spagic
Webinar: Distributed OSGi nodes with SpagicSpagoWorld
 

Recomendados

The Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs DeveloperThe Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs Developerbeires
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card AuthenticationDan Usher
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
OpenID Connect via WebIntents
OpenID Connect via WebIntentsOpenID Connect via WebIntents
OpenID Connect via WebIntentsNov Matake
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
PKI-In-A-Box
PKI-In-A-BoxPKI-In-A-Box
PKI-In-A-BoxChin Wan Lim
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Webinar: Distributed OSGi nodes with Spagic
Webinar: Distributed OSGi nodes with SpagicWebinar: Distributed OSGi nodes with Spagic
Webinar: Distributed OSGi nodes with SpagicSpagoWorld
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
OAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaOAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaNov Matake
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012Nov Matake
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -Naoto Miyachi
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3Ankita Dave
 
Presentation of Crypton Studio
Presentation of Crypton StudioPresentation of Crypton Studio
Presentation of Crypton StudioIgorUstinov6
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsPriyanka Aash
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 

Más contenido relacionado

La actualidad más candente

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
OAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaOAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaNov Matake
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Agile Set, LLC
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012Nov Matake
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -Naoto Miyachi
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3Ankita Dave
 
Presentation of Crypton Studio
Presentation of Crypton StudioPresentation of Crypton Studio
Presentation of Crypton StudioIgorUstinov6
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)TrustBearer
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsPriyanka Aash
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple Nov Matake
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 

La actualidad más candente (20)

TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
OAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in OsakaOAuth 2.0 Updates #technight in Osaka
OAuth 2.0 Updates #technight in Osaka
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
 
Digital signature 3
Digital signature 3Digital signature 3
Digital signature 3
 
Presentation of Crypton Studio
Presentation of Crypton StudioPresentation of Crypton Studio
Presentation of Crypton Studio
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
Oberthur's 2009 CTST presentation on Generic ID-Card Command Set (GICS)
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
 
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client EcosystemsAdventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSO
 
Sign in with Apple
Sign in with Apple Sign in with Apple
Sign in with Apple
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 

Similar a PKI Interoperability

Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
An Overview of Identity Based Encryption
An Overview of Identity Based EncryptionAn Overview of Identity Based Encryption
An Overview of Identity Based EncryptionVertoda System
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture reviewRamesh Nagappan
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
iOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftiOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftKaz Yoshikawa
 
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...DevOps.com
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginNovell
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 

Similar a PKI Interoperability (20)

Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
An Overview of Identity Based Encryption
An Overview of Identity Based EncryptionAn Overview of Identity Based Encryption
An Overview of Identity Based Encryption
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
iOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in SwiftiOS In-App-Purchase verifying receipt locally in Swift
iOS In-App-Purchase verifying receipt locally in Swift
 
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...
Workshop: Successfully Secure DevOps Containerization and Orchestration Deplo...
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
Certified Pre-Owned
Certified Pre-OwnedCertified Pre-Owned
Certified Pre-Owned
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
De mystifying pki
De mystifying pkiDe mystifying pki
De mystifying pki
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
 

Más de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Más de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

PKI Interoperability

  • 1. FIST Conference September/Madrid 2005 PKI Interoperability Raúl Guerra Jiménez
  • 2. About the Author Raúl Guerra Jiménez CISSP, CISA Technical consultant Grupo SIA 1989 www.siainternational.com 2
  • 3. Index Cryptography Public Key Infrastructure (PKI) Applications Integration e-DNI 3
  • 4. Security Requirements Confidentiality. Ensure confidentiality of data. Integrity. The original data has not been changed. Authentication. Proof of identity. Non Repudiation. Prevent denial of transaction. The originator cannot deny it. 4
  • 5. Paradigm Solution CONFIDENTIALITY INTEGRITY AUTHENTICATION NON-REPUDIATION HASH ENCRYPTION DIGITAL SIGNATURE PUBLIC KEY ENCRIPTION DIGITAL CERTIFICATE CERTIFICATION AUTHORITY PUBLIC KEY INFRASTRUCTURE (PKI) 5
  • 6. PKIs are not CAs… PKI: • Issue certificates • Revoke certificates • Key management – Creation CA: – store • Issue certificates – Update • Revoke certificate – backup/recovery • Cross-certification • Certificate Repository (Directory) • Application software • RA (Registration Authority) • Client • etc
  • 7. Third-party trust Certification Authority Trust Trust Raúl Raquel “third-party trust” 7
  • 8. Cross-Certification Cross-Certification Certificaction Authority Certification Authority third-party trust Alicia Juan Elena Pedro AC “A” AC “B” 8
  • 9. Subordinate CA CA1 (“Root”) CA2 CA3 CA4 CA5 CA6 CA7 U1 U2 U3 U4 U5 U6 U7 U8 U9 Classical trust-model has no end root
  • 10. The certificate Version: 3 Serial Number: 8391037 Signature: RSA Issuer: o=SIA, c=ES Validity: 1/5/97 1:02 - 7/5/98 1:02 Subject: cn=Raúl Guerra, o=SIA, c=ES Subject Public Key Info: ---------------------------------------------------- Extensions SubjectAltName: rguerra@sia.es CRL DP:cn=CRL2, o=SIA, c=ES The CA signs the certificate 10
  • 11. Certificate Revocation List Unique name of CRL DN: cn=CRL2, o=SIA, c=ES Period of validity Start: 1/5/97 1:02 End: 1/6/97 1:02 Revoked: Serial number 191231 4/24/96 10:20 Cessation of of Operation Revoked 123832 4/25/ 16:20 Key Compromise certificates 923756 4/25 16:30 Affiliation Change and reason CA DN: o=SIA, c=ES CA’s digital signature on the CRL 11
  • 12. Keys in the client Key generation Issue certificates o Certificate validation Key usage Expired Key update 12
  • 13. PKI Web E-mail Applicati Applicati ERP’s, ERP’s, Legacy Legacy Application Application on on SSO, ... SSO, ... app. app. without PKI- without PKI- PKI-enabled PKI-enabled GSS-API, GSS-API, Enabled module Enabled module Application CAPI, ... Toolkits Toolkits PKI-Enable PKI-Enable Application CAPI, ... PKI PKI module module PKI client PKCS#11 BAPI ID in disk (MemoryCard (Biometric LDAP PKIX-CMP s, API) SmartCards, SmartCards, .ep PC/SC) Biometric Biometric f devices devices Directorio PKI 13
  • 14. Architecture: Example Client CA PKIX-CMP Firewall LDAP RA Directory 14
  • 15. Application Internet e-Commerce Remote Access EDI VPN (Virtual Private Network) ERPs Security in Intranet Secure Single-Sign On 15
  • 16. Internet Application Secure Web Communications •Netscape/Microsoft Browsers Netscape/Microsoft •Netscape/Microsoft Servers Netscape/Microsoft •muchos mas ... Secure e-mail •Novel GroupWise •Lotus Notes •Netscape Messenger •Microsoft Outlook •cc:Mail 16
  • 17. Secure Remote Acess Remote Access Authentication •Security Dynamics •LeeMah DataComm •CryptoCard •Secure Computing (SafeWord) SafeWord) Remote Access •Digital Pathways (Defendor) Defendor) Authentication Firewalls •Application specific CheckPoint (Firewall-1) Firewall- implementations Raptor Systems (Eagle) Eagle) MilkyWay (Blackhole) Blackhole) TIS (Gauntlet) (Gauntlet) ANS (Interlock) (Interlock) Secure Computing FireWalls (Sidewinder) Sidewinder) & Routers Border Network (Borderware) Borderware) IBM (NetSP) (NetSP) Harris Systems' Systems' (CyberGuard) CyberGuard) Remote user Sagus Security (Defensor) Routers •Cisco •Ascend •Bay Networks •BBN 17
  • 18. VPNs Intranet Virtual Private Networks Extranet •Firewall Vendors (Ej. FW-1) FW- •Link Encryptors •Security Dynamics SecurVPN •Entrust/Access Entrust/Access •KyberPass End Users 18
  • 19. Security in the Intranet Application Specific Network Security Security •McAfee Network Security Suite •RACF, ACF2, TopSecret •NetLock •Application level passwords •Cygnus (KerbNet) KerbNet) •Proprietary data security (Notes) •Other (via RSA toolkits) toolkits) Network Security •Encrypt the traffic •Secure access to resources Application Specific Security •Databases (Oracle…) Oracle… •Heritage applications (Mainframe...) Mainframe...) •GroupWare (Notes…) (Notes… 19
  • 20. Desktop security File Security •Norton Your Eyes Only •PGP for Personal Privacy •Querisoft SecureFILE •McAfee VirusScan Security Suite •RSA SecurPC •AT&T SecretAgent •Entrust ICE •Email •Entrust Entelligence •Files •Client/Server Client/Server apps •E-forms •Browsers Y más... má
  • 21. Enterprise Resource Planning (ERPs) Business-to-Business ERP •SAP/R3 •PeopleSoft Client/Server •Oracle services •... Client to server security Web services 21
  • 22. PKI: Homogeneous solution Specific systems Web Server Security •E-Commerce especifica •Internet Banking •Databases (Oracle, ...) Oracle, •Secure Web Sites s •Mainframe •GroupWare Network Security •Traffic cyphering •Secure Access Firewalls & Routers Remote PKI ERP Authentication •SAP/R3 VPN’s VPN’ •PeopleSoft •Oracle •... Internet Users Desktop Security •Secure Web •Email •Secure Mail •Files •E-Commerce (SET) •Client/Server apps Client/Server •E-forms •Browsers And more...
  • 23. PKIs Success (I) Integration with the software applications. Practical solutions--> Bye, bye SET. Users recognition. Trust. Do you trust CA? What or who used my private key? Is my PC safe? Security issues in the OS or the browser (crypto Software) Is your private key in a smart card? 23
  • 24. PKIs Success (II) Are the certification practices secure(CPS)? The CA must guarantee that the signed data (certificate) is correct. There is a risk if you trust the user. Do you verify the certificate from the web server in a SSL connection? To learn more: “Ten risks of PKIs: What you´re not being told about Public key Infrastructure” by Bruce Schneier and Carl Ellison 24
  • 25. e-DNI Smart Card Polycarbonate card with high security from FNMT Certificates Identity (authentication) and signature (non-repudiation) certificates No encryption certificate PKI Providers: Entrust, Safelayer Hierarchy of CAs (root and Subordinate CAs) 25
  • 26. e-DNI. Questions (I) Are other certificates necessary? Certificate status validation methods. Cross-Certification with commercial CAs? 26
  • 27. e-DNI. Questions (II) Other certificates? YES, because No encryption certificate. So, to support business protection, where there is encrypted data, a decryption is necessary(private) key backed up---> Encryption certificate Physical identity. What about legal entities? Use of certificate with other information. For example, medical data (medical smartacard) Use in private sector: home-banking, corporate Enterprise smartcard, etc 27
  • 28. e-DNI. Questions (III) Certificate status validation methods The system should ensure that the verification certificate is valid (and not on CRL) If an entity would like technical interoperability with e-DNI system, it is necessary to know the certificate status. 28
  • 29. e-DNI. Questions (IV) Certificate status validation methods Different validation entities Public: relations of citizens with the Administration ---> free?? Private sector: Bank, insurance, etc. Money, money...$$?? Cost of the validation: free, by price (and how much?) 29
  • 30. e-DNI. Questions (V) Cross-Certification with other CAs? NO, because The same as the traditional national DNI.(ID Card) Issued by DGP (Ministry of Interior). It is a legal document in Spain If you just accept it will happen. Do you give state and private organization sectors the same level of trust? 30
  • 31. Creative Commons Attribution-NoDerivs 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make the license terms of this work clear to others. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 31
  • 32. @ FIST Conference Raúl Guerra Madrid, September 2005 www.fistconference.org