1 XML Key Management Specification XKMS Dr Phillip Hallam-Baker FBCS CEng. VeriSign Inc.

Slides:



Advertisements
Similar presentations
April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Authentication Approaches Phillip Hallam-Baker VeriSign Inc.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Report on Attribute Certificates By Ganesh Godavari.
Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Signing Phill Hallam-Baker. 2 What are the end goals?  Phishing –Organized crime sends impersonating well known brands –Require means of.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
PRISM-PROOF Phillip Hallam-Baker Comodo Group Inc.
How do you simplify? Simple Complicated.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
PKI interoperability and policy in the wireless world.
HEBCA Overview Internet2 Meeting, Fall 2002 Michael R Gettes Georgetown University
Simple Database.
Technical Working Group June 2001 Andrew Nash Steve Lloyd.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Cullen Jennings Certificate Directory for SIP.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University Brief Sordid History n X.500 Directory Authentication.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Workshop IV Current Developments in Digital Trust.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
The FBCA Architecture: Lessons Learned Tim Polk, NIST March 9, 2001.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Web Services Security Standards Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

An Analysis of XKMS Yamini Ghadge Shanky Subramanian.
Chapter 15 Key Management
Security in ebXML Messaging
Public Key Infrastructure
زير ساخت كليد عمومي و گواهي هويت
Public Key Infrastructure from the Most Trusted Name in e-Security
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Chapter 15 Key Management
Presentation transcript:

1 XML Key Management Specification XKMS Dr Phillip Hallam-Baker FBCS CEng. VeriSign Inc.

2 The Trust Model Problem PKI is the interface between the Internet and the Real World –Real World Trust Relationships are complex Scale breaks simplifying assumptions used to make PKI tractable –Simple PKI Hierarchy (PEM) –Everyone is a trust provider (PGP)

3 FBCA PKI Topology Federal Government Bridge CA –Not a simple hierarchy –Not a completely random assembly –Knowledge of structure greatly helps use –How to get to ubiquitous COTS support Bridge Agency CA 1 Bob Agency CA 2 Alice

4 Traditional PKI Alice Bob Directory ASN1PKIX ASN1PKIX

5 XKMS PKI Interface Alice Bob Directory ASN1PKIX XKMS ASN1PKIX XML

6 XKMS PKI Interface Alice Bob Directory XKMS ASN1PKIX XML Directory XKMS ASN1PKIX XML

7 XKMS Services Key Information Service –I need a key to talk S/MIME to Locate – Not a Trusted Service Validate – Trusted Service Key Registration Service –Key lifecycle management Registration Reissue Revocation Recovery

8 Summary XKMS is one example of a Web Service –Moving complexity from client to server reduces Deployment costs Deployment cycle time Development costs Management costs