The I-Card Cloud Selector CloudCard.  An introduction to Avoco’s fully Cloud based I-Card Selector, CloudCard  A demonstration of the logon process.

Slides:



Advertisements
Similar presentations
Module: 201 Create and Manage Your Agent Account.
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
© 2010, University of KentPrimeLife Vienna, 10 Sept CardSpace in the Cloud David Chadwick, George Inman University of Kent.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Lexmark Print Management
Computer Science Public Key Management Lecture 5.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Digital Certificate Installation & User Guide For Class - 2 Certificates.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Chapter 10: Authentication Guide to Computer Network Security.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Introduction to our On-Line Self Service Center at
Wireless and Security CSCI 5857: Encoding and Encryption.
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
A centre of expertise in digital information managementwww.ukoln.ac.uk QA And The IWMW Web Site: A Case Study (flaws and all) Brian Kelly UKOLN University.
1 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Session 7 LBSC 690 Information Technology Security.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Mobile Photo James Anderson, Dustin Duran, Trevor Hamilton, Ahror Rahmedov, Vivek Rajkumar, Matthew Renzelmann.
Single Sign-On
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Introduction to HTML. _______________________________________________________________________________________________________________ 2 Outline Key issues.
Adxstudio Portals Training
VCE IT Theory Slideshows By Mark Kelly Vceit.com Websites & Data.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Federation made simple
Simple Authentication for the Web
Chapter 8 Building the Transaction Database
Installation & User Guide
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Installation & User Guide
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Presentation transcript:

The I-Card Cloud Selector CloudCard

 An introduction to Avoco’s fully Cloud based I-Card Selector, CloudCard  A demonstration of the logon process using the Cloud selector and a shared secret  A demonstration of the extended use of Information Cards: ◦ Digital signing in the Cloud using Information Cards ◦ Access control of documents using Information Cards

 A fully Cloud based Information Card selector  A leap forward in Information Card usability  Bypasses the world of Windows desktops  Designed to have similar functionality to Windows CardSpace, e.g. ◦ Personal cards can be created ◦ Cards can be imported ◦ Cards can be backed up ◦ Works with standard and auditing cards – not yet tested with others e.g. Relationship and Signalling cards ◦ Like CardSpace, token encryption is left to IdP for auditing cards

 Usability benefits include: ◦ Universal access to your Information Cards ◦ True zero footprint for end users – no plug-ins, ActiveX, downloads, etc. ◦ Access from normal desktops/laptops as well as phones/mobile devices ◦ Test Implementation Site: - currently password username only into CloudCard portal but can be almost anything

 Extensibility: Modular design permits simple use of alternative login protocols, etc.  Portability: Written in PHP ∴ easy to port to other languages such as Java (if needed)  Security: Incorporates anti-phishing technology through shared-secret log in control  Security: SSL - MITM attacks less feasible  Standards: HTML spec to be submitted as standard

 CloudCard called as a post from RP web page: <a href=" udCardA/CardView.php?ampIssuer= cardspace.com&RequiredClaims=http....  Link specifies entry point to selector, required card issuer, claims, etc., like calling a desktop selector.  Additionally certificate of RP is included.

 Used to provide anti-phishing of the I-Card web service account  User chooses a photo before logging into their account  If correct photo displayed, user can log in knowing the site is genuine  A photo always presented to prevent guessing username Sir Henry No-Tail

1. Generate phishing page 2. Username submitted CS Backend 5. Correct image set in fake password entry page Phishing server (PS) 3. PS submits username to CS backend 4. PS gets image from response

1. Create page and setup session key 2. Username submitted with session key data CS Backend 3. Valid Session key: Image returned

1. Generate phishing page 2. Username submitted CS Backend 5. Cannot set correct image Phishing server (PS) 3. PS submits username to CS backend (invalid session key) 4. No response

 No protection against desktop Trojan / virus (but then entire system is potentially compromised including desktop selector)

 Use your preferred login scheme e.g. OpenID.

 Face recognition and recognition of familiar objects is part of an acquired evolutionary trait that helps us survive  We are good at it  We place trust in our ability to use face recognition and object recognition  We use processes of cheat recognition all the time, everyday, to interact with others  An identity system must mesh real world me with digital me  We must use existing human traits when designing the system

 If you’re interested in the research into cheat recognition and similar:  Cartwright, J Evolution & Human Behaviour. Palgrave  Daly, M & Wilson, MI Human evolutionary psychology and animal behaviour  Cosmides, L and Tooby, University of California at Santa Barbara broadnarrow.pdf

 The Avoco Cloud Selector is modular, so ◦ Can choose to use a myriad of authentication techniques – this presentation shows one  Important not to forget the big picture: ◦ Usability – for a consumer as well as business audience ◦ Represents the real world me in a familiar way  I am me because of these reasons (claims)… ◦ Can be used not just for logging into web sites  Identity is more than just access control

 Authentication: ◦ Digital certificate ◦ OpenID ◦ LiveID  Card authentication specified by RP ◦ e.g. only a card backed by X509 can be selected  Seamless upload of cards from IdP to Selector – transparent management for users

 A system for issuing OpenID’s with an Information Card  Links the two ID system – best of both worlds  OpenID attributes can be set as a Information Card Claim  Information card can be authenticated by that OpenID  OpenID linked to the extended claims system of the Information Card  Best of each to create a symbiotic ID system

 Requires additional HTML / JavaScript ◦ Recommended for web pages to allow user to select a Cloud Selector and Desktop Selector where appropriate / available.  How are multiple Selectors to be addressed? ◦ Preconfigured to a single Selector ◦ Preconfigured dropdown list ◦ Dynamic list populated from discovery service.

Digital Signing in the Cloud

 Digital certificates are user-unfriendly and unpopular  People don’t like to install software, including browser plug-ins  Current solutions for signing on-line forms are open to denial of signing caused by only including form text in signature  Therefore, to encourage digital signing, these issues must be addressed

 Avoco Secure have developed first truly Cloud based digital signing  Can be used on: ◦ On any operating system ◦ Using any browser ◦ From desktops, laptops, mobile devices, phones and so on  Signing does not require user to have X509, but standard PKCS#7 signature produced.  Nothing to install – fully Cloud based.  Non-repudiation addressed.

 Always a problem to identify the signer  Avoco – generate repeatable RSA key pair from ID info e.g. ◦ Information Card claims ◦ OpenID attributes ◦ ATM Card numbers ◦ Passwords ◦ etc., etc. ◦ Exact data specified by host  Key pair -> transient X509 used to sign with  Cert and key pair destroyed after signing

 Image of the completed form incorporated into the digital signature

 Incorporates timestamp (RFC3161)  s signature to user  Signature verifiable by common tools as well as Avoco on-line verifier

Controlling Access and Applying Usage Policies to Documents and s

 Controlling access to documents, s using Identity Information from Information Cards ◦ secure2trust ◦ secure2 ◦ secure2access  Claims used to: ◦ Control document and access ◦ Apply usage policies, post access  Done in a content centric manner  Security is persistent across perimeters

Susan Morrow Head of Product Development Avoco Secure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.