魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team.

Slides:



Advertisements
Similar presentations
INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Advertisements

Introduction of Grid Security
Certificate Enrollment Process
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Summer School Certificates Diego Romano & Gilda Team.
Online Security Tuesday April 8, 2003 Maxence Crossley.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Multiple Tiers in Action
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Security Management.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Public Key Encryption An example of how a bank might accomplish encryption.
X.509 Certificate management in.Net By, Vishnu Kamisetty
Chapter 31 Network Security
魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Masud Hasan Secue VS Hushmail Project 2.
PKI interoperability and policy in the wireless world.
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Encryption / Security Victor Norman IS333 / CS332 Spring 2014.
Digital Signatures, Message Digest and Authentication Week-9.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Digital Signatures and Digital Certificates Monil Adhikari.
Installing a SSL Server. Creating a key Before you can create a digital signature/certificate. You need first to create a private key. To do this process.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
1 Authentication Celia Li Computer Science and Engineering York University.
Unit 3 Section 6.4: Internet Security
IS 360 Course Introduction
SSL Decryption Explained
Certificate Enrollment Process
Electronic Payment Security Technologies
Client-Server Model: Requesting a Web Page
Presentation transcript:

魂▪創▪通魂▪創▪通 WebCert - SOP Sangrae Cho Authentication Research Team

魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case Origin for certificate issue Origin for certificate use 1. Public key pair is generated in the browser.

魂▪創▪通魂▪創▪通 3 web client bank.com Wire transfer page for digital signature Wire transfer request Proposed solution Trusted CA List  No trusted CA list – SOP governs Private key belongs to the origin server  Trusted CA list – SOP exception Display any certificate that is issued by trusted CAs Private key belongs to a user The user can prove its ownership by decrypting the encrypted private key

魂▪創▪通魂▪創▪通 4 web client Proposed solution Cert NameIssuer cert1bank.com cert2caserver.com Preconditions  Suppose we have javascript API to discover a certificate Certificate [] = getCertificate(String trustedCAList) Certificates belonging to Trusted CA will be returned if trustedCAList provided Certificate belonging to the origin will be return if no trustedCAList provided  The following certificate are issued cert1 = Certificate issued from bank.com cert2 = Certificate issued from caserver.com

魂▪創▪通魂▪創▪通 5 web client bank.com 2. Html page for digital signature with no Trusted CA List 1. Wire transfer request Proposed solution  Case 1: No trusted CA list – SOP governs 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with no Trusted CA list getCertificate(); returns cert1(issued from bank.com) according to SOP The user signs the page digitally with cert1 related private key and send it to bank.com

魂▪創▪通魂▪創▪通 6 web client bank.com 2. Html page for digital signature with Trusted CA List 1. Wire transfer request Proposed solution  Case 2: Trusted CA list – SOP exception 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with trustedCAList = “caserver.com” getCertificate(); returns cert2(issued from caserver.com) according to SOP exception The user signs the page digitally with cert2 related private key and send it to bank.com

魂▪創▪通魂▪創▪通 7 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.