SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

Slides:

Advertisements

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Mobile Devices in the DoD

Digital Certificate Installation & User Guide For Class-2 Certificates.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Visolve – Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services.

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

WPKI available technology diagram and the business model

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.

FIT3105 Smart card based authentication and identity management Lecture 4.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.

Athena Smartcard Solutions June 2009 Smart Card Technology and Security Leaders.

魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.

Certificate and Key Storage Tokens and Software

Public Key Infrastructure from the Most Trusted Name in e-Security.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Information Security for Managers (Master MIS)

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Team Daniel Scarlett Miles O’Keefe Cody Clark Samuel Pesek Network/authentication model for Flex Radio’s SDR over WAN.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

PKI interoperability and policy in the wireless world.

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Configuring Directory Certificate Services Lesson 13.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

PKI Activities at Virginia September 2000 Jim Jokl

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

ID anywhere mobile | smart cards | devices.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Providing secure mobile access to information servers with temporary certificates Diego R. López

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Case study of XML based PKI management protocols. Tomas Gustavsson PrimeKey Solutions AB

SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.

Product Manager, Keon PKI

SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.

Secure Elements and W3C L. Castillo 06/16/15.

Enhancing Web Application Security with Secure Hardware Tokens

Public Key Infrastructure from the Most Trusted Name in e-Security

My name is Pascal Urien, ENST

HIMSS National Conference New Orleans Convention Center

Install AD Certificate Services

Presentation transcript:

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation

SKS/KeyGen2 - 2/6 The Token Enrollment Enigma CMP SCEP CMC JCE PKCS #11 CryptoAPI “MiniDriver” OpenSC PKCS #11 GlobalPlatform PIV SIM JavaCard.NET Card “CertEnroll” EMV Certificate Enrollment Enrollment Using Browsers Cryptographic APIs Smart Card Middleware Smart Card Standards PKCS #15 ISO7816 CCID ICCD Token Containers Mobile Devices Discrete Smart Cards Networked Devices Other Requirements End-To-End Security PIN Deployment Etc. Non-PKI Credentials OTP “Seeds” Information Cards Etc. Q: How can you make this work? A: By using tons of time, money and professional services! There simply must be a better way…

SKS/KeyGen2 - 3/6 Unified Token Provisioning Enhanced mobile device with embedded SKS-compliant security hardware SKS-compliant smart card SKS-compliant USB memory stick or USB token KeyGen2 – Universal Token Provisioning Protocol Security tokens come in many “form factors” Issuer (CA)

SKS/KeyGen2 - 4/6 Universal Authentication Technology Support PKI (Public Key Infrastructure) The current gold standard for strong authentication OTP (One Time Password) Excellent alternative to static passwords for accessing moderately critical services from arbitrary computers Information Cards Powerful way dealing with federated logins by for example providing the attributes (claims) required for accessing a resource rather than the user’s identity Why select when you can have them all using a single enrollment process?

SKS/KeyGen2 - 5/6 Issuer (CA) Provisioning Proxy SKS - Secure Key Store Device Certificate Attestation Private Key Credential Database Crypto Engine  Compatible with Existing Applications  Dedicated Provisioning Scheme KeyGen2 End-To-End Security (E2ES) protocol where the issuer and the SKS exploit a cooperatively created shared secret PKCS #11 CryptoAPI JCE (Java) SKS Native API Client Platform Applications Using Cryptographic Keys Embedded or connected device

SKS/KeyGen2 - 6/6 For more information…. V0.51, Anders Rundgren, NOTE, the separation between authentication and payment solutions is only due to historical reasons, using SKS “a key is a key”