Certificate and Key Storage Tokens and Software

Slides:

Advertisements

Similar presentations

Achieving online trust through Mutual Authentication.

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Installation & User Guide

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

McAfee One Time Password

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Digital Certificate Installation & User Guide For Class-2 Certificates.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

eToken PKI Client Overview

11th September 2008 Stockholm Sweden Simon Josefsson Head of R&D

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Security Awareness: Applying Practical Security in Your World

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Athena Smartcard Solutions June 2009 Smart Card Technology and Security Leaders.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Digital Certificate Installation & User Guide For Class - 2 Certificates.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Chapter 10: Authentication Guide to Computer Network Security.

The Impact of Physical Security on Network Security

Biometric Access Control in TWIC Read Hardware and Card Application Specification Roger Roehr.

Number Five Software One provider Multiple Solutions professional card design software The most flexible and powerful solution for card issuing! The best.

Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

1 Personal Digital Certificates at Virginia Tech: Who Are You? Mary Dunker Internet-2 December 4, 2006

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

© Aladdin Knowledge Systems 2006 Aladdin eToken Overview April 2006 ®

PIN-on-Card New contact-less smart card with integrated PIN pad for secure user verification at unparalleled cost effectiveness.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

A Practical Comparison of Modern Authentication Mechanisms.

Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Innovation is Our Passion Online Banking Past, Present and Future.

1 1 Social Security Platform James Wu We Simplify Security.

DOE Consolidated Audit Program 1. » Requires a UCAMS Username and Password » Requires 2 Factor Authentication ˃Either HSPD12 Badge and PIV Card Reader.

Workday: Data Privacy and Security Overview

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

AGENDA Introduction Kind of information smart card contain

U.S. Department of Energy Consolidated Audit Program

ActivID Tap Authentication HID Global

Hardware Cryptographic Coprocessor

Product Manager, Keon PKI

Smart Card Technology Why is a Smart Card So Smart?

Services Provided by Network Operating Systems

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Public Key Infrastructure from the Most Trusted Name in e-Security

Installation & User Guide

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

Presentation transcript:

Certificate and Key Storage Tokens and Software Mark Swyers VeriSign, Inc. mswyers@verisign.com

Key Storage Considerations Many different ways to store a certificate and private key Application will usually dicatate the appropriate method Concerns include: Security Portability Functionality Usability Managability Expense

Software-Based Certificates Several different software stores Microsoft CAPI Netscape certificate database Macintosh keyring Java keystores Vendor specific VeriSign Personal Trust Agent Pros Browser based, so easy to use Inexpensive no new infrastructure easy distribution Cons Locks user to desktop Desktop management Cannot control password use

PKI Tokens Generally provide greater security than software certificates Can require PINs or passwords, even biometric authenication Keys usually cannot be exported Tokens can be locked in a safe when not in use FIPS (Federal Information Protection Standard) 140 rated Provide better portability than software certificates Can be used on multiple machines while maintaining only one copy of the private key Have the capcaity to hold multiple keys and certificates Challenges Typically require installation of drivers May require a separate reader End user acceptance Token lifecycle management: distribution, forgotten/lost/broken tokens Cost

Smart Cards Can support multiple forms of access Can double as ID card Physical access to building Logical access to workstation Can double as ID card Can print photo and other info Can support a magnetic stripe Requires a reader Contact or contactless (proximity) Examples FIPS 201 standard for HSPD-12 DoD Common Access Card DOI Employee ID Cards University ID cards

USB Tokens Many form factors Easily portable PKI only PKI with One-Time Password PKI with OTP and storage Easily portable Ensures tokens travel with user (i.e. when attached to car keys) Most computers have USB ports Better for consumers and when you don’t have control over the user environment

VeriSign Approach – Flexible Authentication Platform PKI-USB Token Cost-Effective OTP Multi-Function Token (OTP & USB Smart Card) Smart Card For Physical & Network Access VeriSign Unified Authentication Multi-Function Token with Secure Storage VeriSign has a unique approach to this problem, by bringing out an authentication platform based on open standards that allows the flexibility to use many different types of devices at a fraction of the cost with the ability to add as new Oath compatible solutions become available. So let’s look at the solution in more detail: Mobile Devices Soft Certificate And Soft OTP Many Credential Types – One Integrated Platform – One Strategic Vendor