Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
Computer Science Public Key Management Lecture 5.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Cryptography 101 Frank Hecker
CSCI 6962: Server-side Design and Programming
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Session 11: Security with ASP.NET
Internet Security for Small & Medium Business Week 6
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
DIGITAL SIGNATURE.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Using Public Key Cryptography Key management and public key infrastructures.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Fall 2006CS 395: Computer Security1 Key Management.
Online Security Myths & Challenges HIGHER COLLEGES OF TECHNOLOGY Abeer Nijmeh Account Manager April 14, 2002.
Electronic Banking & Security Electronic Banking & Security.
SSL Certificates for Secure Websites
BY GAWARE S.R. DEPT.OF COMP.SCI
S/MIME T ANANDHAN.
Public Key Infrastructure from the Most Trusted Name in e-Security
Installation & User Guide
Process flow Kindly note: This presentation is automated – please do not click any of your mouse buttons or keyboard keys.
Presentation transcript:

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Ideally, individuals would each like a single digital credential that can be securely used to authenticate his or her identity anytime authentication of identity is required to secure any transaction.

How do you prove you are who you say you are? How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong? If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you? It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication. Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace. Identity and Authentication by Simon Rogerson

UTHSC-H Strategic Authentication Goals Two authentication mechanisms. –Single university ID (UID) and password –Public Key Digital ID on Token (two-factor authentication) Digital Signatures –Authenticates senders –Guarantees messages are unaltered, i.e. message integrity –Provides for non-repudiation –Legal signature Encryption of and other documents Highly Secure Access Control Potential for inherent global trust

Plug n Play Authentication Programmatic Signed and Encrypted mail Plug n Play authentication with JSP

Mass Mailing of Signed & Encrypted Automated Mailer Mailing List Signed & Encrypted LDAP Directory Service Request Recipient's Digital Cert. User Specific Messages

Plug n Play Authentication Application or Page level authX Authentication Method (optional) –Password (default) –Certificate Authorization Group (optional) –LDAP Group (with distributed group administration)

Plug n Play Authentication Client requests a resource (URL) –Resource redirects to AuthX.jsp in cert. protected directory Web Server – requests client certificate –Validates client certificate –Parses address from certificate and looks up the user in the directory –Compares the client certificate to the ‘userCertificate’ stored in the directory based on the address –Sets ‘Remote User’ to the ‘UID’ value from the directory –Allows client to access AuthX.jsp AuthX.jsp –Retrieves the ‘Remote User’ variable and assumes successful authentication –Verifies that the user is in the authorization group if specified –Redirects back to the originally requested resource

Client Browser Web Server Certificate Protected directory HTTP Request Directory Resource (UserAdmin.jsp) Request User Certificate AuthX.jsp Certificate Validation Plug n Play Authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.