Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

CP3397 ECommerce.

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

(n)Code Solutions A division of GNFC

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Lecture 23 Internet Authentication Applications

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Public Key Infrastructure from the Most Trusted Name in e-Security.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

E-C OMMERCE S ECURITY Presented by SAGAR CHAKRABORTY.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Internet Security for Small & Medium Business Week 6

PKI interoperability and policy in the wireless world.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter Seven E-Business Risks. E-Business Model Evolution EDI EDI Web pages Web pages The online environment The online environment Distributed e-business.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Key management issues in PGP

Public Key Infrastructure and Applications

SSL Certificates for Secure Websites

Electronic Commerce Systems

Public Key Infrastructure (PKI)

Information Security message M one-way hash fingerprint f = H(M)

Security in ebXML Messaging

Public Key Infrastructure from the Most Trusted Name in e-Security

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

Presentation transcript:

Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message Confidentiality (S/MIME) Session Confidence Session Confidence (SSL) Access Control Access Control (SSO/CSO) Non- repudiation Non- repudiation (SET) Integrity (Signature) 1. Certificate Granting Agent 2. Trusted Third Party 3. Security Servers and Agents 4. Certified Delivery System 5. Digital Notary Server 6. Digital Signature Generation 7. Digital Signature Verification 8. Confidentiality Key Exchange 9. Key Pair Generation PKI Certificate Management PKI Certificate Management Policy Approval Certificate Revocation Certificate Revocation Certification Archiving Certification Archiving Repository Naming and Recognition Data Archives

SupplierCustomer Collaborative Commerce Intellectual Property Search, Discovery, Offering Reputation EFTValue Logistics/SCMTheft Trusted Transactions Integrity CRM — Intimate Knowledge Privacy Marketing Selling Shipping Service and Support Design Receivables Shopping Purchasing Using, Maintaining Development Payables Receiving E-Business Information Security Vulnerabilities

Prioritizing PKI Applications ApplicationPriority Secure VPN Secure Web AccessHigh Secure Overall Risk Reduction High New Business Opportunity High Digital Signature Server IDs Desk/LapTop Encryption Medium Consolidated Sign-On SET Low

SSL - A No Brainer  Cyber-browser visits a secure site. Web Server Server Server’s public key  The Web server submits its site/server public key certificate to the browser. The channel is encrypted, the Web server identified.  The Primary PKI App today

Signing and Sealing the Envelope X.400 PEM PGP MOSS S/MIME V.3 OpenPGP Signature DMS/MSP BeingDeployed Not Being Deployed

Web Access: Portals Through the Firewall Public Web site Customer extranet Supplier extranet Employee intranet Channels extranet

EDI Transactions Require Digital Signatures and Encryption Transaction Type Invoice Application Advise Price Sales Catalog Contract Award Summary Trading Partner Profile Request for Quote Response to Request for Quote Purchase Order, Delivery Order Purchase Simple Contracts Purchase Order Change Text Message Order Status Report Functional Acknowledgment Digital Signature Required Yes No Yes No Encryption Capability Needed No Yes No

PKI Integration With Acrobat

California Independent Systems Operator PKI Architecture Master Directory Server (LDAP/X.500) Network Policy Creation Authority CA Signing Certificates Medium Assurance Medium CA High Assurance High CA Basic Assurance Basic CA Register Users Revoke Certs Registration Authority Workstation Policy Approval Authority Client Applications PKI Mail Server

ACES Architecture Subscriber App 1 CAM Browser CA 1 Cert CA 2 Cert CA N Cert App 1 PrivateKey App 1 Cert (FIPS 140-1) SubscrbrPrivateKey Subscrbr Cert (HW Token Opt’l) Agency List of Invalid Cert IDs Audit Log CA 1 Cert CA 2 Cert CA N Cert CAM: -Parse Cert -Verify SubscrbrCert Issuer as an ACES CA -Verify SubscrbrCert Issuer’s signature -Verify SubscrbrCert’s operational period -Check cached Invalid Cert IDs -Get route to Issuer -Send signed Status Request & Cert data to Issuer -Receive signed Status Response -Verify Status Response signature -Pass status & cert data to App -Log audit data App API CAM ACES CA N (FIPS 140-1) CA N PrivateKey ACES CA 2 (FIPS 140-1) CA 2 PrivateKey ACES CA 1 (FIPS 140-1) CA 1 PrivateKey RSA DSA ECDSA Crypto API CA API cert status + cert fields RSA, DSA DSA, ECDSA RSA CA 1 SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert RSA CA 2 SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert RSA CA N SubscrbrCerts CA 1 Cert CA 2 Cert CA N Cert

“Brand B” CA Private Key Token Digital ID “Four Corner Transaction” ManufacturerTrading Partner Place Order Receive Order Digital Order BBE E41675DE 6F4593D8 71D2BDA7 20 D519E511 6B7824C5 0B70E1E7 40C1BC36 30 C2AD5ACD 80CB D066A E707418C 40 C08BACF5 1A ED2BF17 2E55DBF2 50 F657EE32 27A84F70 51A2FB63 Digitally Signed Private Key Token Digital ID Provides verification of identities & signatures and assurance (“TRUST”) Facilitate interbank certificate checking Utilize tools to allow interoperability across CA’s and supplies software developers toolkit with standard functionality to member banks Private Key Token Digital ID BANK A BANK B “Brand A” CA Private Key Token Digital ID Source: Entegrity Solutions

European Private Banking (Anon) Private, personal, retail banking & brokerage services Operation in fiscal haven with strict bank secrecy laws Worldwide Customer Base Smartcards with certificate client credentials SSL, User ID, password model was not appropriate Transparent certificate management Initial smartcard/certificate issuance

Bolero directory services registration authority sends public key certification of public key registry certification authority identification exchange of EDI messages exporter carrier bank private key sent by registration authority

Transuranic Reporting and Inventory Processing System (TRIPS)

PKI Case Studies

PKI Integration Scorecard Comments Web BrowsersASSL --> TLS and Wireless AS/MIME;PGP -->OpenPGP VPNsB+IPSec, IPV6 E-FormsB+Signing, Encrypting PackagedDDriven by Webification, ASPs Applications Legacy/CustomFBridging RACF, DCE/Kerberos Applications

Wireless Application Protocol Compare/Contrast to Web