AuthenticationAccess Management Developer Solutions Digital Signatures The profile of PKCS #11 v2.11 for mobile devices Magnus Nyström PKCS Workshop April.

Slides:

Advertisements

Similar presentations

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Advertisements

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

Web security: SSL and TLS

PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

PKCS #9 v2.0 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

Individual Bidder Enrollment

SSL Implementation Guide Onno W. Purbo

Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Haidong Xue.  Part One: Review of the Knowledge in Textbook goals, issues, solutions  Part Two: Current Application X509.V3  Part Three: Future Work.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

14 Sept 00 PKCS#11 Interoperability/Conformance Testing John Hughes PKIForum meeting Montreal - 14 September 00.

13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

St.Petersburg- Nokia Student Business Competition Irina Pritykina & Hyun Park 1.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Object-Oriented Enterprise Application Development Course Introduction.

Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.

Why Johnny Can’t Encrypt A Usability Evaluation of GPG 5.0 Presented by Yin Shi.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Project situation analysis and technical reporting UNEP/GEF FNR_Rio project – 3 rd Project Steering Committee, March 13 th, 2012, Tehran, Iran Peter Herkenrath,

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

Independent Office of Evaluation C OMMUNICATING EVALUATIONS The experience of the Independent Office of Evaluation of IFAD.

Secure Credential Manager Claes Nilsson - Sony Ericsson

National Information Exchange Model Update for the Global Advisory Committee Spring 2008 Meeting April 10, 2008 NIEM Technical Architecture Committee (NTAC)

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.

Leveraging UICC with Open Mobile API for Secure Applications and Services.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

S/MIME and Certs Cullen Jennings

CHEM 146C, SPRING 2010 Advanced Physical Chemistry Laboratory Instructor: Yat Li, PSB 160, , Group website:

March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG.

AuthenticationAccess Management Developer Solutions Digital Signatures PKCS Workshop April 2003 San Francisco, CA.

Energy Networks Association RIIO-ED1 Update for Suppliers December 2012.

©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.

Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.

Peter Gutmann A PKCS #11 Test Suite Peter Gutmann

MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.

Cryptoki Authentication Models, v2.11? and v3.0 Matt Wood Software Architect Intel Corporation.

April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.

December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.

Latin American Center Business and Services Project Julio Vallejo Medina Project Manager Seinajoki university of Applied Sciences.

CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working.

 Comprehensive interviews with administrative staff are complete and findings are being collated and prepared in written form for Full Committee review.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

PV204 Security technologies

RSA Laboratories’ PKCS Series - a Tutorial

RSA Laboratories’ PKCS Series - a Tutorial

Magnus Nystrom RSA Laboratories PKCS Workshop, 1999

OIC Plan of Action for the Advancement of Women (OPAAW) Document

Formats for long term signatures

Transmission Workgroup July 2012

Presentation transcript:

AuthenticationAccess Management Developer Solutions Digital Signatures The profile of PKCS #11 v2.11 for mobile devices Magnus Nyström PKCS Workshop April 2003

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Objectives Motivation, relation to earlier work, etc. was done at the October 2002 workshop in Paris, France —Presentation available from ml ml This segment to focus on the current draft —Intent is to highlight any issues before submitting a final version

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Draft 3 – Highlights Contains two profiles —Signature device profile —Communication device profile Contains some common requirements —Session support (one r/w, ten r/o simultaneously) —Thread handling (option 4) from PKCS #11 v2.11)

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Signature device profile Object classes —(X.509) Certificate, (RSA) private key, (RSA) public key Attributes —Matrix listing objects and associated supported attributes —In principle, all attributes for the given objects need to be supported (not CKA_DERIVE, CKA_START_DATE, CKA_END_DATE, CKA_WRAP, CKA_UNWRAP, CKA_ENCRYPT, CKA_VERIFY_RECOVER, CKA_DECRYPT, CKA_SIGN_RECOVER) Mechanisms —CKM_RSA_KEY_PAIR_GEN —CKM_RSA_PKCS —CKM_MD5_RSA_PKCS —CKM_SHA1_RSA_PKCS —CKM_SHA_1 —CKM_MD5

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Signature device profile, continued Functions —All functions in the “Base API” in existing conformance document —In addition, C_SetPIN, C_GetSessionInfo,C_Login,C_Logout,C_CreateObject, C_DestroyObject,C_SetAttributeValue, C_DigestInit, C_Digest, C_SignInit, C_Sign, C_VerifyInit, C_Verify, C_GenerateKeyPair, C_SeedRandom, C_GenerateRandom

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Communication device profile Object classes —(X.509) Certificate, (RSA) private key, (RSA) public key, (RC4 or 3DES) secret key Attributes —Matrix listing objects and associated supported attributes —In principle, all attributes for the given objects need to be supported (not CKA_START_DATE, CKA_END_DATE, CKA_VERIFY_RECOVER, CKA_SIGN_RECOVER) Mechanisms —CKM_RSA_KEY_PAIR_GEN,CKM_RSA_PKCS,CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS,CKM_SHA_1,CKM_MD5,CKM_SHA_1_HMAC, CKM_RC4 or CKM_3DES_CBC, and all CKM_SSL3_* and CKM_TLS_* mechanisms

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Communication device profile, continued Functions —Same as for signature device profile + encrypt/decrypt and wrap/unwrap

AuthenticationAccess ManagementDigital SignaturesDeveloper Solutions Open issues None, to my knowledge Remaining to be done —Editorial corrections (Laszlo has pointed out some errors) —Publish final draft (next week) Two week review period Others?