User Interface Requirement for the Internet X.509 PKI Jaeho Yoon (on behalf of Tae K. Choi) KOREA INFORMATION SECURITY AGENCY August 4, 2004.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Getting Started To start the process, procure the Digital Signature Certificate Enrollment Kit from Signature World or its Registration Authorities. The.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
Abdelilah Essiari Gary Hoo Keith Jackson William Johnston Srilekha Mudumbai Mary Thompson Akenti - Certificate-based Access Control for Widely Distributed.
Using Digital Credentials On The World-Wide Web M. Winslett.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Norman Online Backup All your files Always available.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Configuring Active Directory Certificate Services Lesson 13.
Public Key Infrastructure from the Most Trusted Name in e-Security.
IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Electronic Public Record What is it, and Where Can Agency Lawyers Find It?
Masud Hasan Secue VS Hushmail Project 2.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.
KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
HEPKI-TAG UPDATE Jim Jokl University of Virginia
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 2: Installing Windows 2000 Professional. Overview Preparing for Installation Installing Windows 2000 Professional from a Compact Disc Installing.
Section 2 Section 2.1 Identify hardware Describe processing components Compare and contrast input and output devices Compare and contrast storage devices.
Configuring Directory Certificate Services Lesson 13.
CAMP PKI UPDATE August 2002 Jim Jokl
Implementing EFECT Easy Fast Efficient Certification Technique Ivan Nestlerode Bell Labs Lucent Technologies Based on EFECT paper by: Phil MacKenzie, Bell.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Week #3 Objectives Partition Disks in Windows® 7 Manage Disk Volumes Maintain Disks in Windows 7 Install and Configure Device Drivers.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Exporting User Certificate from Internet Explorer.
Chapter 3 Installing and Learning Software. 2Practical PC 5 th Edition Chapter 3 Getting Started In this Chapter, you will learn: − What is in an application.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Module 5: Configuring and Managing File Systems. Overview Working with File Systems Managing Data Compression Securing Data by Using EFS.
Creating and Managing Digital Certificates Chapter Eleven.
IDI Conference The digital signature of InfoCamere a practical and effective means for business Turin, 6 th of June Gabriele DA RIN.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.
Chapter 3 Installing and Learning Software
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
Looking Inside the machine (Types of hardware, CPU, Memory)
Cloud vs Local: Better Data Storage Device
Public Key Infrastructure from the Most Trusted Name in e-Security
While the audience is gathering. During breaks etc
Online software and backups
Website Testing Checklist
Introduction to Cryptography
Presentation transcript:

User Interface Requirement for the Internet X.509 PKI Jaeho Yoon (on behalf of Tae K. Choi) KOREA INFORMATION SECURITY AGENCY August 4, 2004

Overview  Individual Document  Purpose of this Draft To define basic requirements of user interface at PKI client software  Scope of Basic Requirements Security InteroperabilityUsability

Why UI ?  PKI technologies are well developed, but PKI related S/W offers poor usability  PKI application is suffered by bad interaction between user and PKI application due to the complexity of PKI technology - Grandparents and even my friends have some trouble - Understand the subscriber’s view : It’s easy for us, but others not  It’s not only about UI design issue, but also technical issue “Some kinds of requirement are needed”

What are we looking for ?  Simple and automated PKI - According to our survey on subscribers  Transparent PKI operation  Plug-and Play PKI - from Peter Gutmann’s paper : Plug-and-Play PKI  PKI Black Box - from Adams and Lloyed’s book : Understanding PKI “Usable PKI S/W by User Friendly Interface”

Security Requirement  Client software installation and upgrade Should be obtained in secure manner Automatic update function  Root CA certificate trust mechanism The relying party should obtain the root CA certificate and public key in secure manner A user from third party certificate that can not installed in web browser has difficulty in identifying their own root public key trust relationship Automatic update function

Interoperability Requirement  Certificate and Private Key Sharing Mechanism One certificate to many applications Increasing certificate mobility  Requirements Common Storage Location Storage Format File naming rule (certificate/private key)

Common Storage Location  To define a common path to store certificate and private key  Example In case of hard disk in MS Windows system : C:\Program Files\IETF\PKIX IETF : PKI domain name PKIX : Organization name in DN

File naming rule for certificate private key  On updating CA certificate and having a certificate which has muti-identical DN, it is required to use an unique file name  SKI (Subject Key Identifier ) SKI value_serial number.der SKI : Hex number of forty digits Serial number : Decimal number Example for MS Windows : C:\Program Files\IETF\PKIX\SKI value_serial number.der

Storage Format  Increasing compatibility in different client software  Unified format for storing certificate and private key is required  Certificate : DER or PEM format  Private Key : PKCS #5 & PKCS #8

Usability Requirement  Certificate Representation Certificate information area Storage type selection area Certificate Management area  Categorization of Storage Medium Hard disk Floppy disk CD USB Drive, token, and key Smartcard

Thank you !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.