Presentation is loading. Please wait.

Presentation is loading. Please wait.

05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.

Published byDiane Horn Modified over 8 years ago

Similar presentations

Presentation on theme: "05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen."— Presentation transcript:

1 05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor

2 05/03/2011Pomcor 2 Contents The following slides illustrate protocol steps described in the white paper “ Achieving the Privacy Goals of NSTIC in the Short Term ” available at http://pomcor.com/whitepapers/NSTICWhitePaper.pdf There are three protocol variations: Attribute verification Delegated authorization Social login

3 05/03/2011Pomcor 3 Attribute Verification

4 Attribute Provider Browser Relying Party Attribute request + Callback URL Step 1

5 Attribute Provider Browser Relying Party Attribute request + one-time Public Key Retains callback URL. Produces one-time key pair, retains one-time private key. User’s long term TLS certificate Step 2

6 Attribute Provider Browser Relying Party One-time cert binding attribute to one-time public key Step 3

7 Attribute Provider Browser Relying Party Asks user’s permission to pass attribute to relying party Step 4

8 Attribute Provider Browser Relying Party Uses one-time private key in TLS handshake Step 5 One-time cert used as TLS client cert Targets callback URL Browser Success

9 05/03/2011Pomcor 9 Delegated Authorization

10 Site holding user’s account Browser Web application Access request + One-time public key + Callback URL Step 1

11 Browser Access request + one-time Public Key Retains callback URL User’s long term TLS certificate Step 2 Site holding user’s account Web application

12 Browser One-time cert binding access grant to one-time public key Step 3 Site holding user’s account Web application

13 Browser Asks user’s permission to grant access to application Step 4 Site holding user’s account Web application

14 Browser Step 5 Browser One-time cert with access grant Targets callback URL Site holding user’s account Web application

15 Browser Step 6 Browser One-time cert with access grant used as TLS client cert Site holding user’s account Web application

16 05/03/2011Pomcor 16 Social Login Combines attribute verification And delegated authorization

17 Attribute Provider Browser Attribute request, access request, app’s one-time public key, callback URL Step 1 Web application

18 Attribute Provider Browser User’s long term TLS certificate Step 2 Retains callback URL. Produces browser’s one-time key pair, retaining private key. Attribute request, browser’s one-time public key, access request, app’s one-time public key Web application

19 Attribute Provider Browser One-time cert binding attribute to browser’s one-time public key + one-time cert binding access grant to app’s one-time public key Step 3 Web application

20 Attribute Provider Browser Asks user’s permission to pass attribute and grant access to application Step 4 Web application

21 Attribute Provider Browser Step 5 Browser One-time cert with access grant Uses one-time private key in TLS handshake One-time cert with attribute used as TLS client cert Targets callback URL Web application

22 Attribute Provider Browser Step 6 Browser One-time cert with access grant used as TLS client cert Web application

Download ppt "05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen."

Similar presentations

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (http://pomcor.com/)

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Similar presentations

Ads by Google