Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux on zSeries Module 6: Cryptography

Published byHortense Neal Modified over 6 years ago

Similar presentations

Presentation on theme: "Linux on zSeries Module 6: Cryptography"— Presentation transcript:

1 Linux on zSeries Module 6: Cryptography

2 Objectives Define cryptography
State the three components of cryptography. List the steps of basic authentication. List the four services provided by CCA. List the master keys held by CCF. State two differences between PCICC and PCICA. State the function of the ICSF. List the three parts of UDX implementation.

3 Objectives, continued State the purpose of the z90crypt.
Describe how VM functions with a crypto device. List the functions provided by hardware services for PCICC. List the functions provided by hardware services for PCICA. List four functions performed by z90crypt. List which features are offered for the z800. List which additional features are offered for the z990.

4 Cryptography It is the science of coding messages into a form that prevents anyone but the intended recipient from being able to read them. It is the mathematics of security since it is based on mathematical algorithms and includes the functions of decryption, encryption, authentication, and integrity. Cryptographic coprocessors are dedicated to performing the following tasks: Provides very fast Data Encryption Standard (DES) encryption. Message authentication code checking (MACing). Key management. PIN functions. Has a secure and fast RSA (Private Key Architecture) signature and key distribution capability. The RSA key distribution functions are becoming critical to the enablement of SSL implementations on z/OS.

5 Cryptography components
Encryption The process of protecting information (encoding it) as it moves from one computer to another by applying a complex mathematical algorithm to it before it is sent. When received it must be decoded with a secret key or the information will remain undecipherable. Authentication A security measure or "technique" by which access to resources requires the user to enter a username and password. Authentication ensures that the person at the other end of a digital connection is the approved user. Integrity or data integrity Makes sure that the data you receive has not been modified since it was sent.

6 Authentication Basic Authentication
Method whereby the security server (such as RACF for z/OS) uses passwords to authenticate the user's authority to use an “identity”. Occurs when a user accesses the system and claims to be a particular user by specifying a user ID. User ID is used by the given security server as a search key to look up the predefined identity record associated with the claimed user ID within the user registry. If the record is found and password matches with the password supplied, the user is considered to be authenticated.

7 Common Cryptographic Architecture (CCA) defines services for:
Key management Includes generation and exchange of keys securely across networks and between application programs. Exchanged key is securely encrypted using either DES or a Public Key Algorithm used in the context of symmetric key management (same key used for both encrypt and decrypt). Data integrity Uses a Message Authentication Code (MAC) or digital signature. Data confidentiality Uses encryption and decryption capabilities accessible at all levels of a network protocol stack. Personal authentication PIN generation, verification, and translation.

8 CCA key management functions
Master Key concept Master Key is kept in the clear inside the cryptographic facility, which is a highly secured physical repository. Each operational DES key is encrypted under the appropriate Master Key variant, allowing an installation to protect many keys while providing physical protection for only one key. PKA keys (Private Key Access) The concept of Master Key is also applied to PKA keys that are encrypted under the PKA Master Key. Key separation For DES keys, key separation is enforced through the use of control vectors (CV). CVs produce a unique Master Key for each key type. These different master keys protect keys operating on the system; they are referred to as operational keys. CV concept also applies to the secure transportation of symmetric keys, where the transported key is encrypted under a variant of the key-encrypting-key. For example, when a key is stored with a file or sent to another system, the key is encrypted under a key-encrypting key.

9 Encryption Diagram

10 CCF Cryptographic Coprocessor Facility (CCF)
This refers to the CMOS cryptographic coprocessor feature logic attached to a central processor on zSeries systems. There are one or two CCFs per system in the standard z900, and each CCF has 16 domains. Each domain holds the following set of Master Keys: DES Master Key PKA KMMK key management MK PKA SMK signature MK PKA private keys are protected under two layers of DES encryption. They are encrypted under an Object Protection Key (OPK), which in turn is encrypted under the SMK or KMMK. The OPK is generated for each private key at import time.

11 PCICC vs. PCICA Peripheral Component Interconnect Cryptographic Coprocessor (PCICC) Implements two Master Keys: DES Master Key, called the Symmetric Master Key PKA Master Key, called the Asymmetric Master Key Crypto card has an operating system and an essentially standard C programming environment for the implementation of new secure functions. Users can create their own unique functions within the secure boundary of the PCICC card. These functions are accessed via extensions to the Integrated Cryptographic Services Facility (ICSF), which is the z/OS host access method to all zSeries cryptographic hardware. Customer-unique functions are provided by user-defined extensions (UDX). Excellent RSA performance, especially for the RSA private key operation that is used in the SSL handshake.

12 zSeries integrated cryptography implementation
ICSF transparently routes application requests for cryptographic services to one of the integrated cryptographic engines, either a CCF or a PCICC, depending on performance or requested cryptographic function. RSA signature generation and verification operations (with 1024-bit or shorter keys), such as those typically used by SSL, are routed to both CCF and PCICC engines. RSA Key Generation is performed only on PCICC engines. Software communication to the crypto modules within the features is provided via z90crypt driver for Linux on zSeries, which exploits the crypto hardware for asymmetric algorithms used by SSL to achieved performance improvements.

13 UDX Implementation on zSeries
An ICSF callable service, which when called by a user application will invoke the UDX code being executed in the PCICC. This is a user defined host service that matches the specific UDX code running in the card. Applications call the service using a designated number. The PCICC UDX code, which is the coprocessor piece installed by the user into the PCICC code itself and is intended to be invoked by the ICSF service. A UDX is designated by a specific two-character identity. A service “stub”, to be link-edited with the application calling the user defined service for proper dispatching of the service by ICSF.

14 Cryptographic Coprocessors Work in zSeries

15 Physical Coprocessor Domains and Logical Coprocessors
15 domains in physical CCF or PCICC (for the z900). Each LPAR uses a dedicated domain. Domain is designated in the LPAR image profile and in the ICSF Options Data Set. Each domain has a physically separate set of master keys. Up to 18 "logical crypto" (2CCF + 16 PCCiCC/PCICA) per domain/LPAR.

16 Crypto support for z/VM™ and Linux
PCICC and PCICA features provide cryptographic support for SSL in Linux environments. Crypto support is only available on G5 and higher servers. For Linux environments, there is no requirement for ICSF. The software communication to the crypto modules within the features is provided via IBM Linux software driver support. To use a cryptographic coprocessor, the guest operating system has to be able to recognize application requests for cryptography, pass the requests to the cryptographic hardware, and return the results to the application. The z90crypt driver for Linux on zSeries and S/390 exploits the PCICC and PCICA cryptographic hardware for those asymmetric algorithms used by SSL, which results in significant performance improvements for SSL transactions.

17 Linux Access to the Integrated Cryptography – z/VM

18 Support for hardware coprocessors
Linux on zSeries does not support the CCF coprocessors. Instead, a generic device driver, z90crypt, is provided to route the cryptographic work to the PCICC or PCICA cards. z90crypt focuses on RSA cryptographic operations. This provides hardware assistance to the SSL handshake. Extent of the hardware assistance depends on whether PCICC or PCICA cards are used, all functions are performed using clear keys only. If PCICC cards are to be installed, the PCICC FCV (for FICON use) diskette must have been imported and loaded into the HSA (Hardware System Area) for proper initialization of the PCICC card (s) at installation time. There is no hardware assistance provided for symmetric encryption and decryption; this is because it is performed, for instance, during the data transfer part of the SSL protocol.

19 z90crypt Generic Driver

20 z90crypt and virtualization

21 Virtualization Open the Linux LPAR image profile.
LPAR definition (the system administrator would do this for you): Open the Linux LPAR image profile. Select the panel with the Processor tab, this offers the choice of the two built-in Cryptographic Coprocessor Features (CCFs). Chose one or both for carrying on the PCICC/PCICA card configuration of your LPAR, as the CCF does not operate under Linux. Select a unique cryptographic domain for the LPAR. When the CCF(s) are selected, two further tabs appear to the right, the “crypto” tab and the “PCI crypto” tab; do the following: Select the panel with the “crypto” tab and assign a unique usage domain index to your partition. Make the control domain index the same as the usage domain index. The index is a number between 0 and 15. The cryptographic domain must be unique to the LPAR— different from the cryptographic domain for any other LPAR. (The choice; however, has no visible effect since the PCICC will be operated using clear keys.) Select the panel with “PCI Crypto”. This offers a choice of PCICCs and/or PCICAs cards to be made available to the partition, and to be brought automatically online at partition activation. Be aware; however, that z90crypt uses only PCICAs when both types of adapters are installed.

22 Using a crypto device in VM
VM/CP provides VM guest machines with access to the real cryptographic coprocessors. This does not mean that it provides simulation of hardware cryptographic coprocessors (that is, real coprocessors must be operating in the system). VM/CP intercepts the crypto instructions issued by the guest machines and manages the request queues for the guests sharing the coprocessors. Giving access to the cryptographic coprocessors to a VM guest machine consists of two steps: The guest machine must be permitted to use the crypto coprocessors in its entry of the VM directory. The crypto device must also be defined in the operating system running in the guest machine. For Linux for zSeries, this consists of: Creating the device node. Loading and activating the device driver.

23 CRYPTO directory control statement
Allows a virtual machine to use the hardware cryptographic coprocessors. To use the PCICC or PCICA, the new APVIRT operand should be specified (CRYPTO APVIRT). APVIRT operand tells CP that this virtual machine may use the clear-key functions of the Adjunct Processor cryptographic facility. The CRYPTO statement, if included in the directory entry, must appear after the USER statement and before any device statements. You do not need to specify the DOMAIN or CCF operands when specifying the APVIRT operand. Don’t specify a DOMAIN number, since each guest would then require a unique number in the range 0 to 15. Important: Querying the crypto facility from VM maint, or from the guest VM,or by using the z90crypt status may return a domain number. This is a virtual domain attributed by VM/CP, which is irrelevant to the hardware crypto support as provided by Linux.

24 The provided hardware services
If PCICC cards are used, the following operations can be performed by the coprocessors: PKCS#1.2 RSA Public Key Encrypt (using clear key) PKCS#1.2 RSA Private Key Decrypt (using clear key) Pseudo Random Number Generation PKCS#1.2 consists of the following four steps: Encoding Encryption Decryption Decoding - for PKCS 1.2, this means stripping the padding from the message This operation is performed by the SSL server. So, if z90crypt provides PCICC support to an SSL server during the handshake phase, the last two steps are performed by the hardware, otherwise the z90crypt will perform them. If PCICA cards are used, the following hardware services are provided (still using clear keys only): RSA Public Key Encryption RSA Public Key Decryption RSA Private Key Encryption RSA Private Key Decryption Pseudo Random Number generation

25 Access to cryptographic services
Linux for zSeries applications are not expected to call z90crypt directly; instead, they would look for cryptographic services as provided by higher-level APIs, such as: the PKCS#11 API downloadable from openSSL “engine” with the ibmca crypto adapter interface; it is downloadable from Both of these APIs invoke cryptographic services from the libica shared library, which in turn, invokes the z90crypt driver to perform the hardware operations.

26 Functions of z90crypt API
Checking hardware status There is an ioctl interface for checking on underlying hardware in z90crypt. You supply a structure ica_z90_status_t as the argument. When control returns, you will have the number of cards installed and a mask showing which cards are installed; for example: rc=ioctl(dh,ICAZ90STATUS,my_z90crypt_status); where, rc is your name for the ioctl return code, dh is your name for the z90crypt device handle, and my_z90crypt_status is your name for your structure of type ica_z90_status, in which the status data is to be written. Random number generation If you do a read from z90crypt, you will get back a string of pseudo random bytes. For read, you cannot specify a buffer length of more than 256 bytes; for example: rc =read (dh,my_buffer,number_of_bytes); where, my_buffer is your name for the byte-array, where the random bytes will be loaded in response to the read. Modular or CRT exponentiation (decryption) The functions are ICARSAMODEXPO and ICARSACRT. They correspond to the CSNDPKD service provided by ICSF in z/OS; that is, decryption of PKCS#1.2 formatted data using an RSA private key. This depends on whether the clear private key is presented in the modulus-exponent format or in the CRT format.

27 Functions Quiescing Returns from read and ioctl
You need root authority to perform quiescing. You can “quiesce” z90crypt by executing an ioctl with function code ICAZ90QUIESCE. This lets the driver finish any outstanding work, but prevents any new work from being submitted. After 30 seconds, either all outstanding requests will be completed, or else there questing process will be notified that its work will not be completed. The only way to “un-quiesce” z90crypt is to unload it and then reload it; for example: rc =ioctl(dh,ICAZ90QUIESCE). Returns from read and ioctl A return code of 0 means everything went well and the result is in your output buffer. Return codes greater than 0 have the following meanings: 8 Invalid operand 16 Device not available 17 Error in pkcs 1.2 padding (no room for required padding) 24 Error copying to or from user space

28 How the z990 differs in cryptography
The z990 processor includes limited hardware cryptographic capability in its first General Availability phase (“GA1”). The GA1 hardware cryptographic capability includes the PCI Cryptographic Accelerator card (“PCICA”), and a new set of hardware instructions contained in the CP Assist for Cryptographic Functions (“CPACF”). This can exploit the platform now for customers currently using SSL/TLS and IPSec for their IP applications. Only VTAM Session Level Encryption (SLE) and a subset of SSL/TLS and IPSec functions require the hardware cryptographic function of the GA2 PCIX Cryptographic Coprocessor (“PCIXCC”).

29 How the z990 differs in cryptography
The z990 processor includes limited hardware cryptographic capability in its first General Availability phase (“GA1”). The GA1 hardware cryptographic capability includes the PCI Cryptographic Accelerator card (“PCICA”), and a new set of hardware instructions contained in the CP Assist for Cryptographic Functions (“CPACF”). This can exploit the platform now for customers currently using SSL/TLS and IPSec for their IP applications. Only VTAM Session Level Encryption (SLE) and a subset of SSL/TLS and IPSec functions require the hardware cryptographic function of the GA2 PCIX Cryptographic Coprocessor (“PCIXCC”).

30 Q&A for cryptographic support for z990 servers
What cryptographic hardware is supported on the z990 servers? What are the recent changes to the cryptographic hardware feature availability on the z990 server? The PCIX Cryptographic Coprocessor (PCIXCC) feature supports MES upgrades from z900 to z990, new orders for z990 servers, and MES upgrades for existing z990 servers. The Trusted Key Entry (TKE) workstation 4.0 code level, feature code 0851. What cryptographic hardware features are supported on the z990 server? CP Assist for the Cryptographic Function (CPACF), PCICA and PCIXCC. What cryptographic functions are supported by the cryptographic hardware? All critical Cryptographic Coprocessor Facility (CCF) and all PCICC functions will be provided on PCIXCC. PCICA is a very fast cryptographic accelerator designed to accelerate the performance of the complex RSA cryptographic operations used with SSL and TLS protocols supporting e-business. CP Assist for Cryptographic Functions (CPACF) will provide support for a set of symmetric cryptographic functions such as DES, Triple DES, and SHA1, with a 'key in the clear' interface. These cryptographic functions are aimed at encryption, decryption, and hashing of data transferred over open networks. PCIXCC, feature code 0868 works with the Integrated Cryptographic Service Facility (ICSF) and RACF [or equivalent software products] in a z/OS operating environment to help provide data privacy, data integrity, cryptographic key installation and generation, electronic cryptographic key distribution, and personal identification number (PIN) processing, as well as programmable functions via User-Defined Extensions (UDX). The PCIXCC is a replacement for the PCICC and the CMOS Cryptographic Coprocessor Facility (CCF) that were offered on z900. All of the equivalent PCICC functions that are implemented offer higher performance. In addition, the functions on the CMOS Cryptographic Coprocessor Facility, as used by known applications, have also been implemented in the PCIXCC feature. What are the z/OS software requirements for cryptographic function and hardware on the z990 server? The Web deliverable will include Integrated Cryptographic Service Facility (ICSF) support for the CP Assist for Cryptographic Function, PCI Cryptographic Accelerator (FC 0862), and the new PCIX Cryptographic Coprocessor (FC 0868) feature. This will be an un-priced and optional Web deliverable. The z990 Cryptographic Support is available for the z/OS V1.4 , z/OS V1.2, z/OS V1.3, and O/S390 V2.10.

31 Q&A for cryptographic support for z990 servers
What cryptographic hardware is supported on the z990 servers? What are the recent changes to the cryptographic hardware feature availability on the z990 server? The PCIX Cryptographic Coprocessor (PCIXCC) feature supports MES upgrades from z900 to z990, new orders for z990 servers, and MES upgrades for existing z990 servers. The Trusted Key Entry (TKE) workstation 4.0 code level, feature code 0851. What cryptographic hardware features are supported on the z990 server? CP Assist for the Cryptographic Function (CPACF), PCICA and PCIXCC. What cryptographic functions are supported by the cryptographic hardware? All critical Cryptographic Coprocessor Facility (CCF) and all PCICC functions will be provided on PCIXCC. PCICA is a very fast cryptographic accelerator designed to accelerate the performance of the complex RSA cryptographic operations used with SSL and TLS protocols supporting e-business. CP Assist for Cryptographic Functions (CPACF) will provide support for a set of symmetric cryptographic functions such as DES, Triple DES, and SHA1, with a 'key in the clear' interface. These cryptographic functions are aimed at encryption, decryption, and hashing of data transferred over open networks. PCIXCC, feature code 0868 works with the Integrated Cryptographic Service Facility (ICSF) and RACF [or equivalent software products] in a z/OS operating environment to help provide data privacy, data integrity, cryptographic key installation and generation, electronic cryptographic key distribution, and personal identification number (PIN) processing, as well as programmable functions via User-Defined Extensions (UDX). The PCIXCC is a replacement for the PCICC and the CMOS Cryptographic Coprocessor Facility (CCF) that were offered on z900. All of the equivalent PCICC functions that are implemented offer higher performance. In addition, the functions on the CMOS Cryptographic Coprocessor Facility, as used by known applications, have also been implemented in the PCIXCC feature. What are the z/OS software requirements for cryptographic function and hardware on the z990 server? The Web deliverable will include Integrated Cryptographic Service Facility (ICSF) support for the CP Assist for Cryptographic Function, PCI Cryptographic Accelerator (FC 0862), and the new PCIX Cryptographic Coprocessor (FC 0868) feature. This will be an un-priced and optional Web deliverable. The z990 Cryptographic Support is available for the z/OS V1.4 , z/OS V1.2, z/OS V1.3, and O/S390 V2.10.

32 Q&A Continued What are the functions and attributes of the CP Assist For Cryptographic Function (CPACF), PCIX Cryptographic Coprocessor (PCIXCC), and PCI Cryptographic Accelerator Features? The following table summarizes the functions and attributes of the three cryptographic hardware features:

33

34 Features Continued

35 Q&A What ICSF services are available with the PCIXCC feature?
All critical ICSF services that currently execute on the z900 CCF and PCICC features are planned to be supported by the PCIXCC. What cryptographic functions will be no longer be supported by ICSF? Digital Signature Algorithm (DSA) signature and key generation. American National Standard Institute (ANSI) x9.17 services (offset and notarization), and associated key types. Ciphertext_translate (CSNBCTT). German Bank Pool-Pin offset. User Derived Keys (CSFUDK). This is being replaced by CSNBDKG. Commercial Data Masking Facility algorithm (CDMF), commonly known as 40 bit DES.

36 Q&A continued What releases of operating systems are required to support the three (PCIXCC, CPACF, PCICA) cryptographic hardware features on z990 servers? PCICA: z/OS Version 1.3 and later z/OS V1.2 September 19, 2003 OS/390 V2.10 November 21, 2003) z/VM V4.2 and later (for Linux Guests only) SuSe Linux SLES 7 and later distributions for zSeries VSE/ESA V2.7 and IBM TCP/IP for VSE/ESA V1.5 CPACF: z/OS Version 1.3 and later z/VM V3.1, V4.2 and later (for guests only) PCIXCC: z/OS V1.4 and later z/OS V1.3 October 17, 2003 OS/390 V2.10 November 21, 2003 IBM Statement of Direction (SOD) for z/VM guests in the future

37 Q&A z990 Will UDX written for zSeries Servers function on z990 servers? UDXs that are supported on the current systems will not function on z990 servers without modification. A port of existing UDX to the new PCIXCC environment on z990 servers will be needed. Will a new UDX be supported on z990 servers? Yes, but the UDX Toolkit will not be available for z990 servers. Customers will need a UDX service contract with IBM Global Services for UDX development and support. via the following IBM 'Cryptocards' Web site by selecting the “Custom programming” option. Will the use of cryptographic functions on the PCIX Cryptographic Coprocessor (FC 0868) feature require enablement? No; however, CP Assist for Cryptographic Function feature code 3863 is a prerequisite. Does the PCIX Cryptographic Coprocessor (FC 0868) feature require a FCV diskette? No.

38 Q&A z990 continued How can a customer help ensure that both the clear key and secure key cryptography functions are configured for high availability on the z990? For availability, more than one feature of any given type, PCICA or PCIXCC, should be installed to avoid a single point of failure. Further, assignment of multiple PCI coprocessors to one logical partition should be spread across multiple PCI features. Does the use of RSA Retained private keys limit availability? Yes, the use of retained private keys creates an application single point of failure. Since RSA Retained private keys cannot be copied, backed up, or scaled from a performance perspective, these keys should only be used if mandated by the customers' security policy. For those customers that require a private key that is intended to be shared across logical partitions, they should use RSA keys encrypted under a host master key instead of a retained key. The use of the RSA keys encrypted under a host master key will prevent the loss of the key associated with the RSA Retained private key specific to the PCIXCC coprocessor.

39 Q&A z990 continued Will there be an update to the Trusted Key Entry (TKE) workstation? Yes, with the introduction of the PCIXCC feature there will be a new release of the TKE workstation code, version 4.0, feature code 0851. Will customers with TKE 3.x workstations be able to cryptographically control the z990 server? They may carry forward TKEs with LAN connectivity feature codes 0866, 0869, 0876, 0879, 0886, and 0889 to control legacy systems only. For customers with 9672 G5 or G6 S/390 servers or z800 or z900 zSeries servers, an update from TKE 3.0 or 3.1 level to TKE 4.0 level code is required to control these servers and the z990 server. What are the migration requirements for customers with TKE 3.x workstations? To use the TKE function, the PCIXCC feature, the TKE 4.0 code (FC 0851) must be installed and the CPACF must be enabled.

40 Q&A z990 continued What are the maximum number of PCIXCC and PCICA features allowed on the z990 server? The maximum number of PCIXCC (FC 0868) and PCICA (FC 0862) features supported on z990 are four (4 ) and six (6), respectively. However, the total number of PCICAs and PCIXCCs cannot exceed eight (8) features per system. Can I upgrade my present z990 with the PCIXCC feature without an outage? The design of the PCIXCC cards allows for non-disruptive upgrades except for in the following environments: A z990 with insufficient I/O slots. A z990 with the designated PCIXCC slots filled. If the designated slots are available, the PCIXCC cards can install without a disruption. If the configuration output when ordering a Cryptographic upgrade (PCIXCC) includes an additional I/O cage, this upgrade although disruptive will not require customer modifications to their IOCDS (channel definition).

41 z800 Cryptographic Coprocessor Security PCI Crypto Coprocessor
 up to 16 optional (up to 8 cards) PCI Crypto Accelerator  up to 12 optional (up to 6 cards) CMOS Coprocessor   optional with increment of 0 to 2 Security  Open Architecture Distributed Transaction Enablement AES Encryption support Tamper-proof Cryptographic support (FIPS Level 4 certified) Crypto SSL for Linux

42 Conclusion Cryptography is the mathematics of security, since it is based on mathematical algorithms and includes the functions of encryption, authentication, and integrity. With zSeries coprocessors, special processors are dedicated solely to the functions of key management, data integrity, data confidentiality, and personal identification. This method is more efficient as the remaining processors are no longer required to perform these tasks and can be assigned other work.

43 Conclusion There are two PCIs that can support the Linux on zSeries environment, PCICC and PCICA. PCICC has an operating system and an essentially standard C programming environment for the implementation of new secure functions. Users can create their own unique functions within the secure boundary of the PCICC card and to have these functions accessed via extensions to the Integrated Cryptographic Services Facility (ICSF), which is the z/OS host access method to all zSeries cryptographic hardware. Customer-unique functions are provided by user-defined extensions (UDX). PCICA on the other hand, unlike PCICC, contains no microprocessor subsystem (CPU, memory, and so on). It is especially designed for exploitation by SSL.

44 References z/OS security Redbook: zSeries Cryptography Guide Update

Download ppt "Linux on zSeries Module 6: Cryptography"

Similar presentations

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Key Management Workshop November 1-2, 2001. 3. Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Introduction to Secure Sockets Layer (SSL) Protocol Based on: https://developer.mozilla.org/En/Introduction_to_SSL#The_SSL_Protocol.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.

Web Security : Secure Socket Layer Secure Electronic Transaction.
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Wireless and Mobile Security

Wireless and Mobile Security
© 2005 IBM Corporation TKE – Trusted Key Entry Workstation Vicente Ranieri Junior Senior Consulting IT Specialist IBM Senior Certified Professional zSeries.

© 2005 IBM Corporation TKE – Trusted Key Entry Workstation Vicente Ranieri Junior Senior Consulting IT Specialist IBM Senior Certified Professional zSeries.

Similar presentations

Ads by Google