Presentation is loading. Please wait.

Presentation is loading. Please wait.

魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team.

Published byJulian Dennis Modified over 9 years ago

Similar presentations

Presentation on theme: "魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team."— Presentation transcript:

1 魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team

2 魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case Origin for certificate issue Origin for certificate use 1. Public key pair is generated in the browser.

3 魂▪創▪通魂▪創▪通 3 web client bank.com Wire transfer page for digital signature Wire transfer request Proposed solution Trusted CA List  No trusted CA list – SOP governs Private key belongs to the origin server  Trusted CA list – SOP exception Display any certificate that is issued by trusted CAs Private key belongs to a user The user can prove its ownership by decrypting the encrypted private key

4 魂▪創▪通魂▪創▪通 4 web client Proposed solution Cert NameIssuer cert1bank.com cert2caserver.com Preconditions  Suppose we have javascript API to discover a certificate Certificate [] = getCertificate(String trustedCAList) Certificates belonging to Trusted CA will be returned if trustedCAList provided Certificate belonging to the origin will be return if no trustedCAList provided  The following certificate are issued cert1 = Certificate issued from bank.com cert2 = Certificate issued from caserver.com

5 魂▪創▪通魂▪創▪通 5 web client bank.com 2. Html page for digital signature with no Trusted CA List 1. Wire transfer request Proposed solution  Case 1: No trusted CA list – SOP governs 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with no Trusted CA list getCertificate(); returns cert1(issued from bank.com) according to SOP The user signs the page digitally with cert1 related private key and send it to bank.com

6 魂▪創▪通魂▪創▪通 6 web client bank.com 2. Html page for digital signature with Trusted CA List 1. Wire transfer request Proposed solution  Case 2: Trusted CA list – SOP exception 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with trustedCAList = “caserver.com” getCertificate(); returns cert2(issued from caserver.com) according to SOP exception The user signs the page digitally with cert2 related private key and send it to bank.com

7 魂▪創▪通魂▪創▪通 7 Thank You

Download ppt "魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team."

Similar presentations

INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Introduction of Grid Security

Introduction of Grid Security
Certificate Enrollment Process

Certificate Enrollment Process
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Similar presentations

Ads by Google