Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan."— Presentation transcript:

1 Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan

2 Basic Terms Public Key Cryptographic Standards, PKCS A collection of 12 papers PKCS #1 to PKCS #12 developed by RSA Labs and representatives from the academia and industry. PKCS #1RSA Algorithm PKCS #3Diffie-Hellman Algorithm PKCS #7Cryptographic Message Syntax Std PKCS #10Key Certification Request PKCS #11Standard API for developers PKCS #12Certificate Interchange Format PKCS #13Elliptic Curves Algorithm

3 Basic Terms Digital Signatures DSS issued by NIST Message Digest Algorithms Non Reversible (One way function) Examples

4 Digital Certificates Certificates are the framework for identification information, and bind identities with public keys. They provide a foundation for identification, authentication and non-repudiation.

5 Sample View of a Certificate Certificate Types : Private/PersonalServerDeveloper

6

7 X.509 v3 Certificate Format Version Certificate Serial Number Signature Algorithm Identifier Issuer Name Validity Period Subject Name Subject Public Key Information Optional Fields

8 X.509 v3 Extension Fields Associate additional information for subjects, public keys, managing certification hierarchy and certificate revocation lists. Extension type Extension value Criticality indicator

9 X.509 Profiles Tailor the authentication model of X.509 to specific environments based on Risk perception. IETF Public Key Infrastructure (PKIX -1) : Application-independent certificate based key distribution mechanism. SET Standard : Secure messaging for payment-service transactions over open-networks.

10 Certification Authorities Trusted organization that issues certificates and maintains status information about certificates. Certification Practice Statement

11 How Digital Certificates work? Generate Public and Private Keys. Get Certificate from the CA Sign the document/page using the private key. Send signed document over open networks along with the CA’s certificate. Recipient verifies using the signing CA’s public key Trust Chain and Fingerprints

12 Web Server Security Server Authentication using SSL Information to/from the correct Web Site Information in encrypted form Setting up SSL on a Web Site Create a Server Certificate Request Obtain the Server Certificate from a CA/locally Install it on the Web Server Establishing an SSL connection Need root certificate of the issuing CA

13 Client Authentication Anonymous Basic Challenge Response (NT) SSL Client Authentication

14 Application Subject Authentication Certificate Generation Certificate Distribution Certificate Revocation Certification and Registration

15 Subject Authentication Confirm the identity of the subject Based on the class of certificate Local Registration Authority(LRA) model Example : Verisign Onsite

16 Importing a Certificate To send an encrypted message or document to a person who has a certificate. From a Certification AuthorityCertification Authority From a Directory Service (LDAP) From a signed message From a local file (encoded Binary PKCS #7)

17 Certificate Revocation Lists A data structure that has the list of all the serial numbers of the revoked certificates. Standard X.509 CRL format (ISO/ITU) Propagation Polling for CRLs Pushing CRLs Online status checking

18 Formal Specification ( PKCS #7 ) Abstract Syntax Notation (ASN.1) Design tool used for expressing syntax of messages. Widely used to describe protocols interfaces etc. PKCS #7 syntax for SignedData type ASN.1objects are encoded using BER/DER.

19 Key Certification Request PKCS #10 syntax using ASN.1 notation

20 Certificate Management Value and Validity of Certificates will be questioned Cross Certification (Multiple CA’s)

21 Applications of Certificates Sandbox Code Signing Vs Shrink-Wrapped Software Accountability and Authenticity Microsoft Authenticode 1.0 based on X.503 v3 and PKCS #7 Commercial Vs Individual Publishers Object Signing Netscape’s technology Signs any kind of Files

22 Applications (continued) Secure Messaging & S/MIME Web Server Security Microsoft ASP for Access Control

Download ppt "Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan."

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Similar presentations

Ads by Google