Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificate and Key Storage Tokens and Software

Published byLily Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Certificate and Key Storage Tokens and Software"— Presentation transcript:

1 Certificate and Key Storage Tokens and Software
Mark Swyers VeriSign, Inc.

2 Key Storage Considerations
Many different ways to store a certificate and private key Application will usually dicatate the appropriate method Concerns include: Security Portability Functionality Usability Managability Expense

3 Software-Based Certificates
Several different software stores Microsoft CAPI Netscape certificate database Macintosh keyring Java keystores Vendor specific VeriSign Personal Trust Agent Pros Browser based, so easy to use Inexpensive no new infrastructure easy distribution Cons Locks user to desktop Desktop management Cannot control password use

4 PKI Tokens Generally provide greater security than software certificates Can require PINs or passwords, even biometric authenication Keys usually cannot be exported Tokens can be locked in a safe when not in use FIPS (Federal Information Protection Standard) 140 rated Provide better portability than software certificates Can be used on multiple machines while maintaining only one copy of the private key Have the capcaity to hold multiple keys and certificates Challenges Typically require installation of drivers May require a separate reader End user acceptance Token lifecycle management: distribution, forgotten/lost/broken tokens Cost

5 Smart Cards Can support multiple forms of access Can double as ID card
Physical access to building Logical access to workstation Can double as ID card Can print photo and other info Can support a magnetic stripe Requires a reader Contact or contactless (proximity) Examples FIPS 201 standard for HSPD-12 DoD Common Access Card DOI Employee ID Cards University ID cards

6 USB Tokens Many form factors Easily portable
PKI only PKI with One-Time Password PKI with OTP and storage Easily portable Ensures tokens travel with user (i.e. when attached to car keys) Most computers have USB ports Better for consumers and when you don’t have control over the user environment

7 VeriSign Approach – Flexible Authentication Platform
PKI-USB Token Cost-Effective OTP Multi-Function Token (OTP & USB Smart Card) Smart Card For Physical & Network Access VeriSign Unified Authentication Multi-Function Token with Secure Storage VeriSign has a unique approach to this problem, by bringing out an authentication platform based on open standards that allows the flexibility to use many different types of devices at a fraction of the cost with the ability to add as new Oath compatible solutions become available. So let’s look at the solution in more detail: Mobile Devices Soft Certificate And Soft OTP Many Credential Types – One Integrated Platform – One Strategic Vendor

Download ppt "Certificate and Key Storage Tokens and Software"

Similar presentations

Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
McAfee One Time Password

McAfee One Time Password
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
eToken PKI Client Overview

eToken PKI Client Overview
11th September 2008 Stockholm Sweden Simon Josefsson Head of R&D

11th September 2008 Stockholm Sweden Simon Josefsson Head of R&D
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Similar presentations

Ads by Google