Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Published byMatthew Matthews Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston."— Presentation transcript:

1 Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

2 Ideally, individuals would each like a single digital credential that can be securely used to authenticate his or her identity anytime authentication of identity is required to secure any transaction.

3 How do you prove you are who you say you are? How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong? If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you? It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication. Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace. Identity and Authentication by Simon Rogerson

4 UTHSC-H Strategic Authentication Goals Two authentication mechanisms. –Single university ID (UID) and password –Public Key Digital ID on Token (two-factor authentication) Digital Signatures –Authenticates senders –Guarantees messages are unaltered, i.e. message integrity –Provides for non-repudiation –Legal signature Encryption of email and other documents Highly Secure Access Control Potential for inherent global trust

5 Plug n Play Authentication Programmatic Signed and Encrypted mail Plug n Play authentication with JSP

6 Mass Mailing of Signed & Encrypted E-mail Automated Mailer Mailing List jdoe@uth.tmc.edu jsmith@bcm.edu gmarks@mhhs.org jdoe@uth.tmc.edu Signed & Encrypted LDAP Directory Service Request Recipient's Digital Cert. User Specific Messages jsmith@bcm.edu gmarks@mhhs.org

7 Plug n Play Authentication Application or Page level authX Authentication Method (optional) –Password (default) –Certificate Authorization Group (optional) –LDAP Group (with distributed group administration)

8 Plug n Play Authentication Client requests a resource (URL) –Resource redirects to AuthX.jsp in cert. protected directory Web Server – requests client certificate –Validates client certificate –Parses email address from certificate and looks up the user in the directory –Compares the client certificate to the ‘userCertificate’ stored in the directory based on the email address –Sets ‘Remote User’ to the ‘UID’ value from the directory –Allows client to access AuthX.jsp AuthX.jsp –Retrieves the ‘Remote User’ variable and assumes successful authentication –Verifies that the user is in the authorization group if specified –Redirects back to the originally requested resource

9 Client Browser Web Server Certificate Protected directory HTTP Request Directory Resource (UserAdmin.jsp) Request User Certificate AuthX.jsp Certificate Validation Plug n Play Authentication

Download ppt "Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.

CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.

Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Similar presentations

Ads by Google