Скачать презентацию Digital Certificates Presented by Sunit Chauhan Copyright 1996 Скачать презентацию Digital Certificates Presented by Sunit Chauhan Copyright 1996

7a66b36cfa2cfc8685c8bfe3e00178a1.ppt

  • Количество слайдов: 22

Digital Certificates Presented by Sunit Chauhan Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan Copyright, 1996 © Dale Carnegie & Associates, Inc.

Basic Terms • Public Key Cryptographic Standards, PKCS A collection of 12 papers PKCS Basic Terms • Public Key Cryptographic Standards, PKCS A collection of 12 papers PKCS #1 to PKCS #12 developed by RSA Labs and representatives from the academia and industry. PKCS #1 RSA Algorithm PKCS #3 Diffie-Hellman Algorithm PKCS #7 Cryptographic Message Syntax Std PKCS #10 Key Certification Request PKCS #11 Standard API for developers PKCS #12 Certificate Interchange Format PKCS #13 Elliptic Curves Algorithm

Basic Terms • Digital Signatures • DSS issued by NIST • Message Digest Algorithms Basic Terms • Digital Signatures • DSS issued by NIST • Message Digest Algorithms • Non Reversible (One way function) • Examples

Digital Certificates are the framework for identification information, and bind identities with public keys. Digital Certificates are the framework for identification information, and bind identities with public keys. They provide a foundation for • identification , • authentication and • non-repudiation.

Sample View of a Certificate Types : • Private/Personal Server Developer Sample View of a Certificate Types : • Private/Personal Server Developer

X. 509 v 3 Certificate Format • • Version Certificate Serial Number Signature Algorithm X. 509 v 3 Certificate Format • • Version Certificate Serial Number Signature Algorithm Identifier Issuer Name Validity Period Subject Name Subject Public Key Information Optional Fields

X. 509 v 3 Extension Fields • Associate additional information for subjects , public X. 509 v 3 Extension Fields • Associate additional information for subjects , public keys , managing certification hierarchy and certificate revocation lists. • Extension type • Extension value • Criticality indicator

X. 509 Profiles Tailor the authentication model of X. 509 to specific environments based X. 509 Profiles Tailor the authentication model of X. 509 to specific environments based on Risk perception. • IETF Public Key Infrastructure (PKIX -1) : Application-independent certificate based key distribution mechanism. • SET Standard : Secure messaging for payment-service transactions over open-networks.

Certification Authorities • Trusted organization that issues certificates and maintains status information about certificates. Certification Authorities • Trusted organization that issues certificates and maintains status information about certificates. • Certification Practice Statement

How Digital Certificates work? • Generate Public and Private Keys. • Get Certificate from How Digital Certificates work? • Generate Public and Private Keys. • Get Certificate from the CA • Sign the document/page using the private key. • Send signed document over open networks along with the CA’s certificate. • Recipient verifies using the signing CA’s public key • Trust Chain and Fingerprints

Web Server Security • Server Authentication using SSL • Information to/from the correct Web Web Server Security • Server Authentication using SSL • Information to/from the correct Web Site • Information in encrypted form • Setting up SSL on a Web Site • Create a Server Certificate Request • Obtain the Server Certificate from a CA/locally • Install it on the Web Server • Establishing an SSL connection • Need root certificate of the issuing CA

Client Authentication • Anonymous • Basic • Challenge Response (NT) • SSL Client Authentication Client Authentication • Anonymous • Basic • Challenge Response (NT) • SSL Client Authentication

Certification and Registration • Application • Subject Authentication • Certificate Generation • Certificate Distribution Certification and Registration • Application • Subject Authentication • Certificate Generation • Certificate Distribution • Certificate Revocation

Subject Authentication • Confirm the identity of the subject • Based on the class Subject Authentication • Confirm the identity of the subject • Based on the class of certificate • Local Registration Authority(LRA) model • Example : Verisign Onsite

Importing a Certificate To send an encrypted message or document to a person who Importing a Certificate To send an encrypted message or document to a person who has a certificate. • • From a Certification Authority From a Directory Service (LDAP) From a signed message From a local file (encoded Binary PKCS #7)

Certificate Revocation Lists • A data structure that has the list of all the Certificate Revocation Lists • A data structure that has the list of all the serial numbers of the revoked certificates. • Standard X. 509 CRL format (ISO/ITU) • Propagation • Polling for CRLs • Pushing CRLs • Online status checking

Formal Specification (PKCS #7) • Abstract Syntax Notation (ASN. 1) Design tool used for Formal Specification (PKCS #7) • Abstract Syntax Notation (ASN. 1) Design tool used for expressing syntax of messages. Widely used to describe protocols interfaces etc. PKCS #7 syntax for Signed. Data type • ASN. 1 objects are encoded using BER/DER.

Key Certification Request PKCS #10 syntax using ASN. 1 notation Key Certification Request PKCS #10 syntax using ASN. 1 notation

Certificate Management Value and Validity of Certificates will be questioned • Cross Certification (Multiple Certificate Management Value and Validity of Certificates will be questioned • Cross Certification (Multiple CA’s)

Applications of Certificates • Sandbox • Code Signing Vs Shrink-Wrapped Software • Accountability and Applications of Certificates • Sandbox • Code Signing Vs Shrink-Wrapped Software • Accountability and Authenticity • Microsoft Authenticode 1. 0 • based on X. 503 v 3 and PKCS #7 • Commercial Vs Individual Publishers • Object Signing • Netscape’s technology • Signs any kind of Files

Applications (continued) • Secure Messaging & S/MIME • Web Server Security • Microsoft ASP Applications (continued) • Secure Messaging & S/MIME • Web Server Security • Microsoft ASP for Access Control