• No results found

Digital Certificates

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Digital Certificates"

Copied!
34
0
0

Loading.... (view fulltext now)

Download now ( 34 Page )

Full text

(1)
(2)

What are Digital Certificates?

A digital certificate (DC) is a digital file

that certifies the identity of an individual or institution, or even a router seeking access to computer- based information. It is

issued by a Certification Authority (CA),

and serves the same purpose as a driver’s license or a passport.

(3)

What are Certification

Authorities?

Certification Authorities are the digital world’s

equivalent to passport offices. They issue digital certificates and validate holders’ identity and

authority.

They embed an individual or institution’s public key along with other identifying information into each digital certificate and then

cryptographically sign it as a tamper-proof seal verifying the integrity of the data within it, and validating its use.

(4)

What is the Process of obtaining a

certificate?

1.Subscriber (sender) generates a public\private key pair. Applies to CA for digital certificate with the public key.

2.CA verifies subscriber's identity and issues digital certificate containing the public key.

3.CA publishes certificate to public, on-line repository.

4.Subscriber signs message with private key and sends message to second party.

5.Receiving party verifies digital signature with sender's public key and requests verification of sender's digital certificate from CA's public repository.

(5)

Bob’s public key Bob’s identifying information CA private key K B + certificate for Bob’s public key, signed by CA Digital signature (encrypt) K B + K CA - Bob’s public key Bob’s identifying information CA private key K B + certificate for Bob’s public key, signed by CA Digital signature (encrypt) K B + K CA

What is the Process in obtaining a certificate?

(6)

Types of Digital Certificates

 There are four main types of digital certificates :-

 Server Certificates  Personal Certificates

 Organization Certificates  Developer Certificates

(7)

Server Certificates

 Allows visitors to exchange personal

information such as credit card numbers, free from the threat of interception or

tampering.

 Server Certificates are a must for building and designing e-commerce sites as

confidential information is shared between clients, customers and vendors.

(8)

Personal Certificates

 Personal Certificates allow one to authenticate a visitor’s identity and restrict access to specified content to particular visitors.

Personal Certificates are perfect for business to business communications such as offering

suppliers and partners controlled access to special web sites for updating product

availability, shipping dates and inventory management.

(9)

Organization & Developer

Certificates

 Organization Certificates are used by

corporate entities to identify employees for secure e-mail and web-based transaction.

 Developer Certificates prove authorship and retain integrity of distributed software programs e.g. installing a software on a computer system in most instances

(10)

What Does a Digital Certificate

Contain?

It contains your name, a serial number,

expiration date, a copy of the certificate-holder's public key (used for encrypting

messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital

(11)

Example of a Certificate:

 Serial number (unique to issuer)

 info about certificate owner, including algorithm and key value itself (not shown)  info about

certificate issuer  valid dates  digital signature by issuer

(12)

Why are they Used?

There are four(4) main uses:

1. Proving the Identity of the sender of a transaction

2. Non Repudiation – the owner of the certificate cannot deny partaking in the transaction

3. Encryption and checking the integrity of data - provide the receiver with the means to encode a reply.

4. Single Sign-On - It can be used to validate a user and log them into various computer systems without having to use a different password for each system

(13)

Public & Private Keys

Public and Private Key pairs comprise of two uniquely related cryptographic keys.

Public key is made accessible to everyone,

whereas Private key remains confidential to its respective owner.

Since both keys are mathematically related only the corresponding private key can decrypt their corresponding public key.

(14)

How do You Obtain An Individual’s

Public Key?

 When Alice wants Bob’s public key:

• Alice gets Bob’s certificate (from Bob or elsewhere).

• apply CA’s public key to Bob’s certificate, get Bob’s public key K B + digital signature (decrypt) K B + CA public key K CA Bob’s public key

(15)

Where are Digital Certificates

Used?

In a number of Internet applications that include:

 1.Secure Socket Layer (SSL) developed

by Netscape Communications Corporation

2. Secure Multipurpose Internet Mail

Extensions (S/MIME) Standard for

securing email and electronic data interchange (EDI).

(16)

3. Secure Electronic Transactions (SET) protocol for securing electronic payments

4. Internet Protocol Secure Standard

(IPSec) for authenticating networking

devices

Where are Digital Certificates

Used?

(17)

How Digital Certificates are Used

for Message Encryption

(18)

Why do I need a Digital Certificate?

 Virtual malls, electronic banking and other electronic services are a commonplace

offering service from the luxury of one’s home. One’s concern about privacy and security may prevent you from taking

advantage of the luxury; this is where digital certificate comes in.

(19)

Why do I need a Digital Certificate?

 Encryption alone is not enough as it provides no proof of the identity of the

sender of the encrypted information. Used in conjunction with Encryption, Digital

Certificates provides a more complete security solution, assuring the identity of all the parties involved in a transaction.

(20)

How do I view Digital Certificates

on my PC?

 For MS Explorer Users:-

 Open your MS Internet Explorer  Click on the Tools Menu

 From the drop down list, select Internet

options

 Click the Content tab

(21)

Example of an MS Explorer

Certificate.

(22)

How do I view Digital Certificates

on my PC?

 For Netscape users:-

 Open your Netscape Communicator  Click on the Communicator Menu

 From the drop down list select the Tools and

then Security info

 Click on the Certificates link to view and learn

more about each certificate type stored by Netscape

(23)
(24)

Advantages of Digital Certificates

 Decrease the number of passwords a user has to remember to gain access to

different network domains.

 They create an electronic audit trail that allows companies to track down who

executed a transaction or accessed an area.

(25)

Do Digital Certificates Have

Vulnerabilities?

 One problem with a digital certificate is where it resides once it is obtained.

 The owner's certificate sits on his

computer, and it is the sole responsibility of the owner to protect it.

 If the owner walks away from his

computer, others can gain access to it and use his digital certificate to execute

(26)

 The best way to address the vulnerabilities of digital certificates is by combining them with biometric technology, as that confirms the actual identity of the sender, rather

than the computer.

Do Digital Certificates Have

Vulnerabilities?

(27)

Glossary

PKI – Public Key Infrastructure (PKI) provides a framework for addressing the previously

illustrated fundamentals of security listed above. Encryption- Encryption is converting of data into

seemingly random, incomprehensible data.

Decryption- Decryption is reversing encryption via the use of Public and Private Keys.

(28)

In Conclusion

 Public Key Cryptography is used in message authentication and key

distribution.

 Key management is achieved by Digital Certificates, which are a mechanism that enables distribution of keys to participants exchanging information. They ensure the Confidentiality of these messages and the Authentication of the participants.

(29)

 The strength of Digital Certificates through X.509 lies, inter alia, in the fact that they have been standardized by the ITU-T.

 This makes for security in investment and training, as it is assured Digital Certificates will be maintained in the future.

(30)

Bibliography

e-Business & e-Commerce: How to Program,

1/e, by H.M. Deitel, P.J. Deitel and T.R, Nieto, Prentice Hall, 2000

Cryptography and Network Security, 2/e, by

William Stallings, Prentice Hall, 2000

Electronic Commerce: A Managerial

Perspective, 1/e, by Efraim Turban, Jae Lee, David King and H.Michael Chung, Prentice Hall, 2000

(31)

http://gsa.gov/ACES

http://ec.fed.gov

http://smartcard.gov

E-commerce, business. technology. society. Second Edition

By: Kenneth C. Laudon, Carol Guercio Traver

Digital Certificates/Signatures in Electronic Commerce

By: Norman G. Litell ; Visa U.S.A. Risk Management

(32)

 Digital Certificates by: Ann Harrison

(Computorworld v34 no33 p58 Ag 14 2000)

 Certificate authorities move in-house: Group Telecom and PSINet track users with digital certificates by: Hanna Hurlrey

(Telephony v237 no11 p80 S 13 1999)

(33)

 DIGITAL CERTIFICATES: On good authority by: Deryck Williams

(CA Magazine v132 no9 p43-4 N 1999)

 Are digital certificates secure? by: Benjamin Hammel

(Communications News 37 no12 D 2000)

(34)

 PUBLIC KEY CRYPTOGRAPHY:DIGITAL

CERTIFICATES: Study on Attribute Certificates by:Mwelwa Chibesakunda

(Computer Science Department University of Cape Town May 2002)

References

Download now ( PDF - 34 Page - 8.10 MB )

Related documents

2003 Enterprise Backup/Restore Magic Quadrant

With the 10.5 version, targeted for a May 2003 release, the backup product will contain BrightStor Portal technology, providing an enterprisewide monitoring and reporting platform

SSL.com Certification Practice Statement

SSL.com performs functions associated with public key operations which include receiving application requests for, issuing, revoking and renewing digital certificates and

Topics in discrete random structures

I First-passage percolation on Cartesian power graphs 43 II Segregating Markov chains 83 III Most edge-orders of K n have maximal altitude 113 IV A linear threshold for uniqueness

Taper model for Eucalyptus nitens, in volcanic ash soils of the region of The Araucanía (Chile)

Un modelo de ahusamiento debiera tener los atributos siguientes: i) ser diferenciable en toda la longitud del fuste, ii) no generar oscilaciones alrededor de la

Prioritizing Wetland and Stream Restoration and Protection Using Landscape Analysis Tools

The programs examined for our handbook also highlight the wide variety of ways in which landscape prioritization tools benefit wetland restoration and protection,

The re-emerging peasantry in Russia.'Peasants-against-their-own will', 'Summertime peasants'and 'Peasant-farmers'

This paper aims at conceptualising the re-emerging Russian peasantry by looking at objective characteristics (land use, production mode, and market relations) and subjective

Generic Medications and Blood Pressure Control in Diabetic Hypertensive Subjects

RESEARCH DESIGN AND METHODS d In a cross-sectional study we used logistic regression models to investigate the temporal relationship between access to generic antihyper-

Monetary policy analysis in a small open economy using Bayesian cointegrated structural VARs

Forecasts conditional on di ff erent paths for the Swedish interest rate in the two quarters 1999:4 and 2000:1 generated exclusively by monetary policy shocksP. Posterior probability