Digital Identification and Verification - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Digital Identification and Verification

Description:

Netscape Navigator and Internet Explorer already. support X 509 certificates. ... Plugins are available for Netscape Communicator, Microsoft Outlook, Internet ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 14
Provided by: ftpCc
Category:

less

Transcript and Presenter's Notes

Title: Digital Identification and Verification


1
Digital Identificationand Verification
2
Outline
  • Crypto Basics
  • Digital Certificates
  • Online Certificate Status Protocol (OCSP)
  • Practical Applications

3
Crypto Basics (1)
  • Cryptography
  • The study or the application of the techniques
    of secret writing, especially code and cipher
    systems.
  • Key Concepts
  • Encryption/Decryption
  • Signing/Verifying

4
Crypto Basics (2)
  • Two Types
  • Symmetric Key Algorithms (DES)
  • One Key shared by both parties which is used for
    both encryption and decryption.
  • Public Key Algorithms (RSA, SHA-1, MD5)
  • Four keys, two sets of public/private key pairs.

5
Crypto Basics (3)
Public/Private Key Pairs Each party has a public
and private key. The keys have some complicated
mathematical properties where what one key
encrypts, only the other can decrypt. One key is
chosen as the private key and is securely stored,
the other key is given to the public.
6
Crypto Basics (4)
  • Digital Signature Requirements
  • The receiver can verify the identity of the
    sender.
  • The sender cannot repudiate the message.
  • The receiver cannot create the message.
  • Use private key to sign and public key to verify.
  • This is the core of E-commerce!

7
Digital Certificates
  • X 509 Certificates (RFC 2459)
  • Bind an Identity to an public/private key pair.
  • Issued by a trusted third party.
  • Signed by Issuers key pair.
  • Contain the public key of the subjects key pair.
  • Contain validity period and Serial Number.
  • Contain Status Good or Revoked

8
Online Certificate Status Protocol
  • Defined in RFC 2560, June 1999
  • Used to get up to date status
  • Returns Good, Revoked or Unknown
  • Can run over HTTP, SMTP and Other Protocols

9
OCSP Request
  • Contains
  • Protocol Version
  • Service Request
  • Certificate Identifier
  • Optional Extensions

10
OCSP Response
  • Signed by OCSP Responder
  • Returns definitive certificate status response
  • Timestamp

11
Sample Applications (1)
  • SSL
  • Netscape Navigator and Internet Explorer already
  • support X 509 certificates.
  • The browsers can be configured to use the
  • Secure Socket Layer protocol to encrypt data sent
  • to and from web servers.

12
Sample Applications (2)
Securing Email Netscape Messenger and Microsoft
Outlook already support X 509 certificates
also. These email clients can be used to encrypt
and sign email messages. Plugins are available
for Netscape Communicator, Microsoft Outlook,
Internet Explorer, Internet Information Server
and the Apache web Server to handle OCSP.
13
Additional Resources
  • www.rsa.com for all your encryption needs
  • ietf.org for standards
Write a Comment
User Comments (0)
About PowerShow.com