Certificate - PowerPoint PPT Presentation

1 / 50
About This Presentation
Title:

Certificate

Description:

Thawte is a global CA that has already certified 30% of the world's ... digital notary. Summary of Benefits. Tamperproof notarization of any digital data type ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 51
Provided by: yufei
Category:

less

Transcript and Presenter's Notes

Title: Certificate


1
Certificate
2
Basic Concepts
  • CertificateA document containing a certified
    statement, especially as to the truth of
    something
  • Digital certificateInformation digitally signed
    by trusted certificate authority

3
Public-key Certificate
  • Identify the holder of the private-key
  • A Certificate consists of
  • Subject Identification information
  • Subject public key value
  • Certification authority name
  • Certification authoritys digital signature

4
(No Transcript)
5
Different kinds of certificate
  • Certification authority certificates
  • Server certificate
  • Personal certificate
  • Software certificate

6
Certification path
7
(No Transcript)
8
(No Transcript)
9
Certification Authorizer
  • GlobalSign NV-SA. GlobalSign is the Leading
    European Trusted Network of Certification
    Authorities (CA) that, signs and manages digital
    certificates
  • Thawte Certification offers free personal
    certificates for signing and encrypting e-mail.
    Thawte is a global CA that has already certified
    30 of the worlds Internet e-commerce servers.

10
http//www.thawte.com/getinfo/products/personal/co
ntents.html
11
(No Transcript)
12
http//www.verisign.com/products/class1/index.html
13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
Export your ID
19
Specify Export format
20
Sign your E-mail with attached ID
21
Import your contacts ID
22
View other peoples ID
23
Send a signed and encrypted email
24
Validity Periods and Revocation
  • Any key pair should have a restricted lifetime
  • A certificate may be revoked by certificate
    authority

25
Legal Relationships
  • Legal Relationships betweenCA and its Subscriber
  • Closed community
  • Open community Third party
  • Two controls
  • Subject authentication
  • Private key protection

26
Key-pair Management
  • Key-pair generation
  • Private-key protection
  • Key-pair update
  • Management requirement

27
Certification Authorizer
  • VeriSign
  • Internet Information Server (IIS) and Internet
    Explorer Client certificates for SSL,
  • S/MIME certificates for Outlook Express and
    Outlook 98,
  • SGC certificates for enabling 128-bit encryption
    for banks,
  • Authenticode Certificates and time stamping
    service for Digitally Signing your Active-X
    applications.

28
Key-pair Generation
  • Private key goes to key-pair holder
  • Public key goes to certification authorities
  • Key-pair holder systemPrivate key never leaves
    its native environment
  • Central systemPrivate key is transportedeasy
    backup or archive

29
Private key protection
  • Storage in a temper-resistant hardware module or
    token
  • Storage in an encrypted data file

30
Management requirement for digital signature
  • Private key for digital signature must be stored
    in its life time
  • Private key need not be backed-up or archived
  • Private key need to be destroyed when expired
  • Public key for digital signature need to be
    achieved

31
Management requirement for encryption
  • Private key need to be backed-up or archived
  • Private key should not be destroyed when expired
  • Public key does not need to be backed-up or
    achieved

32
Certificate Issuance
  • Apply for a certificate
  • Certificate generation
  • Subject authentication
  • Personal presence
  • Identification documents
  • Local registration authorities
  • Not issue but approve application
  • Certificate update

33
Certificate Distribution
  • Certificate accompanying signature
  • Distribution via directory serviceX.500
    directory standardsMicrosoft Exchange
    directoryLotus Notes directoryNovells Netware
    Directory Service (NDS)Internet Lightweight
    Directory Access Protocol (LDAP)

34
X.509 Certificate Format
  • X.509 version 1 and 2
  • X.500 namesRelative distinguished name (RDN)
  • Object registrationIdentify an object, e.g. an
    algorithm identifier

35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
X.509 version 3
  • The Need for extension
  • Different purpose certificate
  • Additional subject-identifying information
  • Application-specific name forms
  • Different certificate policies and practice
  • Certificate authorization information

39
(No Transcript)
40
The need for Certificate Revocation
  • Detected or suspected compromise of private key
  • Change of name
  • Change of relationship between subject and CA

41
Certificate Revocation
  • Requesting revocation
  • Certificate revocation list (CRL)identifiedtime-
    stampedsigneddistributed pull or push
  • Immediate revocation
  • Real-time revocation checking

42
Revocation Time-line
43
(No Transcript)
44
Key-pair and certificate validity period
  • Encryption-related key pairs
  • Public key for encryption should be used only
    when certificate is valid
  • Private key for decryption may be used after
    certificate is expired

45
Key-pair and certificate validity period
  • Digital signature key pairs
  • Historical validation for non-repudiation, it is
    necessary to preserve certificate state
    information as it existed at the time of signing
  • Real-time validation for downloading software,
    check if a valid, unrevoked certificate exist
    now

46
Key-pair and certificate validity period
  • Certification authority signature key pairs
  • The certification authority should ensure that
    the validity of its own public key extends over
    the intended validity period of any certificate
    it is signing

47
Problems
  • Private keys are not people
  • Distinguished names are not people
  • There are too many Robert Smiths
  • Todays digital certificates dont tell enough
  • X.509 v3 does not allow selective disclosure

48
Problems
  • Digital certificates allow for easy data
    aggregation
  • How many CAs does society need?
  • How do you loan a key?
  • Are there better suited alternative to public
    key?
  • digital postmark
  • digital notary

49
(No Transcript)
50
Summary of Benefits
  • Tamperproof notarization of any digital data type
  • Simple integration with legacy systems
  • Patented, cryptographically-secure process
  • Advanced system architecture and implementation
    provides security, scalability and fault
    tolerance
  • Very low communications overhead
  • Complete privacy - only a digital fingerprint of
    a file is sent to Surety for notarization
  • Incredible ease-of-use no training required
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Certificate" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!