Dynamic Symmetric Key Provisioning Protocol (DSKPP) - PowerPoint PPT Presentation

About This Presentation
Title:

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Description:

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague Overview Joint effort from OATH community A protocol to ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 6
Provided by: Mingli7
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Dynamic Symmetric Key Provisioning Protocol (DSKPP)


1
Dynamic Symmetric Key Provisioning Protocol
(DSKPP)
  • Mingliang Pei
  • Salah Machani
  • IETF68 KeyProv WG
  • Prague

2
Overview
  • Joint effort from OATH community
  • A protocol to dynamically issue a symmetric key
    to a device
  • Specify use cases and requirements
  • Explicitly use PSKC as the default key container
  • Support web service
  • Keep it simple and extensible
  • RFC Draft submitted to KeyProv WG
  • http//www.ietf.org/internet-drafts/draft-pei-keyp
    rov-dynamic-symkey-prov-protocol-00.txt

3
Protocol Overview
  • XML message based
  • HTTP / SOAP binding
  • One request and response over a secure channel
  • GetSharedSecret
  • GetSharedSecretResponse
  • Two round trips for a client to use non-secure
    channel
  • Acquire a server nonce
  • GetAuthNonce
  • GetAuthNonceResponse
  • Acquire shared secret
  • GetSharedSecret
  • GetSharedSecretResponse

4
Protocol Feature
  • Client authentication
  • Either a shared secret (called activation code)
    or device certificate
  • Authentication Data HASH (activation code)
  • Acquire a random server nonce to send keyed
    authentication data
  • Authentication Data HMAC(activation code,
    serverNonce)
  • Used over a non-secure channel to achieve data
    confidentiality
  • Server authentication
  • Server certificate or shared secret
  • Client capabilities in request
  • Requested key type
  • Requested algorithm type
  • Crypto-algorithm negotiation (Supported
    encryption algorithm)
  • Response delivery method (HTTP/S or SMS)
  • Device Information
  • Supported logo types
  • Supported delivery user interface attributes
  • Extensible to support future new attributes

5
Protocol Feature
  • Credential container in server response
  • Portable Symmetric Key Container (PSKC) as the
    default
  • Allow others such as PKCS12, PKCS5 XML format
  • Opaque structure is used for other formats
  • Service provider documents its format profile for
    a client to consume
  • Encryption key for credential data
  • Shared secret (activation code derived key) that
    the user has had
  • Server pre-loaded shared secret with a device
    (Smart Card)
  • Public key of device certificate
  • Encryption methods
  • List of PBE
  • List of symmetric key encryption methods (e.g,
    3DES)
  • Asymmetric keys
  • Extensions fields
  • allowing additional parameters needed by future
    key types or organization specific extension
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Dynamic Symmetric Key Provisioning Protocol (DSKPP)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!