digital certificates and information security
DESCRIPTION
Digital certificates ensures secure transactions over internet. This presentation is about information security and secure online transactions through digital certificates. Courtesy: www.ifour-consultancy.comTRANSCRIPT
Digital Certificates
Introduction
What is cryptography?The art of secret writing
• Cryptosystems• keys
Problem
Problem: How does Alice know that the public key she received is really Bob’s public key?
Digital Certificate
• Electronic counterparts to driver licenses, passports• Prove your identity or right to access information or
services online• Bind an identity to a pair of electronic keys• Provide a more complete security solution• Role of Certification Authority (CA)
Digital Certificates• Structure of Digital Certificate– Owner's public key– Owner's name– Expiration date of the public key– Name of the issuer (the CA that issued the Digital
Certificate)– Serial number of the Digital Certificate– Digital signature of the issuer
• Defined by CCITT X.509 international standard
Digital Certificates
• Provide support for public key cryptography (PKC)• Digital certificates contain the public key of the entity• It rely on PKC for their own authentication• Used on handheld devices, mobile phones, on
portable cards, smart cards
public key infrastructure (PKI)A public key infrastructure (PKI) consists of the
components necessary to securely distribute public keys
It consists of:
– Certificates – Certificate authorities (CAs)– A repository for retrieving certificates – A method for revoking certificates– A method of evaluating a chain of certificates
Public Key Infrastructures (PKIs)
• To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)– A PKI automates most aspects of using public key
encryption and authentication– Uses a PKI Server
Public Key Infrastructures (PKIs)
• PKI Server Creates Public Key-Private Key Pairs– Distributes private keys to applicants securely– Often, private keys are embedded in delivered
software
PKIServer
Private Key
Public Key Infrastructures (PKIs)
• PKI Server Provides Certificate Revocation list (CRL) Checks– Distributes digital certificates to verifiers– Checks certificate revocation list before sending
digital certificates
PKIServer
Digital Certificate
Public Key Infrastructures (PKIs)
• CRL Checks– If applicant gives verifier a digital certificate,– The verifier must check the certificate revocation
list
PKIServer
OK?
OK or Revoked
CRL
Generating the digital certificate
Digital Certificate : Example
Use of Digital Certificates
• Electronic transactions– E-mail – Electronic commerce – Groupware – Electronic funds transfers
• Netscape's Enterprise Server
Message Encryption
Message Decryption
Use of Digital Certificates
Need of Digital Certificates
• Proper Privacy and Security• Trust• Special safeguards• Assuring the identity of all parties • To provide legitimate content
Digital Certificate Services
• Services– Issuing – Revocation– Status services
• Types of Digital Certificates – Server – Developer (For softwares)– personal
Digital Signature
• Function as hand written signature electronically
• Non repudiated • Enable "authentication" of digital messages
DC used for Digital signature and Encryption
DC used for Digital signature and Decryption
References
• www.ifour-consultancy.com