digital certificates and information security
DESCRIPTION
Digital certificates ensures secure transactions over internet. This presentation is about information security and secure online transactions through digital certificates. Courtesy: www.ifour-consultancy.comTRANSCRIPT
![Page 1: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/1.jpg)
Digital Certificates
![Page 2: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/2.jpg)
Introduction
What is cryptography?The art of secret writing
• Cryptosystems• keys
![Page 3: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/3.jpg)
Problem
Problem: How does Alice know that the public key she received is really Bob’s public key?
![Page 4: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/4.jpg)
Digital Certificate
• Electronic counterparts to driver licenses, passports• Prove your identity or right to access information or
services online• Bind an identity to a pair of electronic keys• Provide a more complete security solution• Role of Certification Authority (CA)
![Page 5: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/5.jpg)
Digital Certificates• Structure of Digital Certificate– Owner's public key– Owner's name– Expiration date of the public key– Name of the issuer (the CA that issued the Digital
Certificate)– Serial number of the Digital Certificate– Digital signature of the issuer
• Defined by CCITT X.509 international standard
![Page 6: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/6.jpg)
Digital Certificates
• Provide support for public key cryptography (PKC)• Digital certificates contain the public key of the entity• It rely on PKC for their own authentication• Used on handheld devices, mobile phones, on
portable cards, smart cards
![Page 7: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/7.jpg)
public key infrastructure (PKI)A public key infrastructure (PKI) consists of the
components necessary to securely distribute public keys
It consists of:
– Certificates – Certificate authorities (CAs)– A repository for retrieving certificates – A method for revoking certificates– A method of evaluating a chain of certificates
![Page 8: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/8.jpg)
Public Key Infrastructures (PKIs)
• To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)– A PKI automates most aspects of using public key
encryption and authentication– Uses a PKI Server
![Page 9: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/9.jpg)
Public Key Infrastructures (PKIs)
• PKI Server Creates Public Key-Private Key Pairs– Distributes private keys to applicants securely– Often, private keys are embedded in delivered
software
PKIServer
Private Key
![Page 10: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/10.jpg)
Public Key Infrastructures (PKIs)
• PKI Server Provides Certificate Revocation list (CRL) Checks– Distributes digital certificates to verifiers– Checks certificate revocation list before sending
digital certificates
PKIServer
Digital Certificate
![Page 11: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/11.jpg)
Public Key Infrastructures (PKIs)
• CRL Checks– If applicant gives verifier a digital certificate,– The verifier must check the certificate revocation
list
PKIServer
OK?
OK or Revoked
CRL
![Page 12: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/12.jpg)
Generating the digital certificate
![Page 13: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/13.jpg)
Digital Certificate : Example
![Page 14: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/14.jpg)
Use of Digital Certificates
• Electronic transactions– E-mail – Electronic commerce – Groupware – Electronic funds transfers
• Netscape's Enterprise Server
![Page 15: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/15.jpg)
Message Encryption
Message Decryption
Use of Digital Certificates
![Page 16: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/16.jpg)
Need of Digital Certificates
• Proper Privacy and Security• Trust• Special safeguards• Assuring the identity of all parties • To provide legitimate content
![Page 17: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/17.jpg)
Digital Certificate Services
• Services– Issuing – Revocation– Status services
• Types of Digital Certificates – Server – Developer (For softwares)– personal
![Page 18: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/18.jpg)
Digital Signature
• Function as hand written signature electronically
• Non repudiated • Enable "authentication" of digital messages
![Page 19: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/19.jpg)
DC used for Digital signature and Encryption
![Page 20: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/20.jpg)
DC used for Digital signature and Decryption
![Page 21: Digital certificates and information security](https://reader034.vdocuments.site/reader034/viewer/2022042613/54b7ad514a79596e538b4616/html5/thumbnails/21.jpg)
References
• www.ifour-consultancy.com