Smart Card and Strong Cryptography for instant securityPresentation Transcript
OKsystem – brief introductionMotto: software with a greater intelligence Since 1990, 4 co-owners 200+ employees Headquarters in Prague, offices in Brno, NYC 25+ mil. USD annualy Top 100 Czech, Stability Award AAA
OKsystem in Prague
Security from one sourceWe have all components for instant strong cryptography and smart carddeployment from one source:• BABEL – mobile application for transparent encryption of text messages• OKsmart – software for easy and transparent smart card usage – Smart card applets – Smart card middleware – Personal web based Card Manager• OKbase - enterprise java system with plug-in management modules: – Card management system – Key management system – Certificate management• Software development – from mobile to enterprise systems with strong security concept based on integration of strong cryptography to applications• Smart cards – contact, contactless, combined (hybrid or dual chip)
BABEL – its new and uniqueBabel is an iPhone messaging app which allowsyou to use your cell phone to exchangeencrypted text messages and iMessages.
Cryptography makes difference
How it worksBABEL uses proven and standard algorithms for strongcryptography - AES for message encryption and Diffie-Hellman for cryptographic keys agreement.Messages are encrypted not only during transmission butalso in the phone memory. All communication, includingkey agreement, can be intercepted without any fear orrisk of potential decryption.Users do not have to remember any new passwords orkeys, or buy and use digital certificates. Application issimple, intuitive and uses a standard iOS service forContacts and Messages.Android version is being finalized.
Strong cryptographyStrong cryptography exploits encryption algorithms that are highly resistantto cryptoanalysis and systematic attacks in theory and practice. Well knownand widely used algorithms (RSA, ECC, AES…) are public and proven for years,and do not contains any hidden secret or backdoors.• All secrets are concentrated in secret/private keys.• Without key nobody (younger sister, NSA, Mossad, FSB, …) will decrypt cyphertextEvery secret forms a weak point, because there is always the risk of beingcompromised or lost. Cryptography keys are fundamental and irremovableweak point of strong cryptography and thus require very special handling.Keys must be securely generated, stored and used – smart cards should beused here - your smartphone is not a security device!Keys must be securely archived in appropriate Key Management System -there is no other recovery when secret key is corrupt or lost!
Smart cardsSmart card is cheap and secure crypto-computer in your pocket.Smart chip is designed and certified for high security and resistantagainst many types of attack. Smart chip can be embedded in variousform factors -credit card size, SIM card size, USB dongle. Smart cardcan communicate optionally with contact or contactlessreader, including NFC.It can deliver security services to master system: True Random Number Generator for Key generation Cryptography with secret key –3DES, AES Asymmetric (public) key cryptography File system with access control PIN and admin key authenticationSmart card services are provided by downloadable applets.
Smart card security FrameworkSmart card is access token to information and communicationsystem. Smart card can easily bring high security to everyday ITtasks. Logical access and authentication • 802.1x LAN port authentication • 802.1x wifi authentication • Smart card logon • Terminal server authentication • Web SSL/TLS client authentication • Legacy password based authentication (smart card & PIN) Encryption for privacy • S/Mime e-mail encryption • File/folder encryption • Disk encryption Digital signature and integrity check • S/Mime e-mail signature • MS Office suite • Adobe Acrobat/Reader
Complete Smart Card Solution
OKsmartSmart card middlewareMiddleware is system software, that allows host OSand applications to communicate with cards anduse card services.OKsmart middleware connects smart cardspowered by OKsmart applets to most popular OS-MS Windows and MAC OS-X.Operating system and applications together withOKsmart seamlessly uses smart card for securecryptographic operations – authentication,encryption and digital signature.
OKbase card Management SystemOKbase CMS is software for complete smart card life cyclemanagement. Card deployment for company or its customersnever has been so easy and affordable. Personalization profilesand ready-made scripts manage all complex tasks for operator.OKbase CMS performs all card issuance services: Applet loading (= on card software installation) Card personalization • Card body print • Contact chip • Contactless chipOKbase CMS provides daily card life cycle support: Card activation, deactivation, reactivation, revocation, termination PIN management
OKbase Key Management SystemOKbase KMS is software for cryptographic key generation andlife cycle management. KMS is essential when any encryptiontake place with or without smart cards.Basic OKbase KMS functions include: Cryptography grade random key generation Secure key archiving for generated or imported keys Key restore when two or more security officers puts together restore key Key activation, deactivation, destruction OKbaseKMS exploits secure HSM or smart card for key encryption. Encrypted keys are securely stored in SQL database.
OKbase Certificate ManagementDigital certificates are core components of PKI systems. Acertificate provides your digital identity to digital documentsand electronic services on the Internet. Companies shouldmanage certificates for their employees.OKbase Certificate Management takes care forcomplete certificate life cycle, namely: Certificate requests Certificate enrolment Certificate revocation Certificate archiving
Use software with strong cryptography.Be secure. Remain private. Keep them confused. Ivo Rosol Software Development Director www.oksystem.com