SlideShare a Scribd company logo

De mystifying pki

Download as PPTX, PDF
Parthasarathy P ACA, CISA, CGEIT, CRISC
Parthasarathy P ACA, CISA, CGEIT, CRISC

Objective of this presentation is to over simplify the PKI infrastructure.

Technology
1 of 6
DE-MYSTIFYING PKI Parthasarathy
WHAT IS PUBLIC KEY INFRASTRUCTURE (PKI)?  Symmetric Encryption: In this encryption methodology a file is encrypted with a password [ for example ‘yyyy’ ] and decrypted with the same password.  Asymmetric Encryption: In this encryption methodology a file is encrypted with a password [for example ‘yyyy’ and can be called as Private Key ] and it is decrypted with the another password [that could be “zzzz” and can be called as Public Key ]. These two numbers are derived on a mathematical algorithm where nobody can find “yyyy’ from “zzzz” or vice versa.  Private Key is required to be kept confidential by the owner and the public key could be left in the public domain. Assuming Mr. A wants to send a document to Mr. B, Mr. A can encrypt the document using his private key and Mr. B can decrypt the same using the public key by which the recipient Mr. B is assured that the document has come from only Mr. A. Pair of private key and public key is called the Public Key infrastructure
COMPONENTS OF PKI  PKI infrastructure: PKI infrastructure will have the capability to receive any public key [ private key will be in the token or mobile ] and sign the same with the Private key of the root stored in the HSM  PKI USB Token [ interface for signing ]: This component will give the facility to enroll the user into the system by creating the public and private key in the USB device / Mobile phone and send the public key alone for certification to the PKI infrastructure. Enrollment of the user will happen through the mobile pki client software and the data will be passed along with pubic key of the user to the PKI core engine. After verification of the KYC details of the user, the administrator will approve in open trust pki core engine, which will result in the public key of the user sent to HSM for encryption using the private key of the certificate issuing authority.  Mobile PKI : msign will generate the public/ private key pair. Store the private key in the device using proprietary encryption key. Send the public key back to the PKI infrastructure for issuing digital certificate.  Digital certificate of the user will comprise of the public key of the user plus the digital string which is the outcome of encryption of the public key of the user with the private key of the certificate issuing authority.
ENDORSEMENT BY CERTIFYING AUTHORITY  Customers are expected to generate the private key and public key on PKCS#11 enabled USB Token after protecting the token access by password.  Private Key never comes out the token. Submit the public key to Certificate Issuing Authority along with the KYC information.  After verification of the KYC, the certifying authority will encrypt the public key of the Customer and issue a digital certificate.  This digital certificate is an endorsement for the identity of the Customer when he interacts with third party vendors/ Banks on the internet.  Electronic Signatures will be created for all transactions using the private key of customer and with electronic signature bank can establish Non-repudiation in the court of law.
RISK IN PKI  Certifying authority’s Private Keys is one point of failure.  In case if the private key of the Certifying Authority is compromised, the intruder can create a certificate pair and get the same endorsed in the name of any customer.  For example xyz Certifying authority’s private key gets compromised.  Intruder identifies that Mr. A holds the digital signature of xyz Ltd  Intruder creates another pair of private / Public Key and puts the signature for the new certificate pair as Mr. A using the private Key of XYZ Ltd.  However the intruder cannot open any file that has been encrypted by the public key of Mr A. The only thing that the intruder can do is to do Identity Theft of all the customer of XYZ Ltd.
HARDWARE VERSUS MOBILE PKI Capabilities PKI Hardware Token Mobile PKI On-board Asymmetric Key-Pair generation √ √ On-board only - Private key access control √ √ PIN protected √ √ Brute force PIN attack resilient √ √ Clone, Tamper resistant √ √ On-board Digital Signing & Encryption √ √ X.509 v3 certificate storage √ √ PKCS #11, Microsoft CryptoAPI (CAPI) 2.0 √ - PKCS#1 Compliant Encryption and Signing √ √ Driver& Browser Independent √ Untethered, Mobile √ MITB, MITM Immune √ COMPLIANCE AND STANDARDS Hardware PKI Mobile PKI FIPS 140-2, RoHS, PC/SC compliant, CE & FCC Conformity certified On board 1024-bit key pair, PKCS#1 PKCS #11 v2.20 or above, Microsoft CryptoAPI (CAPI) 2.0, PC/SC OATH compliance 192-bit Triple DES

Recommended

Non-fungible tokens. From smart contract code to marketplace
Non-fungible tokens. From smart contract code to marketplaceNon-fungible tokens. From smart contract code to marketplace
Non-fungible tokens. From smart contract code to marketplaceGene Leybzon
 
Hire blockchain developers from employcoder
Hire blockchain developers from employcoderHire blockchain developers from employcoder
Hire blockchain developers from employcoderEmploycoder
 
Instantly tradeable NFT contracts based on ERC-1155 standard
Instantly tradeable NFT contracts based on ERC-1155 standardInstantly tradeable NFT contracts based on ERC-1155 standard
Instantly tradeable NFT contracts based on ERC-1155 standardGene Leybzon
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmgauravv7536
 
Digital signature
Digital signatureDigital signature
Digital signaturedhivyakesavan3
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 

Recommended

Non-fungible tokens. From smart contract code to marketplace
Non-fungible tokens. From smart contract code to marketplaceNon-fungible tokens. From smart contract code to marketplace
Non-fungible tokens. From smart contract code to marketplaceGene Leybzon
 
Hire blockchain developers from employcoder
Hire blockchain developers from employcoderHire blockchain developers from employcoder
Hire blockchain developers from employcoderEmploycoder
 
Instantly tradeable NFT contracts based on ERC-1155 standard
Instantly tradeable NFT contracts based on ERC-1155 standardInstantly tradeable NFT contracts based on ERC-1155 standard
Instantly tradeable NFT contracts based on ERC-1155 standardGene Leybzon
 
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmgauravv7536
 
Digital signature
Digital signatureDigital signature
Digital signaturedhivyakesavan3
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 
Singapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet NetworkSingapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet NetworkSeokgu Yun
 
Jdbc 7
Jdbc 7Jdbc 7
Jdbc 7Tuan Ngo
 
1
11
1OliviaJune1
 
Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?Brugusoftwaresolutions
 
Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018Hu Kenneth
 
Digital signature and digital identity
Digital signature and digital identityDigital signature and digital identity
Digital signature and digital identityEmanuele Cisbani
 
Nf ts & crypto art
Nf ts & crypto artNf ts & crypto art
Nf ts & crypto artzaarahary
 
List of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever SoldList of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever Sold101 Blockchains
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesNarudom Roongsiriwong, CISSP
 
Cryptointro
CryptointroCryptointro
Cryptointrolosalamos
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04Howard Hellman
 
What is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.ioWhat is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.ioRIl COIN
 
ViaSip beta
ViaSip betaViaSip beta
ViaSip betaEd Pimentel
 
Blockchain Hyperledger Development
Blockchain Hyperledger DevelopmentBlockchain Hyperledger Development
Blockchain Hyperledger DevelopmentPulsehyip
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Discover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchangeDiscover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchangeVignesh Dhanasekarane
 
Unwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemUnwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemEd Pimentel
 
Top defi tokens
Top defi tokensTop defi tokens
Top defi tokensancyfrank
 
How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?zaarahary
 
CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012Ulf Mattsson
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Key2 share moosecon
Key2 share mooseconKey2 share moosecon
Key2 share mooseconHeinrich Seeger
 

More Related Content

What's hot

Singapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet NetworkSingapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet NetworkSeokgu Yun
 
Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?Brugusoftwaresolutions
 
Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018Hu Kenneth
 
Digital signature and digital identity
Digital signature and digital identityDigital signature and digital identity
Digital signature and digital identityEmanuele Cisbani
 
Nf ts & crypto art
Nf ts & crypto artNf ts & crypto art
Nf ts & crypto artzaarahary
 
List of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever SoldList of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever Sold101 Blockchains
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04Howard Hellman
 
What is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.ioWhat is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.ioRIl COIN
 
Blockchain Hyperledger Development
Blockchain Hyperledger DevelopmentBlockchain Hyperledger Development
Blockchain Hyperledger DevelopmentPulsehyip
 
Discover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchangeDiscover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchangeVignesh Dhanasekarane
 
Unwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemUnwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemEd Pimentel
 
Top defi tokens
Top defi tokensTop defi tokens
Top defi tokensancyfrank
 
How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?zaarahary
 
CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012Ulf Mattsson
 

What's hot (20)

Singapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet NetworkSingapore Korea IT Symposium 2018 - SovereignWallet Network
Singapore Korea IT Symposium 2018 - SovereignWallet Network
 
Jdbc 7
Jdbc 7Jdbc 7
Jdbc 7
 
1
11
1
 
Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?Why are so many business owners eager to create their own NFT tokens?
Why are so many business owners eager to create their own NFT tokens?
 
Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018Ethereum for developer 16th Nov 2018
Ethereum for developer 16th Nov 2018
 
Digital signature and digital identity
Digital signature and digital identityDigital signature and digital identity
Digital signature and digital identity
 
Nf ts & crypto art
Nf ts & crypto artNf ts & crypto art
Nf ts & crypto art
 
List of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever SoldList of 10 Most Expensive NFTs Ever Sold
List of 10 Most Expensive NFTs Ever Sold
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
 
What is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.ioWhat is Rilcoin | Presentation | Rilcoin.io
What is Rilcoin | Presentation | Rilcoin.io
 
ViaSip beta
ViaSip betaViaSip beta
ViaSip beta
 
Blockchain Hyperledger Development
Blockchain Hyperledger DevelopmentBlockchain Hyperledger Development
Blockchain Hyperledger Development
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Discover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchangeDiscover every facet of a white label cryptocurrency exchange
Discover every facet of a white label cryptocurrency exchange
 
Unwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemUnwired Ground-Cloud Ecosystem
Unwired Ground-Cloud Ecosystem
 
Top defi tokens
Top defi tokensTop defi tokens
Top defi tokens
 
How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?How Security Tokens Can Be Created In Blockchain ?
How Security Tokens Can Be Created In Blockchain ?
 
CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012CSO Security Standard Conference NYC 2012
CSO Security Standard Conference NYC 2012
 

Similar to De mystifying pki

Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
An Overview of Identity Based Encryption
An Overview of Identity Based EncryptionAn Overview of Identity Based Encryption
An Overview of Identity Based EncryptionVertoda System
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
SOFTWARE DEFINED PERIMETER BETTER THAN VPN
SOFTWARE DEFINED PERIMETER BETTER THAN VPN SOFTWARE DEFINED PERIMETER BETTER THAN VPN
SOFTWARE DEFINED PERIMETER BETTER THAN VPN EbenezerKotapuriFIEI
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 

Similar to De mystifying pki (20)

Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
Key2 share moosecon
Key2 share mooseconKey2 share moosecon
Key2 share moosecon
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
An Overview of Identity Based Encryption
An Overview of Identity Based EncryptionAn Overview of Identity Based Encryption
An Overview of Identity Based Encryption
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMs
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS III
 
Ppt
PptPpt
Ppt
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
SOFTWARE DEFINED PERIMETER BETTER THAN VPN
SOFTWARE DEFINED PERIMETER BETTER THAN VPN SOFTWARE DEFINED PERIMETER BETTER THAN VPN
SOFTWARE DEFINED PERIMETER BETTER THAN VPN
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

De mystifying pki

  • 2. WHAT IS PUBLIC KEY INFRASTRUCTURE (PKI)?  Symmetric Encryption: In this encryption methodology a file is encrypted with a password [ for example ‘yyyy’ ] and decrypted with the same password.  Asymmetric Encryption: In this encryption methodology a file is encrypted with a password [for example ‘yyyy’ and can be called as Private Key ] and it is decrypted with the another password [that could be “zzzz” and can be called as Public Key ]. These two numbers are derived on a mathematical algorithm where nobody can find “yyyy’ from “zzzz” or vice versa.  Private Key is required to be kept confidential by the owner and the public key could be left in the public domain. Assuming Mr. A wants to send a document to Mr. B, Mr. A can encrypt the document using his private key and Mr. B can decrypt the same using the public key by which the recipient Mr. B is assured that the document has come from only Mr. A. Pair of private key and public key is called the Public Key infrastructure
  • 3. COMPONENTS OF PKI  PKI infrastructure: PKI infrastructure will have the capability to receive any public key [ private key will be in the token or mobile ] and sign the same with the Private key of the root stored in the HSM  PKI USB Token [ interface for signing ]: This component will give the facility to enroll the user into the system by creating the public and private key in the USB device / Mobile phone and send the public key alone for certification to the PKI infrastructure. Enrollment of the user will happen through the mobile pki client software and the data will be passed along with pubic key of the user to the PKI core engine. After verification of the KYC details of the user, the administrator will approve in open trust pki core engine, which will result in the public key of the user sent to HSM for encryption using the private key of the certificate issuing authority.  Mobile PKI : msign will generate the public/ private key pair. Store the private key in the device using proprietary encryption key. Send the public key back to the PKI infrastructure for issuing digital certificate.  Digital certificate of the user will comprise of the public key of the user plus the digital string which is the outcome of encryption of the public key of the user with the private key of the certificate issuing authority.
  • 4. ENDORSEMENT BY CERTIFYING AUTHORITY  Customers are expected to generate the private key and public key on PKCS#11 enabled USB Token after protecting the token access by password.  Private Key never comes out the token. Submit the public key to Certificate Issuing Authority along with the KYC information.  After verification of the KYC, the certifying authority will encrypt the public key of the Customer and issue a digital certificate.  This digital certificate is an endorsement for the identity of the Customer when he interacts with third party vendors/ Banks on the internet.  Electronic Signatures will be created for all transactions using the private key of customer and with electronic signature bank can establish Non-repudiation in the court of law.
  • 5. RISK IN PKI  Certifying authority’s Private Keys is one point of failure.  In case if the private key of the Certifying Authority is compromised, the intruder can create a certificate pair and get the same endorsed in the name of any customer.  For example xyz Certifying authority’s private key gets compromised.  Intruder identifies that Mr. A holds the digital signature of xyz Ltd  Intruder creates another pair of private / Public Key and puts the signature for the new certificate pair as Mr. A using the private Key of XYZ Ltd.  However the intruder cannot open any file that has been encrypted by the public key of Mr A. The only thing that the intruder can do is to do Identity Theft of all the customer of XYZ Ltd.
  • 6. HARDWARE VERSUS MOBILE PKI Capabilities PKI Hardware Token Mobile PKI On-board Asymmetric Key-Pair generation √ √ On-board only - Private key access control √ √ PIN protected √ √ Brute force PIN attack resilient √ √ Clone, Tamper resistant √ √ On-board Digital Signing & Encryption √ √ X.509 v3 certificate storage √ √ PKCS #11, Microsoft CryptoAPI (CAPI) 2.0 √ - PKCS#1 Compliant Encryption and Signing √ √ Driver& Browser Independent √ Untethered, Mobile √ MITB, MITM Immune √ COMPLIANCE AND STANDARDS Hardware PKI Mobile PKI FIPS 140-2, RoHS, PC/SC compliant, CE & FCC Conformity certified On board 1024-bit key pair, PKCS#1 PKCS #11 v2.20 or above, Microsoft CryptoAPI (CAPI) 2.0, PC/SC OATH compliance 192-bit Triple DES