Digital certificates provide advanced instruments for confirming identities in electronic environments. The application of digital certificates has been gaining global acceptance both in public and private sectors. In fact, the government field has witnessed increasing adoption of cryptographic technologies to address identity management requirements in cyberspace. The purpose of this article is to provide an overview of various governmental scenarios on the usage and application of digital certificates in the United Arab Emirates. The UAE government integrated public key infrastructure (PKI) technology into its identity management infrastructure since 2003. The article also explores the UAE digital identity issuing authority's position regarding government-to-government transactions and the prospective role of digital certificates.
Improving System Security and User Privacy in Secure Electronic Transaction (...IJERA Editor
With the advancement of internets, user’s transaction is at ease, timely manner and effective wise through online payment method, so also cybercriminals become increasingly more prompt in areas like e-commerce sites, financial institutions, payment processes and other online transactions. Therefore the need for the system security and privacy became the central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Using SET as an open encryption and security specification designed to protect credit card transaction on the internet. This paper proposes a new approach for increasing security by avoiding privacy violation using Public Key Infrastructure, X.509 certificate and Format Preservation encryption method, the credit card number is encrypted using public key algorithm and re-encrypted using Format preservation Encryption algorithm and finally stored in the X.509 version 3 certificate private extensions. This technique can be used to improve the security of the user credit card information against card fraud or the compromise of data associated with the account.
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
Technological conversion, political interests and Business drivers has triggered a means, to establish individual characterization and personalization. People started raising concerns on multiple identities managed across various zones and hence various solutions were designed. Technological advancement has brought various issues and concerns around Identity assurance, privacy and policy enabled common Authentication framework. A compressive framework is needed to established common identity model to address national needs like standards, regulation and laws, minimum risk, interoperability and to provide user with a consistent context or user experience.
This document focuses on Transformation path of identity stone age to Identity as in state. It defines a digital identity zone model (DIZM) to showcase the Global Identity defined across the ecosystem. Also, provide insight of emerging Technology trend to enable Identity assurance, privacy and policy enabled common Authentication framework.
Mobile identity management has attracted the attention of both the public and private sectors in the last few years. In the context of service delivery, modern mobile communication networks offer more convenient approaches to developing citizen-centric applications. However, taking into consideration the need for compelling user authentication and identification, secure communication in mobile environments remains a challenging matter. This article explores the potential role of government-issued smart identity cards in leveraging and enabling a more trusted mobile communication base. It delves into the identity management infrastructure program in the United Arab Emirates (UAE) and how the smart identity card and overall system architecture have been designed to enable trusted and secure transactions for both physical and virtual mobile communications.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Improving System Security and User Privacy in Secure Electronic Transaction (...IJERA Editor
With the advancement of internets, user’s transaction is at ease, timely manner and effective wise through online payment method, so also cybercriminals become increasingly more prompt in areas like e-commerce sites, financial institutions, payment processes and other online transactions. Therefore the need for the system security and privacy became the central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Using SET as an open encryption and security specification designed to protect credit card transaction on the internet. This paper proposes a new approach for increasing security by avoiding privacy violation using Public Key Infrastructure, X.509 certificate and Format Preservation encryption method, the credit card number is encrypted using public key algorithm and re-encrypted using Format preservation Encryption algorithm and finally stored in the X.509 version 3 certificate private extensions. This technique can be used to improve the security of the user credit card information against card fraud or the compromise of data associated with the account.
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
Technological conversion, political interests and Business drivers has triggered a means, to establish individual characterization and personalization. People started raising concerns on multiple identities managed across various zones and hence various solutions were designed. Technological advancement has brought various issues and concerns around Identity assurance, privacy and policy enabled common Authentication framework. A compressive framework is needed to established common identity model to address national needs like standards, regulation and laws, minimum risk, interoperability and to provide user with a consistent context or user experience.
This document focuses on Transformation path of identity stone age to Identity as in state. It defines a digital identity zone model (DIZM) to showcase the Global Identity defined across the ecosystem. Also, provide insight of emerging Technology trend to enable Identity assurance, privacy and policy enabled common Authentication framework.
Mobile identity management has attracted the attention of both the public and private sectors in the last few years. In the context of service delivery, modern mobile communication networks offer more convenient approaches to developing citizen-centric applications. However, taking into consideration the need for compelling user authentication and identification, secure communication in mobile environments remains a challenging matter. This article explores the potential role of government-issued smart identity cards in leveraging and enabling a more trusted mobile communication base. It delves into the identity management infrastructure program in the United Arab Emirates (UAE) and how the smart identity card and overall system architecture have been designed to enable trusted and secure transactions for both physical and virtual mobile communications.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
Cost effective authentic and anonymous data sharing with forward security
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Digital Task Force’s Digital Magazine on Electronic Evidence and Hash Value -...Rohan Nyayadhish
At Digital Task Force, we specialise in mobile data extraction in the form of soft copy / print documents such as SMS, WhatsApp Chats, all kinds of media applications, routing locations for keeping Electronic Evidence's Authenticity intact, retrieving data/information from password/pin code protected phones, non-bootable phones, phones with broken displays, data deleted from the phone's memory drives on basis of condition of the device.
At Digital Task Force, we generate Audio/Video transcripts from Audio/Video/CCTV Footages. Based on our client's requirements and the necessities of a case, we are authorized to provide 65 B Certifications & Hash Value Reports as required by Section 65B of The Indian Evidence Act, 1872 in order to authenticate Electronic Evidence and have it be admissible in court.
Key frame extraction is an essential technique in the computer vision field. The extracted key frames should brief the salient events with an excellent feasibility, great efficiency, and with a high-level of robustness. Thus, it is not an easy problem to solve because it is attributed to many visual features.
This paper intends to solve this problem by investigating the relationship between these features detection and the accuracy of key frames extraction techniques using TRIZ. An improved algorithm for key frame extraction was then proposed based on an accumulative optical flow with a self-adaptive threshold (AOF_ST) as recommended in TRIZ inventive principles. Several video shots including original and forgery videos with complex conditions are used to verify the experimental results. The comparison of our results with the-state-of-the-art algorithms results showed that the proposed extraction algorithm can accurately brief the videos and generated a meaningful compact count number of key frames. On top of that, our proposed algorithm achieves 124.4 and 31.4 for best and worst case in KTH dataset extracted key frames in terms of compression rate, while the-state-of-the-art algorithms achieved 8.90 in the best case.
What is Digital Signature, Digital Signature FAQ - eMudhraeMudhra dsc
eMudhra is one of the leading provider of Digital Signature Certificates and is a Licensed Certifying Authority(CA) authorized by the Controller of Certifying Authorities (CCA) and Ministry of Information Technology to issue digital signature Certificates in India.
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...IJNSA Journal
The Public Key Infrastructure(PKI) provides facilities for data encryption, digital signature and time stamping. It is a system where different authorities verify and authenticate the validity of each participant with the use of digital certificates. A Certificate Policy (CP) is a named set of rules and it indicates the applicability of a certificate in a Public Key Infrastructure. Sometimes two companies or organizations with different PKIs merge. Therefore it would be necessary that their PKIs are also able to merge. Sometimes, the unification of different PKIs is not possible because of the different certificate policies. This paper presents a method to compare and assess certificate policies during merger and acquisition of companies.
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
Public Key Infrastructure is a widely deployed security technology for handling key distribution and validation in computer security. Despite PKI’s popularity as a security solution, Phishing and other Man-in-the-Middle related attacks are accomplished with ease throughout our computer networks. The major problems with PKI come down to trust, and largely, how much faith we must place in cryptographic keys alone to establish authenticity and identity.
In this paper, we look at a novel biometric solution that mitigates this problem at both the user and certificate authority levels. More importantly, we examine the trouble with the application of unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports transactional key release. A detailed explanation of this new Biometric application is provided, including composition, enrollment, authentication, and revocation details. The Biometric provides a new paradigm for blending elements of physical and virtual security to address pesky network attacks that more conventional approaches have not been able to stop.
This Case Study discussed an implementation strategy for recording Degrees and Certificates on the Blockchain for authenticity and verification purposes.
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Digital certificates and information securityDevam Shah
Digital certificates ensures secure transactions over internet. This presentation is about information security and secure online transactions through digital certificates.
Courtesy: www.ifour-consultancy.com
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
Cost effective authentic and anonymous data sharing with forward security
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Digital Task Force’s Digital Magazine on Electronic Evidence and Hash Value -...Rohan Nyayadhish
At Digital Task Force, we specialise in mobile data extraction in the form of soft copy / print documents such as SMS, WhatsApp Chats, all kinds of media applications, routing locations for keeping Electronic Evidence's Authenticity intact, retrieving data/information from password/pin code protected phones, non-bootable phones, phones with broken displays, data deleted from the phone's memory drives on basis of condition of the device.
At Digital Task Force, we generate Audio/Video transcripts from Audio/Video/CCTV Footages. Based on our client's requirements and the necessities of a case, we are authorized to provide 65 B Certifications & Hash Value Reports as required by Section 65B of The Indian Evidence Act, 1872 in order to authenticate Electronic Evidence and have it be admissible in court.
Key frame extraction is an essential technique in the computer vision field. The extracted key frames should brief the salient events with an excellent feasibility, great efficiency, and with a high-level of robustness. Thus, it is not an easy problem to solve because it is attributed to many visual features.
This paper intends to solve this problem by investigating the relationship between these features detection and the accuracy of key frames extraction techniques using TRIZ. An improved algorithm for key frame extraction was then proposed based on an accumulative optical flow with a self-adaptive threshold (AOF_ST) as recommended in TRIZ inventive principles. Several video shots including original and forgery videos with complex conditions are used to verify the experimental results. The comparison of our results with the-state-of-the-art algorithms results showed that the proposed extraction algorithm can accurately brief the videos and generated a meaningful compact count number of key frames. On top of that, our proposed algorithm achieves 124.4 and 31.4 for best and worst case in KTH dataset extracted key frames in terms of compression rate, while the-state-of-the-art algorithms achieved 8.90 in the best case.
What is Digital Signature, Digital Signature FAQ - eMudhraeMudhra dsc
eMudhra is one of the leading provider of Digital Signature Certificates and is a Licensed Certifying Authority(CA) authorized by the Controller of Certifying Authorities (CCA) and Ministry of Information Technology to issue digital signature Certificates in India.
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...IJNSA Journal
The Public Key Infrastructure(PKI) provides facilities for data encryption, digital signature and time stamping. It is a system where different authorities verify and authenticate the validity of each participant with the use of digital certificates. A Certificate Policy (CP) is a named set of rules and it indicates the applicability of a certificate in a Public Key Infrastructure. Sometimes two companies or organizations with different PKIs merge. Therefore it would be necessary that their PKIs are also able to merge. Sometimes, the unification of different PKIs is not possible because of the different certificate policies. This paper presents a method to compare and assess certificate policies during merger and acquisition of companies.
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
Public Key Infrastructure is a widely deployed security technology for handling key distribution and validation in computer security. Despite PKI’s popularity as a security solution, Phishing and other Man-in-the-Middle related attacks are accomplished with ease throughout our computer networks. The major problems with PKI come down to trust, and largely, how much faith we must place in cryptographic keys alone to establish authenticity and identity.
In this paper, we look at a novel biometric solution that mitigates this problem at both the user and certificate authority levels. More importantly, we examine the trouble with the application of unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports transactional key release. A detailed explanation of this new Biometric application is provided, including composition, enrollment, authentication, and revocation details. The Biometric provides a new paradigm for blending elements of physical and virtual security to address pesky network attacks that more conventional approaches have not been able to stop.
This Case Study discussed an implementation strategy for recording Degrees and Certificates on the Blockchain for authenticity and verification purposes.
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Digital certificates and information securityDevam Shah
Digital certificates ensures secure transactions over internet. This presentation is about information security and secure online transactions through digital certificates.
Courtesy: www.ifour-consultancy.com
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Market Engel SAS
Digital signature solutions are quickly replacing paper-based signatures and have the potential to dominate signature-related processes. The primary benefits of this technology include increased efficiency, lower costs and increased customer satisfaction. Processes that still require a handwritten signature slow down turnaround time, increase complexity in terms of archiving, and also raise environmental issues with regards to paper usage. Companies are therefore increasingly adopting digital signature solutions to address those challenges.
The financial services industry is the pioneer in the adoption and development of digital signature solutions, and we expect other industries, such as telecommunication, commerce, utilities, notaries and healthcare, to follow soon as the benefits of this new technology, namely increased efficiency, lower costs and increased customer satisfaction, are not restricted to any industry. While offering clear advantages, digital signature solutions still need to overcome some challenges, such as the need to adapt existing systems and processes to the new technology, concern about acceptance by business partners and the perceived high cost.
The European Union is currently finalizing regulation, which will increase the legal value of advanced electronic signatures and remote electronic signing services by offering the possibility to generate a qualified digital signature using a remote signing system. The regulation is expected to be enacted in early July 2014. This development is expected to serve as an example for other markets on how to approach digital signatures from a regulatory standpoint.
This report is based on Arthur D. Little’s survey of 50 market experts in Europe, as well as comprehensive secondary market research. In this report, we provide an overview of the digital signature technology, its current and potential market, as well as the benefits and challenges it brings. We also present examples of practical applications of digital signature solutions.
Jennifer worked for Sutter County Superintendent of Schools Office & the Sutter County One Stop as a Career Advisor & trainer for about eight years. During that time she provided assistance to youth & adults in work readiness activities (i.e. career and job fairs), workshops & counseling services. Additionally, she acted as a liaison to connect business & education throughout the community. She also provided this resume and cover letter training to Beale AFB for a couple of years. This training for those who were about to separate from the military. She now lives and works in UT as an educator.
ISO/IEC 20000 is a worldwide service management standard that describes the implementation of an integrated process approach for the delivery of services. It consists of a set of minimum requirements to audit an organization against effective Service Management. The standard promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements.
This white paper introduces the reader to what the standard is all about and why organizations choose to meet is requirements. It also describes the certification process and it has useful hints, tips and links.
Authentication and Authorization ModelsCSCJournals
In computer science distributed systems could be more secured with a distributed trust model based on either PKI or Kerberos. However, it becomes difficult to establish trust relationship across heterogeneous domains due to different actual trust mechanism and security policy as well as the intrinsic flaw of each trust model. Since Internet has been used commonly in information systems technologies, many applications need some security capabilities to protect against threats to the communication of information. Two critical procedures of these capabilities are authentication and authorization. This report presents a strong authentication and authorization model using three standard frameworks. They are PKI, PMI, and Directory. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently.
The purpose of this article is to provide an overview of the PKI project initiated part of the UAE national ID card program. It primarily shows the operational model of the PKI implementation that is indented to integrate the federal government identity management infrastructure with e-government initiatives owners in the country. It also explicates the agreed structure of the major components in relation to key stakeholders; represented by federal and local e-government authorities, financial institutions, and other organizations in both public and private sectors. The content of this article is believed to clarify some of the misconceptions about PKI implementation in national ID schemes, and explain how the project is envisaged to encourage the diffusion of e-government services in the United Arab Emirates. The study concludes that governments in the Middle East region have the trust in PKI technology to support their e-government services and expanding outreach and population trust, if of course accompanied by comprehensive digital laws and policies.
ENHANCING SECURITY AND TRANSPARENCY: THE ROLE OF BLOCKCHAIN IN DOCUMENT VERIF...Terna Engineering College
It is simple to produce phony certifications due to the market's easy access to inexpensive, sophisticated equipment and the rapid growth of information technology, as well as the lack of transparency and verifiability in the reporting process. The complicated method of authentication entails numerous difficult validation steps.
Additionally, bank statements, significant papers, transfer documents, certifications of training, etc. Each type of content is distinctive and necessitates a different handling strategy. Students' academic transcripts are significant records provided by their universities. The best fake credentials are always hard to spot and are handled much like legitimate ones. Recently, blockchain technology has been cited as a potential method of information system verification and as a crucial weapon in the conflict against information fraud and malpractice.
This research seeks to enhance the data analysis process using blockchain technology. Our focus is to build a decentralized and distributedledger that holds the papers and guarantees their immutability.
A survey on security and policy aspects of blockchain technologyTELKOMNIKA JOURNAL
This survey talks about the problem of security and privacy in the blockchain ecosystem which is currently a hot issue in the blockchain community. The survey intended to study this problem by considering different types of attacks in the blockchain network with respect to algorithms presented. After a preliminary literature review it seems that some focus has been given to study the first use case while, to the best of my knowledge, the second use case requires more attention when blockchain is applied to study it. The research is also interested in exploring the link between these two use cases to study the overall data ownership preserving accountable system which will be a novel contribution of this work. However, due to the subsequent government mandated secrecy around the implementation of data encryption standard (DES), and the distrust of the academic community because of this, a movement was spawned that put a premium on individual privacy and decentralized control. This movement brought together the top minds in encryption and spawned the technology we know of as blockchain today. This survey explores the genesis of encryption, its early adoption, and the government meddling which eventually spawned a movement which gave birth to the ideas behind blockchain.
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...Omlis
Gartner's statement that certificates can no longer be blindly trusted; coupled with Microsoft VP of Trustworthy Computing, Scott Charney declaring “PKI is under attack” seems increasingly prophetic as the digital world relentlessly develops its capabilities. Undeniably, PKI plays a key role in internet security, but SSL (Secure Sockets Layer) / TLS (Transport Layer Security) systems are proving increasingly vulnerable under the weight of the latest digital ecosystem.
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...IJNSA Journal
Secure Electronic Transaction (SET) is a standard e-commerce protocol for securing credit card transactions over insecure networks. In a transaction using SET, all the members need public key certificates in order to authenticate their public key. Certificates are created by certificate authorities (CAs), The process of getting certificates from a certificate authority(CA) for any SET participants involves a large number of procedures like sending request to issue a certificates, getting approval or
rejection of request and finally obtain the certificates, which is essentially time consuming as because these are associated with certificate management, including renew, revocation ,storage and distribution and the computational cost of certificate verification, also the chain of verification can be quite long, depending on the certificate hierarchy. So, the issues associated with certificate management are quite complex and costly.The present paper attempts the removal of the certificates using the ‘certificateless public key cryptography (CL-PKC)’ . The basic idea of CL-PKC is to generate a public/private key pair for a user by using a master key of a Key Generation Center (KGC) with a random secret value selected by the user. Hence, CL-PKC eliminates the use of certificates in traditional PKC and solves the key escrow problem in ID-PKC.The comparison with existing SET implementation is also addressed in the paper that shows the effectiveness of the proposal.
Design an active verification mechanism for certificates revocation in OCSP f...IJECEIAES
No doubt that data security online is crucial. Therefore, great attention has been paid to that aspect by companies and organizations given its economic and social implications. Thus, online certificate status protocol (OCSP) is considered one of the most prominent protocol functioning in this field, which offers a prompt support for certificates online. In this research, a model designed based on field programable gate array (FPGA) using Merkel’s tree has been proposed to overcome the delay that might have occurred in sorting and authentication of certificates. Having adopted this model and with the assistance of Hash function algorithm, more than 50% of certificates have been processed in comparison with standard protocol. Moreover, certificates have been provided with substantial storage space with high throughput. Basically, Hash function algorithm has been designed to arrange and specify a site of verified or denied certificates within time of validity to protect servers from intrusion and clients from using applications with harmful contents.
EUNICERT: ETHEREUM BASED DIGITAL CERTIFICATE VERIFICATION SYSTEMIJNSA Journal
The fake certificate is a special global problem in today's digital age. Thousands of universities and educational institutions around the world do not exist but can release hundreds of millions of fake degrees. Verifying the integrity of qualifications is a real challenge for today's employers. Applying the anti-data
modifying properties of blockchain technology, this study proposes a solution issuing and verifying digital certificates called EUniCert to solve this problem. By changing the design and integrating new consensus algorithm used in Ethereum platform into the Unicoin network that was used to verify and store the information related to the issued digital certificate, the EUniCert improves the latency to validate transactions as well as the number of verified blocks in the blockchain network compared to the previous solution that we have proposed. We implement a simple blockchain system to illustrate the management operation of the digital certificates on the ethereum platform. Besides, we conduct a simulation to evaluate the performance of our proposal compared with the previous system. The result is that the average latency decreases by 3.27 times as well as the number of verified blocks increases by 11% compared with the previous system.
EUNICERT: ETHEREUM BASED DIGITAL CERTIFICATE VERIFICATION SYSTEMIJNSA Journal
The fake certificate is a special global problem in today's digital age. Thousands of universities and educational institutions around the world do not exist but can release hundreds of millions of fake degrees. Verifying the integrity of qualifications is a real challenge for today's employers. Applying the anti-data modifying properties of blockchain technology, this study proposes a solution issuing and verifying digital certificates called EUniCert to solve this problem. By changing the design and integrating new consensus algorithm used in Ethereum platform into the Unicoin network that was used to verify and store the information related to the issued digital certificate, the EUniCert improves the latency to validate transactions as well as the number of verified blocks in the blockchain network compared to the previous solution that we have proposed. We implement a simple blockchain system to illustrate the management operation of the digital certificates on the ethereum platform. Besides, we conduct a simulation to evaluate the performance of our proposal compared with the previous system. The result is that the average latency decreases by 3.27 times as well as the number of verified blocks increases by 11% compared with the previous system.
PKI Concepts- What are the core components of a PKI- Briefly describe.docxellenj4
PKI Concepts: What are the core components of a PKI? Briefly describe each component Discuss the trustworthiness of squareroot certificates provided by browsers. (3) What is the purpose of the X.509 standard and what is a certificate chain? How is an X.509 certificate revoked?
Solution
A public key infrastructure ( PKI ) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like persons and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.
The PKI role that assures valid and correct registration is called registration authority (RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request. In a Microsoft PKI, a registration authority is usually called a subordinate CA.
An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party validation authority (VA) can provide this entity information on behalf of the CA.
.
Similar to The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority (20)
يسلط الكتاب الضوء على دور اقتصاد البيانات في دعم الأنظمة الاقتصادية الوطنية، وإرشاد القرارات والسياسات في مختلف القطاعات. ويقدم مجموعة من التوصيات لتطوير السياسات التنظيمية والبنى التحتية ودعم الابتكار وتشجيع نمو القطاع الخاص وريادة الأعمال.
يسلط الكتاب الضوء على أهم أبعاد التحول الرقمي الحكومي، ويقدم أطر ومفاهيم عامة لتصميم وتطوير المنظومات الخدماتية القائمة على إنشاء القيمة وتحقيق النمو الاجتماعي والاقتصادي
يتناول الكتاب المتغيرات التي فرضتها التكنولوجيات الحديثة على المفاهيم المرتبطة بالنقد، ودور العملات الرقمية في تشكيل مستقبل الأسواق العالمية.
ويتطرق أيضاً إلى التحولات الكبيرة في الاقتصاد العالمي الجديد، ودور العملة في الاقتصاد، والمشكلات التي تواجه العملات بشكل عام والورقية على الأخص، والمدفوعات والعملات الإلكترونية، ومفهوم العملات الرقمية الحكومية والتجارية والافتراضية والمشفرة والمستقرة، هذا بالإضافة إلى مميزات العملات المشفرة ومخاطرها، والقيم المتذبذبة للعملات التجارية، والترويج الذي يتم لها.
كما يستعرض الكتاب التجارب الدولية للعملات الرقمية، والتجارب العربية في هذا المجال، والمواقف الحكومية من العملات المشفرة، وعملة الـفيسبوك، ومستقبل العملات الرقمية والمدفوعات الرقمية، هذا بالإضافة إلى دور تكنولوجيا البلوك تشين في تأمين المعاملات المالية.
ويضع الكتاب النموذج المتوقع لعمل العملات الرقمية الحكومية، وذلك من خلال التطرق إلى 9 خصائص رئيسية مطلوبة لأي منظومة عملة ناجحة من العملات الرقمية، وكذلك 8 مكونات أساسية لنموذج عمل العملات الرقمية الحكومية، مع شرح آلية عمل النموذج.
ومن بين أهم التوصيات التي أوصى بها الكتاب هو ضرورة أن يتوحد العالم العربي لدراسة وتأسيس عملة رقمية وفق منهج علمي مدروس وجماعي، تكون الأولوية الحاكمة فيه هي التوافق والتكامل.
يشير الكتاب على أن التنمية الفكرية في بناء المؤسسات تمثل إحدى أهم الأبعاد المحورية نحو المجتمعات والاقتصادات المستدامة، ويبين أن وصول المؤسسات للقمة والتميز يتطلب منها تكوين فهم دقيق للقيمة المضافة التي تنشئها المؤسسة قبل بحث الكيفية والوسيلة، وأن القدرة على الابتكار والتغيير والتحديث هي السمات التي يمكن من خلالها أن تسهم في توفير قوة دافعة للمؤسسة للتميز والاستدامة.
ويتناول الكتيب عدة محاور ضرورية من شأنها أن تعزز من إسهامات القيادات الشابة في مؤسساتهم، والتي جاء في مقدمتها: مفهوم القمة في العمل المؤسسي، ومجالات وصول المؤسسات للقمة، وأدوات الوصول للقمة والمحافظة عليها؛ وشرح لمفاهيم الإدارة المتميزة، وأساسيات إدارة الموارد البشرية، ومدى الاستفادة من التكنولوجيا، وما يحمله المستقبل من تطورات في مجالات جديدة بالثورة الصناعية الرابعة، وطريقة الوصول للقمة، وكذلك استمرارية البقاء على القمة التي تستدعي التعلم بشكل مستمر، وكيفية استدامة التميز المعتمدة على المنهج المتكامل القابل لتحديد نفسه بصفة دائمة.
يتطرق الكتاب إلى بعض المعطيات التي أصبحت تدفع نحو تحولات كبيرة في النظام الاقتصادي العالمي، ويتناول توقعات المؤسسات الدولية لأداء الاقتصاد العالمي.
كما يضع الكتاب عدد من السمات المفترضة للنظام الاقتصادي الجديد خلال فترة ما بعد (كوفيد 19).
يتناول الكتاب الصادر من مجلس الوحدة الاقتصادية العربية بجامعة الدول العربية بعنوان “الاقتصاد الرقمي ودوره في تعزيز الأمن الوطني”، الفرص التي يمتلكها الاقتصاد الرقمي ويدعو للتركيز على الاقتصاد الرقمي كعنصر تنموي استراتيجي لتطوير مقومات الأمن الاقتصادي.
The study highlights the effects of the revolutions and unrest in Arab countries with an attempt to provide an overview of Arab present and its prospects. It primarily recommends the adoption and employment of advanced technologies in reconstruction efforts and supporting the development of resilient and sustainable economies.
The book is designed to promote understanding of conflicts in organisations, and establish how they can be handled effectively, and make them work as opportunities for improvement and constructive change.
دراسة موجزة لمجلس الوحدة الاقتصادية العربية بجامعة الدول العربية حول آثار أزمة جائحة كورونا على الدول العربية وتقدم توصيات لمتخذي القرار وراسمي السياسات للتعامل مع تداعيات الأزمة.
The book pinpoints that the digital future is exposed to the danger of chaotic, unregulated growth, which constitutes a challenge for countries that still operate according to traditional economic models, and that public thinking in the Arab region in facing challenges still follows the "reaction methodology" and temporary solutions with short-term prospects, and that this is confirmed by the current international indicators of its competitiveness. The book proposes that in order to address this, visions and efforts should be based on strategies driven by scientific methods, and with it the Arab countries must develop a clear understanding of the main challenges before jumping to seize opportunities.
The book shows that it is fundamental for policymakers and decision-makers to have precise and accurate understanding of the intricate details in digital transformation initiatives and the role that modern technologies can play in changing the rules and systems of current practices, and in how to develop digitized, more innovative business models with which to build resilient and sustainable social economies and systems.
The book also draws on the current data and indicators of the global economy and that they are pushing to form a worrying picture of weaknesses in Arab countries, which in turn may threaten the stability of the entire region, especially with regard to the "cognitive decline" and “increasing unemployment rates” and “poor economic performance"; and that these challenges call for dealing with it as key strategic indicators that require urgent action plans; with emphasis that these plans need to be designed to reflect different ways of thinking and adapted to the nature of the requirements and challenges of the 21st century and treat them as forces and positive factors.
The book highlights the importance of accelerating the implementation of a set of initial reform projects to encourage the development of more dynamic and developed digital business environments in the Arab region, in parallel with the development of educational systems and healthcare, and strengthening agricultural capabilities to achieve food security targets, and focus on economies based on industry and production, and promoting the development of Arab digital platforms to support e-commerce practices.
يتطرق الكتاب إلى تحليل الوضع الراهن لمشاريع التحول الرقمي في الحكومات العربية، والمراحل الأربعة للتحول في المنظومة الحكومية، وأهم العوائق والتحديات التي تعطل مسيرة التطور والتقدم ويقدم الكتاب بعض الحلول الموجزة والمقترحة في هذا السياق.
ويوضح الكتاب بأن مفاهيم الصناعة باتت تدفع بتطبيقات ممكّنة للآلات للتواصل فيما بينها من خلال الشبكات الإلكترونية واتخاذ القرارات اللامركزية بمستويات تفوق القدرات البشرية. كما أن ذلك أصبح يدفع أيضاً إلى ظهور نماذج عمل للمؤسسات أشبه بـ «المصانع الذكية» تتميز بقدراتها الآلية على التطوير الذاتي والتعامل مع المتغيرات والتعلم المستدام، والقدرة على تطوير المنظومات الخدمية والإنتاجية بمستويات كفاءة وفاعلية ومستويات أداء غير مسبوقة؛ وأن المؤسسات في المنطقة العربية لم يعد أمامها خيار سوى الاستمرار ومواكبة التقدم في تنفيذ مشاريع التحول الرقمي.
وجدير بالذكر أن المنطقة العربية وكثير من دول العالم شهدت في العقدين الماضيين آلاف المبادرات والمشاريع في مجال التحول الرقمي، مستهدفة دعم قدراتها كحكومة مسئولة عن صناعة العديد من القرارات وتقديم الخدمات، وانطلاقاً من رؤية القيادات في هذه الدول لتحويل الخدمات الحكومية إلى خدمات إلكترونية وذكية.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
2. Ali M. Al-Khouri 42
ever-changing world, being able to respond rapidly to new opportunities and
challenges is crucial to the future economic and social prosperity of the world
(Greenstein, M. & Vasarhelyi, 2002; Shaw, 2006). The rapid development of
Information and Communication Technologies (ICT) is forcing governments to
adopt more rigorous development plans to revolutionize their operations, service
delivery channels, and the way they interact with citizens.
Virtual space, electronic banking, and other electronic services are
becoming more commonplace, offering the convenience and flexibility of round-
the-clock service direct from the comfort of home. However, there is an
increasing concern both from individuals and organizations about the privacy
and security associated with electronic transactions (Germain, 2003). Encryption
seems to be insufficient by itself because it provides no proof of the identity of
the sender of the encrypted information. Digital certificates have emerged as a
compelling technology, able to provide higher levels of security and assurances
of electronic identities and content integrity.
This article provides an overview of a government program and the
potential use of digital certificates. We attempt to outline the different scenarios
formulated during discussions in the implementation phases of the UAE national
identity management infrastructure, which was first launched in 2003. The main
purpose of this article is to explore the UAE digital identity issuing authority's
position with regards to G2G e-government transactions and the prospective role
of digital certificates. This article is structured as follows: The first section
provides a short overview of the digital certificates and their role in electronic
transactions. The second section provides an overview of the UAE Identity
Authority and digital certificates. It outlines the possible scenarios of the
application of government issued digital certificates, and outlines the general
architecture of UAE identity infrastructure and the technical components related
to digital certificates.
3. 43 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
2. DIGITAL CERTIFICATES
Digital certificates are digital files that certify the identity of an individual
or institution seeking access to computer-based information. By enabling such
access, they serve the same purpose as a driver’s license or library card. Digital
certificates bind the identity of an individual or institution to a digital public key,
i.e., to a pair of electronic keys that can be used to encrypt and sign digital
information. The combination of standards, protocols, and software that support
digital certificates is called a public key infrastructure, or PKI. The software that
supports this infrastructure generates sets of public-private key pairs. Public-
private key pairs are codes that are related to one another through a complex
mathematical algorithm. The key pairs can reside on one’s computer or on
hardware devices such as smart cards or floppy disks.
Through digital certificate, it is possible to verify someone's claim that they
have the right to use a given key, helping to prevent people from using phony
keys, for example, to impersonate other users. Used in conjunction with
encryption, digital certificates provide a more comprehensive security solution,
assuring the identity of all parties involved in a transaction.
A digital certificate is issued by a Certification Authority (CA) and signed
with the CA's private key. A digital certificate typically contains the following
elements: (1) owner's public key, (2) owner's name, (3) expiration date of the
public key, (4) name of the issuer (the CA that issued the digital certificate),
(5) serial number of the digital certificate, and (6) digital signature of the issuer.
4. Ali M. Al-Khouri 44
The most commonly accepted format for digital certificates is defined by
the ITU X.5091 international standard; thus, certificates can be read or written by
any application complying with X.509. Further refinements are found in the
PKCS2 standards and the PEM3 standard.
Figure 1 depicts an example of a university campus with various methods
for access control that can be integrated with a digital certificate infrastructure,
e.g., Kerberos4, passwords, and in-person ID. The diagram shows various
methods that rely on some form of directory service to authenticate a campus
user for access to a service or resource. In this illustration, the University
Directory Service is represented by the LDAP Authentication Database.
1
ITU X.509: a widely used standard for defining digital certificates. X.509 (Version
1) was first issued in 1988 as a part of the ITU X.500 Directory Services standard.
When X.509 was revised in 1993, two more fields were added resulting in the
Version 2 format. These two additional fields support directory access control.
X.509 Version 3 defines the format for certificate extensions used to store additional
information regarding the certificate holder and define certificate usage.
Collectively, the term X.509 refers to the latest published version, unless the version
number is stated. X.509 is published as ITU recommendation ITU-T X.509
(formerly CCITT X.509) and ISO/IEC/ITU 9594-8 which defines a standard
certificate format for public key certificates and certification validation. With minor
differences in dates and titles, these publications provide identical text in the
defining of public-key and attribute certificates.
2
PKCS: is an abbreviation for Public-Key Cryptography Standards, and it refers to
the set of standards for public-key cryptography, developed by RSA Laboratories in
cooperation with an informal consortium, originally including Apple, Microsoft,
DEC, Lotus, Sun and MIT.
3
PEM: is an abbreviation for Privacy Enhanced Mail (RFC 1421 - RFC 1424), an
early standard for securing electronic mail (IRTF, IETF). PEM never has been as
widely adopted as Internet Mail Standard.
4
Kerberos is a secure method for authenticating a request for a service in a computer
network. Kerberos was developed in the Athena Project at the Massachusetts
Institute of Technology (MIT). The name is taken from Greek mythology; Kerberos
was a three-headed dog who guarded the gates of Hades. Kerberos lets a user request
an encrypted "ticket" from an authentication process that can then be used to request
a particular service from a server. The user's password does not have to pass through
the network.
5. 45 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
Figure 1 : Digital certificate application in a university campus
Source: DLF & CREN (2000)
Figure 2 depicts an example of the flow of information between a
publisher’s server and a user’s computer using digital certificates. In this
example, the client attempts access to a controlled resource from a publisher,
such as a database or digital library, usually through a Web interface. The
publisher’s server asks the client to present a certificate. The client presents a
certificate, and the publisher’s server verifies that the certificate is authentic and
authorizes access to the content.
6. Ali M. Al-Khouri 46
Figure 2 : Digital certificate authentication process
Source: DLF & CREN (2000)
As governments continue to invest significantly in the development and
deployment of e-government solutions, there is a global movement towards
using digital certificates to authenticate and authorize secure interactions over
virtual networks. The next section looks at the digital certificate infrastructure
implementation in the United Arab Emirates.
3. The UAE Identity Authority
In 2003, the government of the UAE began the use of digital certificates
aspect of its public key infrastructure technology deployment which was
integrated with the national identity management infrastructure development
program (Al-Khouri, 2011; Westland & Al-Khouri, 2010). A federal Identity
Authority was established in 2004 to oversee the implementation of the program
and the issuing of digital certificates in the form of smart identity cards to all
members of the population. Currently more than half of the population have
been registered, and the remaining five million people are expected to be
enrolled by 2013. Each individual goes through a rigorous registration process
where fingerprints and photos are captured at one of more than fifty registration
centers in the country. The biographical data and biometrics are then processed
centrally and go through automated and human validation systems which either
grant or reject the issuing of identity cards.
7. 47 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
The government is planning to achieve a strategic objective from this
project: to support e-government and e-commerce initiatives. The use of public
key infrastructure will enable the establishing of a secure channel for
communicating any sensitive information between the different parties in an
electronic environment. Generally, once a digital certificate is obtained, one may
set up security-enhanced web or e-mail applications to use the digital certificate
automatically.
Theoretically speaking, the use of digital certificates in e-government
communications is relatively straight forward (Babaoglu, 2003). The UAE
Identity Authority is in a position to issue digital certificates to government
entities that want to connect to the government Identity Authority. The
certificates will be used for establishing secure communications and mutual
authentication between the participating parties. Extension of these services to
include secure e-mail and data encryption falls outside the scope of this paper.
For the moment, it is assumed that the requirement is only to use digital
certificates in secure communication channels; therefore, it was recommended
that the existing technical CA be used for such a purpose, which is a matter of
issuing the certificates with no additional infrastructure required. The reasons for
this are explained in later sections of this article.
3.1 UAE PKI STRATEGY OVERVIEW
As indicated earlier, there have been several discussions during the project
implementation about the necessary infrastructure to extend the UAE PKI to
facilitate e-services for ID card holders. There are challenges with this
requirement since ID card holders will not only authenticate themselves but use
digital signatures;, possibly encryption at a later stage, and they will travel
around and require services from various locations. Each of these requires an
extensive infrastructure which includes card readers, access to public key
8. Ali M. Al-Khouri 48
repository, access to the CRL repository, LDAP-accessible directory services,
key escrow, etc.
For the purpose of this discussion, this paper will only focus on the need for
authentication (using digital certificates) between devices in a government-to-
government (or e-government) scenario.
The Political Question
Prior to getting into the technical aspects of the discussion, it is necessary to
deal with some political questions in order to understand the various scenarios
that might be encountered. Some questions were:
1. Who will be the ultimate certificate authority issuing digital certificates in
the UAE?
2. Will the commercial certificate authority be the same as the government
certificate authority?
3. What are the roles of commercial CAs offered by the telecom companies in
the country and the Identity Authority within the digital certificate space?
3.1.1 Scenario 1 – a single CA for the UAE
Since telecom operators in the UAE run commercial CAs, they have already
invested in the infrastructure and conformed to the strict requirements of hosting
a trust center. The natural conclusion would be to assume that they are in the
best position to provide PKI services for the government as well. This means
that the UAE Identity Authority need not concern itself with any additional
infrastructure regarding e-government services or ID card holder’s e-services. In
addition, it need not be concerned with digital certificates all together; they may
act as a registration authority for the national CA, only verifying identities and
approving certificates on behalf of the national CA. This, however, might not be
in the best interest of national security and hence the Identity Authority.
9. 49 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
3.1.2 Scenario 2 – separate commercial and government CAs
The second scenario is that of having two separate CAs, one for commercial
services and one for government services. These two CAs may autonomously
function on their own and on the same level of authority. While telecom
companies can perform the function of commercial CAs, the Identity Authority
may perform the function of the government CA. The UAE Identity Authority is
already issuing certificates for ID card holders but require the necessary
infrastructure to facilitate the PKI services beyond the boundary of the national
identity management infrastructure. In addition, the necessary legislation needs
to be in place to have the Identity Authority function as the official government
CA.
3.1.3 Scenario 3 – hybrid CAs
The third scenario is to have the government Identity Authority provide
limited PKI services in the form of ID card holder certificates and some e-
government certificates, but to let the telecom companies provide integration
and necessary infrastructure services. The details of such a hybrid solution are
not important now, but such a solution may prove to be the best strategy for the
short term. The technical discussion will resolve around the assumption that this
scenario is the current way forward.
3.2 THE UAE IDENTITY INFRASTRUCTURE
3.2.1 Identity System Technical CA
From the definition, a Certificate Authority (CA) is a trusted organization
that maintains and issues digital certificates. The UAE Identity Authority
currently has two root CAs: the Population CA and the Technical CA. The
Population CA is used to issue and sign the ID card holders’ certificates, which
are exported to the ID cards. The Technical CA is used to issue and sign various
certificates used in the national identity management system: web servers,
10. Ali M. Al-Khouri 50
administration tools, network appliances, fingerprint devices, etc. A few
subordinate CAs exist in a hierarchy below the Technical CA: the Timestamp
CA, Server CA, Admin CA, and MSO CA. The following diagram depicts a
logical representation of the UAE identity management system CA design:
Figure 3 : Logical CA design
In order to accommodate the issuance of third-party certificates (e.g., that of
other government departments), the certificates can simply be issued from one of
the existing subordinate CAs, or a new subordinate CA can be created just for
that purpose. In this case, it is recommended that a third-party CA be created
under the Technical CA on the same level as the Server and Admin CAs. The
process would typically work as follows:
1. A government entity wants to connect to a server in the Identity
Authority DMZ.
2. The connection and associated infrastructure is provided by the
government entity and installed in accordance with the Identity
Authority security policy.
11. 51 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
3. The government entity applies for a server (or client) certificate from
the Identity Authority.
4. The Identity Authority issues the certificate from the technical CA.
5. The certificate gets installed in the device / client / server of the
government entity.
6. The connection between the government entity and the Identity
Authority can now be mutually authenticated and encrypted on the
upper layers of the protocol stack (i.e., SSL, SSH, etc.)
7. The CRL is made available in the DMZ, so no need for further
infrastructure.
This is a simplified process, but it demonstrates the use of digital certificates
that are issued from the Identity Authority to authenticate and encrypt
communications between the Identity Authority and other government
departments. The number of such certificates will be much less than the ID card
holders’ certificates. Therefore the need for OCSP and a LDAP-accessible CRL
is not necessary. This simplifies the solution even further.
3.2.2 Level of Trust
Validating the CA certificate is an important part of the trust associated with
a PKI infrastructure (Mohapatra, 2001). The Identity Authority uses a stand-
alone CA, which does not have a trusted path associated with the commercial
CAs. This in itself is not a problem, but it means that the root CA certificate
(public key) of the Identity Authority has to be distributed to all entities to
provide CA certificate validation. This is not a problem as long as it has control
over the distribution and use of the issued certificates, meaning that whenever a
certificate is issued, the root CA certificate is installed with it. If, however, the
certificates will be used among government entities other than the Identity
12. Ali M. Al-Khouri 52
Authority, the root CA certificate must be published in a central location for
everyone to access or be distributed to all government entities on a per request
basis.
3.3 CERTIFICATE USES
The scope of the e-government certificates will determine the extent of the
PKI infrastructure required. The use of certificates for session authentication
(e.g., SSL), as opposed to digital signatures and file encryption, allows for a
much simpler infrastructure. The current infrastructure supports the use of
digital certificates for this purpose within the national identity management
system environment. Extending this to other government departments will be
technically straight forward and will not require major changes or additions,
assuming that it does not involve digital signatures and data encryption.
3.3.1 Secure Sockets Layer (SSL)
One of the best-known uses of public key encryption is the protocol known
as the Secure Sockets Layer (SSL), which protects the communications channel.
Every day, people access e-commerce sites to purchase goods and services over
the Internet, and wish to secure their sessions with these sites to protect the
confidentiality of information such as credit card numbers. The magnitude of
this everyday use of SSL to protect these sites indicates that SSL is by far the
most widespread commercially employed PKI technology. A typical SSL
session consists of the following procedures:
• A browser sends a request to connect to a site that has a server
certificate. The user performs this request by clicking on a link
indicating that it leads to a secure site, or the user types in a URL with
an “https” protocol specifier.
• The server responds and provides the browser with the server’s
certificate.
13. 53 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
• The browser verifies the digital signatures on the server certificate with
reference to a certificate chain leading to a trusted root certificate.
• The browser also compares the server’s domain with the domain listed
in the certificate to ensure that they match. If these steps are successful,
the server has been authenticated to the user, providing assurances to
the user that the user is accessing a real site whose identity was
validated by a CA. This process is called server authentication.
• Optionally, the server may request the user’s certificate. The server can
use the user’s certificate to identify the user: a process called client
authentication.
• The browser generates a symmetric session key for use by the browser
and server in encrypting communications between the two.
• The browser encrypts the session key with the server’s public key
obtained from the server certificate and sends the encrypted key to the
server.
• The server decrypts the session key using its private key.
• The browser and server use the session key to encrypt all subsequent
communications.
Following these procedures, the user may notice a padlock symbol
appearing on the screen. In addition, the user will be able to inspect the
certificate on the site using the browser. SSL with HTTP is the only way to
implement the technology. It can be used in many other services as well: SSL /
LDAP; SSL / FTP; SSL / SMTP; etc. This will likely be the most used
application of digital certificates in e-government implementation.
14. Ali M. Al-Khouri 54
3.3.2 Secure Shell (SSH)
Secure Shell provides terminal-like access to remote computers by using a
tunneling mechanism. It is especially useful in remote maintenance and
troubleshooting and provides authentication and secure transmission. SSH is
often used to replace Telnet, FTP, and the R-protocols in UNIX (e.g., rlogin,
rexec, rsh).
3.3.3 IPSec
IPSec is used to set up a secure channel for protecting data exchange
between two devices. It is currently used between sites in the national identity
management system network, so it will not be explained in detail. Basically the
most common implementation of IPSec is the use of symmetric key encryption
rather than asymmetric (public key encryption), due to the speed advantage.
3.3.4 Secure MIME (S/MIME)
Secure MIME is a standard for encrypting and digitally signing electronic
mail that contains attachments and for providing secure data transmissions.
S/MIME provides confidentiality through the user’s encryption algorithm,
integrity through the user’s hashing algorithm, authentication through the use of
X.509 public key certificates, and non-repudiation through cryptographically
signed messages. It should be noted that using S/MIME within an e-government
scenario will require extension of the PKI infrastructure, especially when e-mail
encryption is used.
4. CONCLUSIONS
This article has presented an overview of various scenarios of the usage and
application of digital certificates in the United Arab Emirates. For the short term,
the UAE Identity Authority can extend its technical CA services to third-party
government entities with little effort, depending on the scope and configuration
of the requirement. For the long term, it needs to position itself strategically. It
15. 55 The Role of Digital Certificates in Contemporary Government Systems:
The Case of UAE Identity Authority
will be vital to have a roadmap for PKI services in the UAE (the government
specifically) and the role of the UAE Identity Authority, in addition to its
relationship with telecom operators.
REFERENCES
1. Al-Khouri, A.M. (2011) "PKI in Government Identity Management
Systems", International Journal of Network Security & Its Applications,
Vol.3, No.3, pp. 69-96.
2. Babaoglu, O. (2003) Certificates, Certification Authorities and Public Key
Infrastructures [Online].
http://www.cs.unibo.it/babaoglu/courses/security/lucidi/PKI.pdf, Accessed
[10 October, 2011].
3. DLF & CREN (2000) Digital Certificate Infrastructure: FAQ, Digital
Library Federation & Corporation for Research and Educational
Networking, http://www.diglib.org/architectures/cren-dlf.pdf Accessed [10
October, 2011].
4. Germain, J.M. (2003) Beyond Biometrics: New strategies for security, E-
Commerce Times [Online]. http://www.ecommercetimes.com/perl/story/
31547.html Accessed [10 October, 2011].
5. Greenstein, M. and Vasarhelyi, M. (2002) Electronic Commerce: Security,
Risk Management and Control, McGraw-Hill, New York.
6. Mohapatra, P.K. (2001) Public Key Cryptography, ACM Crossroads
Student Magazine [Online]. http://www.acm.org/crossroads/xrds7-
1/crypto.html Accessed [10 October, 2011].
7. Shaw, M.J. (Ed.) (2006) E-Commerce and the Digital Economy. M E
Sharpe Inc.
8. Westland, D. & Al-Khouri, A.M. (2010) "Supporting e-Government
Progress in the United Arab Emirates", Journal of E-Government Studies
and Best Practices, Vol. 2010. pp.1-9.