Mason Hayes+Curran, Philip Nolan: Cloud Computingbrianharley
Slides on the legal issues surrounding cloud computing given in the course of a Business Breakfast on Cloud Computing by Philip Nolan, Partner at Mason Hayes+Curran, on 25 February 2009
This presents a model of the semantics and structure of an insurance policy, in a non-technical fashion, in order to demonstrate the appropriate way to present a data model to a non-technical audience.
The document provides an overview of the Combined Public Key (CPK) cryptosystem, which supports both identity-based encryption and identity-based signature schemes. It describes the key components of CPK, including the private and public matrices generated by the private key generator to extract users' private keys based on their identity, and how this supports more efficient encryption and signature generation compared to traditional PKI approaches. CPK combines identity-based cryptography with elliptic curve cryptography to provide an alternative to traditional public key infrastructure systems.
The document discusses the Combined Public Key (CPK) cryptosystem used in OpenSolaris. CPK provides identity-based encryption and signature schemes as an alternative to traditional public key infrastructure. It maps identities to key pairs using a hash function and private/public key matrices. CPK interfaces with the Solaris cryptographic and key management frameworks using standards like PKCS #11 and PKCS #7.
Mason Hayes+Curran, Philip Nolan: Cloud Computingbrianharley
Slides on the legal issues surrounding cloud computing given in the course of a Business Breakfast on Cloud Computing by Philip Nolan, Partner at Mason Hayes+Curran, on 25 February 2009
This presents a model of the semantics and structure of an insurance policy, in a non-technical fashion, in order to demonstrate the appropriate way to present a data model to a non-technical audience.
The document provides an overview of the Combined Public Key (CPK) cryptosystem, which supports both identity-based encryption and identity-based signature schemes. It describes the key components of CPK, including the private and public matrices generated by the private key generator to extract users' private keys based on their identity, and how this supports more efficient encryption and signature generation compared to traditional PKI approaches. CPK combines identity-based cryptography with elliptic curve cryptography to provide an alternative to traditional public key infrastructure systems.
The document discusses the Combined Public Key (CPK) cryptosystem used in OpenSolaris. CPK provides identity-based encryption and signature schemes as an alternative to traditional public key infrastructure. It maps identities to key pairs using a hash function and private/public key matrices. CPK interfaces with the Solaris cryptographic and key management frameworks using standards like PKCS #11 and PKCS #7.
Graphical passwords are an alternative to text-based passwords that aim to be easier for users to remember. There are two main types - recognition-based, where users select images they recognize, and recall-based, where users reproduce a sequence of actions. However, graphical passwords may not be as secure due to vulnerabilities like shoulder surfing and guessing common selections. Research continues to design more secure schemes and apply graphical passwords to other areas like public key cryptography.
This document describes a bounded identity-based encryption system that does not require a bilinear map. It uses a secret matrix S that is private to the domain, and secret keys are generated from rows in S corresponding to a user's identity. The public matrix P is generated from S using exponentiation. The system aims to provide security even under collusion attacks, with the size of the matrix scaling up based on the number of potential colluders. The document considers questions around the security and collision properties of the system, and compares it to other identity-based encryption approaches.
This document summarizes identity-based encryption (IBE). It discusses four basic IBE constructions from 2001-2004 and how IBE has been extended. It also describes the typical structure of an IBE scheme with key generation, encryption, and decryption components. Finally, it analyzes the key length and efficiency of various IBE schemes like Boneh-Franklin IBE compared to RSA and ECC.
RedOffice is a Chinese office suite based on OpenOffice that aims to enhance document security with cryptography. It lacks certificate-based encryption, key management utilities, and graphical digital signatures that OpenOffice provides. The document proposes adding a password generator, certificate-based encryption, key/certificate management extension, crypto framework extension, advanced cryptography techniques, embedding security attributes in printed documents, a key management service, and document security service to RedOffice.
The document proposes a method called WebIBC that brings public key cryptography to web browsers through identity-based cryptography, without requiring browser plugins. It discusses challenges around private/public key handling in browsers with limited capabilities. WebIBC addresses this by having a private key generator create a private matrix of random elliptic curve private keys and the corresponding public matrix, allowing a user's public key to be derived from their identity like an email address. This allows encryption and signatures directly in JavaScript without private key access.
This document provides an overview and introduction to OpenSSL including its components, architecture, APIs and usage. It describes OpenSSL as an open source cryptography toolkit that implements SSL/TLS protocols as well as cryptographic functions for encryption, decryption, signatures, certificates etc. It outlines OpenSSL's command line interface, supported algorithms, license, source code organization, EVP crypto API and usage examples for symmetric encryption and hashing.
This document discusses code signing, which involves digitally signing executables and scripts to confirm the software author and ensure the code has not been altered. Code signing can ensure code integrity, identify the source, and determine if code is trustworthy for a purpose. The architecture involves a code signing tool, kernel module to check signatures, and user-space daemon called by the kernel module. Communication between kernel and user space uses techniques like system calls, ioctl, proc filesystem, and netlink sockets.