certificate and key storage tokens and software n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Certificate and Key Storage Tokens and Software PowerPoint Presentation
Download Presentation
Certificate and Key Storage Tokens and Software

Loading in 2 Seconds...

play fullscreen
1 / 7

Certificate and Key Storage Tokens and Software - PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on

Certificate and Key Storage Tokens and Software. Mark Swyers VeriSign, Inc. mswyers@verisign.com. Key Storage Considerations. Many different ways to store a certificate and private key Application will usually dicatate the appropriate method Concerns include: Security Portability

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Certificate and Key Storage Tokens and Software' - filia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
certificate and key storage tokens and software

Certificate and Key StorageTokens and Software

Mark Swyers

VeriSign, Inc.

mswyers@verisign.com

key storage considerations
Key Storage Considerations
  • Many different ways to store a certificate and private key
  • Application will usually dicatate the appropriate method
  • Concerns include:
    • Security
    • Portability
    • Functionality
    • Usability
    • Managability
    • Expense
software based certificates
Software-Based Certificates
  • Several different software stores
    • Microsoft CAPI
    • Netscape certificate database
    • Macintosh keyring
    • Java keystores
    • Vendor specific
      • VeriSign Personal Trust Agent
  • Pros
    • Browser based, so easy to use
    • Inexpensive
      • no new infrastructure
      • easy distribution
  • Cons
    • Locks user to desktop
    • Desktop management
    • Cannot control password use
pki tokens
PKI Tokens
  • Generally provide greater security than software certificates
    • Can require PINs or passwords, even biometric authenication
    • Keys usually cannot be exported
    • Tokens can be locked in a safe when not in use
    • FIPS (Federal Information Protection Standard) 140 rated
  • Provide better portability than software certificates
    • Can be used on multiple machines while maintaining only one copy of the private key
    • Have the capcaity to hold multiple keys and certificates
  • Challenges
    • Typically require installation of drivers
    • May require a separate reader
    • End user acceptance
    • Token lifecycle management: distribution, forgotten/lost/broken tokens
    • Cost
smart cards
Smart Cards
  • Can support multiple forms of access
    • Physical access to building
    • Logical access to workstation
  • Can double as ID card
    • Can print photo and other info
    • Can support a magnetic stripe
  • Requires a reader
    • Contact or contactless (proximity)
  • Examples
    • FIPS 201 standard for HSPD-12
    • DoD Common Access Card
    • DOI Employee ID Cards
    • University ID cards
usb tokens
USB Tokens
  • Many form factors
    • PKI only
    • PKI with One-Time Password
    • PKI with OTP and storage
  • Easily portable
    • Ensures tokens travel with user (i.e. when attached to car keys)
  • Most computers have USB ports
  • Better for consumers and when you don’t have control over the user environment
verisign approach flexible authentication platform
VeriSign Approach – Flexible Authentication Platform

PKI-USB Token

Cost-Effective OTP

Multi-Function Token (OTP & USB Smart Card)

Smart Card For Physical & Network Access

VeriSign Unified Authentication

Multi-Function Token with Secure Storage

Mobile Devices

Soft Certificate And Soft OTP

Many Credential Types – One Integrated Platform – One Strategic Vendor