certificate and key storage tokens and software n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Certificate and Key Storage Tokens and Software PowerPoint Presentation
Download Presentation
Certificate and Key Storage Tokens and Software

Loading in 2 Seconds...

play fullscreen
1 / 7

Certificate and Key Storage Tokens and Software - PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on

Certificate and Key Storage Tokens and Software. Mark Swyers VeriSign, Inc. mswyers@verisign.com. Key Storage Considerations. Many different ways to store a certificate and private key Application will usually dicatate the appropriate method Concerns include: Security Portability

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Certificate and Key Storage Tokens and Software


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
certificate and key storage tokens and software

Certificate and Key StorageTokens and Software

Mark Swyers

VeriSign, Inc.

mswyers@verisign.com

key storage considerations
Key Storage Considerations
  • Many different ways to store a certificate and private key
  • Application will usually dicatate the appropriate method
  • Concerns include:
    • Security
    • Portability
    • Functionality
    • Usability
    • Managability
    • Expense
software based certificates
Software-Based Certificates
  • Several different software stores
    • Microsoft CAPI
    • Netscape certificate database
    • Macintosh keyring
    • Java keystores
    • Vendor specific
      • VeriSign Personal Trust Agent
  • Pros
    • Browser based, so easy to use
    • Inexpensive
      • no new infrastructure
      • easy distribution
  • Cons
    • Locks user to desktop
    • Desktop management
    • Cannot control password use
pki tokens
PKI Tokens
  • Generally provide greater security than software certificates
    • Can require PINs or passwords, even biometric authenication
    • Keys usually cannot be exported
    • Tokens can be locked in a safe when not in use
    • FIPS (Federal Information Protection Standard) 140 rated
  • Provide better portability than software certificates
    • Can be used on multiple machines while maintaining only one copy of the private key
    • Have the capcaity to hold multiple keys and certificates
  • Challenges
    • Typically require installation of drivers
    • May require a separate reader
    • End user acceptance
    • Token lifecycle management: distribution, forgotten/lost/broken tokens
    • Cost
smart cards
Smart Cards
  • Can support multiple forms of access
    • Physical access to building
    • Logical access to workstation
  • Can double as ID card
    • Can print photo and other info
    • Can support a magnetic stripe
  • Requires a reader
    • Contact or contactless (proximity)
  • Examples
    • FIPS 201 standard for HSPD-12
    • DoD Common Access Card
    • DOI Employee ID Cards
    • University ID cards
usb tokens
USB Tokens
  • Many form factors
    • PKI only
    • PKI with One-Time Password
    • PKI with OTP and storage
  • Easily portable
    • Ensures tokens travel with user (i.e. when attached to car keys)
  • Most computers have USB ports
  • Better for consumers and when you don’t have control over the user environment
verisign approach flexible authentication platform
VeriSign Approach – Flexible Authentication Platform

PKI-USB Token

Cost-Effective OTP

Multi-Function Token (OTP & USB Smart Card)

Smart Card For Physical & Network Access

VeriSign Unified Authentication

Multi-Function Token with Secure Storage

Mobile Devices

Soft Certificate And Soft OTP

Many Credential Types – One Integrated Platform – One Strategic Vendor