α.π.σ. - Ταυτοποίηση Και Αυθεντικοποίηση (Pki)

.
gaggelinos@ssl-unipi.gr
.

,

.
(1/2)
()

(2/2)
( )
,
,
(one-way
functions)

,

.
6
:
DES, Triple-DES
Blowfish, SAFER, CAST
RC2, RC4 (ARCFOUR), RC5, RC6
7

RSA
Diffie-Hellman Key Exchange
ElGamal, Digital Signature Standard (DSS)
8
(1/2)

,
10
(2/2)
(Key
Distribution Center)

,

,

(digital envelope)
11

(1/2)

,

.

.

12

(2/2)

13

;

;

,
;
,
;
14
15
(1/2)

,

,

- (Trusted
Third Party TTP & Certification Services
Provider CSP)
16
(2/2)
, ,

17

(1/2)

:
:
, , ,

:
: ,
,
:

18

(2/2)
: ,
,

:
,
.

19
X.509 v3
Certificate:
Data:
Version: 3 (0x0)
Serial Number: 2003532 (0x0)
Signature Algorithm:
md5withRSAEncryption
Issuer: C=GR, L=Athens,
O=University of the Aegean,
OU=Certification Authority,
CN=ca.aegean.gr,
Email=ca@aegean.gr
Validity
Not Before: Nov 14 17:15:25 2003
GMT
Not After : Dec 14 17:15:25 2003
GMT
Subject: C=GR, L=Hermoupolis, O=
University of the Aegean, OU=Syros,
CN=www.aegean.gr,
Email=webmaster@aegean.gr
Subject Public Key Info:

Public Key Algorithm: rsaEncryption
Modulus:00:9a:92:25:ed:a4:77:69:23:d4:53
:05:2b:1f:3a:55:32:bb:26:de:0a:48:d8:fc:c8:
c0:c8:77:f6:5d:61:fd:1b:33:23:4f:f4:a8:2d:9
6:44:c9:5f:c2:6e:45:6a:9a:21:a3:28:d3:27:a
6:72:19:45:1e:9c:80:a5:94:ac:8a:67
Exponent: 65537 (0x10001)
Key Usage: Digital Signature, Key
Encipherment, Client Authentication
Signature Algorithm: md5withRSAEncryption
7c:8e:7b:58:b9:0e:28:4c:90:ab:20:83:61:9e
:ab:78:2b:a4:54:39:80:7b:b9:d9:49:b3:b2:2
a:fe:8a:52:f4:c2:89:0e:5c:7b:92:f8:cb:77:3f:
56:22:9d:96:8b:b9:05:c4:18:01:bc:40:ee:bc:
0e:fe:fc:f8:9b:9d:70:e3
20
(1/2)

(Personal or Identity certificate):

(Server or
Device certificate): .. Web
server
(Role-based certificate):

(Organisational
certificate): .. Microsoft Corp
21
(2/2)
(Attribute
certificate): .

(Group certificate):

(Proxy certificate):
,
, .. single-sign-on
22

:

:

:

. -

:
,
23
(Qualified
Certificates QC)

(Signature
Verification Data)

Directive 1999/93/EC
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:en:HTML
24
CSP
(1/2)

,

25
CSP
(2/2)

(signature creation data)
CSP
(audit log)

,

26

/ Risk Analysis
ISO 9000

27

CSP

(Certificate Status Information
CSI)
(CRL Certificate
Revocation List)
Online Certification Status Protocol OCSP (RFC-2560)
delta-CRL:
delta-CRL
28
http://
community.websense.com/blogs/securitylabs/archive/2013/07/11/digging-into-certificate-revocation-lists.aspx
29

X.509 (ITU)
SPKI SDSI - PKIX
(IETF)
PGP
PKCS#6 (RSA)

PKCS#10 (RSA)
RFC-2511 (IETF)

PKCS#7 &
PKCS#12 (RSA)
RFC-2560: OCSP
(IETF)
TR 102-030 (ETSI)
30
PKIX (Internet PKI based on X.509)

SPKI (Simple Public Key Infrastructure)
PGP (Pretty Good Privacy)
31
PKIX (.509)
,

, -,

,

(.500

)
SPKI
,
,

(Certification Practices Statement)
PGP
(Web of
Trust),
,

,
, N to N trust relationships

:
e-mail
(
Domain Name System)
32
33

(tokens)
tokens
tokens
(
)
(
)
34
tokens

One-time password generators (clock-based,
counter-based)

USB PCMCIA tokens

Token-password
Token-biometrics
35

:
,
.
:

.
,
( )

:
.

.

.
36

.

.
:
,
.
37

SYSTEM
PAY TV
SECURITY
Bull CP8
Health
GSM
Identification/Loyalty
Electronic purse
BANKING
Access
EFT / POS
38
:
(ISO/IEC 7816)
39
: (1/2)
: ISO/IEC 7816-2
: ,
, ,
( ),
reset Reserved for Future Use.
: ,
,
.
40
: (2/2)
(ISO 1443)
/
, .

.
.

.
interface
41
R
e
s
e
t
C
l0oV
ck
5
V
>I1/O
0V
A
D
D
R
E
S
S
E
S
C
P
U
o
rR
A
M
R
O
M
E
E
P
R
O
M
C
P
U
+
A
TA
C
o
P
ro D
C
P
8C
H
IP
A
R
C
H
IT
E
C
T
U
R
E
I
N
T
E
R
F
A
C
E
42
(working memory Random

Access Memory)
ROM (Read Only Memory)
(EEPROM)
(Secret Area)
, ,
PIN,
(Access Area)
(Public Area)
(Work Area)
43
EEPROM
1
SECRET AREA
ACCESS AREA
WORK AREA 2
WORK AREA
PUBLIC AREA
:
2Kb - 64 Kb

:
DES/3DES
Single Service
Provider Multiple
Applications
MANUFACTURING AREA
44
EEPROM
Secret Zone
Access Tracking Zone
Working Zone 1
Working Zone 2
Free Reading Zone
Manufacturing Zone
45
EEPROM
2
Available
Master File
Elementary Files
Dedicated File
Dedicated File
Elementary Files
Dedicated File
Elementary Files
Dedicated File
Elementary Files
Elementary Files
Memory Sizes: 8
- 64 Kb EEPROM
Cryptographic
Algorithm: DES RSA
Multi-Application
- Multi Service
Provider
46

:

:

:

:

47

(PIN).

.

.
48
DIV
(64 bits)
(64 bits)
DES
(48 bits) + ADDR (16 bits)

(64 bits)
R2
+
R1
ADDR (16 bits)

[ADDR] (32 bits)
R (64 bits)
R1
(64 bits)
(48 bits)
[ADDR] (32 bits)
R2
R' (64 bits)
DES
/
(64 bits)
49
50
51

α.π.σ. - Ταυτοποίηση Και Αυθεντικοποίηση (Pki)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

α.π.σ. - Ταυτοποίηση Και Αυθεντικοποίηση (Pki)

Uploaded by

Copyright:

Available Formats

.

Subject Public Key Info:

PKIX (Internet PKI based on X.509)

(working memory Random

Free Reading Zone

(48 bits) + ADDR (16 bits)

ADDR (16 bits)

[ADDR] (32 bits)

You might also like