1 / 7

Certificate and Key Storage Tokens and Software

Certificate and Key Storage Tokens and Software. Mark Swyers VeriSign, Inc. mswyers@verisign.com. Key Storage Considerations. Many different ways to store a certificate and private key Application will usually dicatate the appropriate method Concerns include: Security Portability

filia
Download Presentation

Certificate and Key Storage Tokens and Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Certificate and Key StorageTokens and Software Mark Swyers VeriSign, Inc. mswyers@verisign.com

  2. Key Storage Considerations • Many different ways to store a certificate and private key • Application will usually dicatate the appropriate method • Concerns include: • Security • Portability • Functionality • Usability • Managability • Expense

  3. Software-Based Certificates • Several different software stores • Microsoft CAPI • Netscape certificate database • Macintosh keyring • Java keystores • Vendor specific • VeriSign Personal Trust Agent • Pros • Browser based, so easy to use • Inexpensive • no new infrastructure • easy distribution • Cons • Locks user to desktop • Desktop management • Cannot control password use

  4. PKI Tokens • Generally provide greater security than software certificates • Can require PINs or passwords, even biometric authenication • Keys usually cannot be exported • Tokens can be locked in a safe when not in use • FIPS (Federal Information Protection Standard) 140 rated • Provide better portability than software certificates • Can be used on multiple machines while maintaining only one copy of the private key • Have the capcaity to hold multiple keys and certificates • Challenges • Typically require installation of drivers • May require a separate reader • End user acceptance • Token lifecycle management: distribution, forgotten/lost/broken tokens • Cost

  5. Smart Cards • Can support multiple forms of access • Physical access to building • Logical access to workstation • Can double as ID card • Can print photo and other info • Can support a magnetic stripe • Requires a reader • Contact or contactless (proximity) • Examples • FIPS 201 standard for HSPD-12 • DoD Common Access Card • DOI Employee ID Cards • University ID cards

  6. USB Tokens • Many form factors • PKI only • PKI with One-Time Password • PKI with OTP and storage • Easily portable • Ensures tokens travel with user (i.e. when attached to car keys) • Most computers have USB ports • Better for consumers and when you don’t have control over the user environment

  7. VeriSign Approach – Flexible Authentication Platform PKI-USB Token Cost-Effective OTP Multi-Function Token (OTP & USB Smart Card) Smart Card For Physical & Network Access VeriSign Unified Authentication Multi-Function Token with Secure Storage Mobile Devices Soft Certificate And Soft OTP Many Credential Types – One Integrated Platform – One Strategic Vendor

More Related