Upload
netri
View
1.374
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Compiled by:
NETRI
TKTCert:A Web-Based Authenticated & certified
service
April 8, 2023
INTRODUCTION:
April 8, 2023
Digital Signature: Type of Asymmetric Cryptography.
Simulates the security of a handwritten signature on paper.
Digital certificate:
Body of data placed in message. Serves as proof of the sender’s authenticity. Establishes your credentials when doing business or other
transactions on the web.
April 8, 2023
CA (Certificate Authority): Trusted third party or Web of trust .
Provides meaningful authentication.
Provides that transmitting and receiving document not modified or viewed by third party.
Prevents ‘man-in-the-middle’attack on your web browser.
April 8, 2023
Types of certificates
Root
CERTIFICATE
SERVER
CERTIFICATE
CLIENT
SITE
CERTIFICATE
OBJ ECT
SIGNING
CERTIFICATE
April 8, 2023
ROOT CERTIFICATE: Unsigned public key certificate or a self-signed certificate
that identifies
the Root CA. Top-most certificate of the tree & used to "sign" other
certificates. All certificates below the root certificate inherit the
trustworthiness of
the root certificate
CLIENT & SERVER SITE CERTIFICATES :
Digital credential that identifies the server or client application that uses the certificate for secure communications.
April 8, 2023
Contain identifying information about the organization that owns the application.
server must have a digital certificate to use the Secure Sockets Layer (SSL).
Allows clients to use certificates to authenticate to resources instead of user names and passwords.
OBJECT-SIGNING CERTIFICATE: Used to digitally "sign" an object.
By signing the object, you provide a means by which you verify both the object's integrity and the origination or ownership of the object.
: X.509 CERTIFICATE FORMAT
April 8, 2023
version
certificate serial num
Algorithm
parameters
Issuer name
Not before
Not after
Subject name
Algorithm
issuer unique identifier
subject unique identifier
extension
algorithm
Parameter
Encrypted
parameters keys
Signature algo. identifier
Period of validity
Subject’s pubKey inf
Signat-ure
SYSTEM ARCHITECTURE:
April 8, 2023
At client
site
Client
Install the certificate in
It browser
Server
N
e
T
w
o
r
k
Registratio
n
office
Registration
form
Registration
authority
Root
Certificate
3
2
10
11
9
8
6
5
Publish its certificate
for global access
Server sends
its certificate
proof itidentify
CA site
2
1
4
13
7
12
Ca repository
System Architecture
WELCOME TO TKT CERT
HOME LOGIN POLICY RENEW GUIDELINES MYCERTIFICATE
DESCRIPTION OF TKT CERT
Information exchange with this site can,t be viewed or changed by third party..
Do you want to continue??
YES NO VIEW CERTIFICATE
HOME LOGIN POLICY RENEW GUIDELINE MYCERTIFICATE
LOGIN
User Name: Passphrase:
[sign up for new account?] [lost your password?]
LOGIN
HOME LOGIN POLICY RENEW GUIDELINE MYCERTIFICATE
Welcome to your Account of TKT cert.com
ABOUT ME MY DETAILS TYPES OF CERTIFICATES PURPOSE GUIDELINES
LOST PASSPHRASE
Email Address:
Date of birth:
Next
LOST PASSPHRASEQuestion 1st : Question 3rd :
Question 5th : New Passphrase :Repeated :
NEXT
HOME LOGIN POLICY RENEW GUIDELINES MYCERTIFICATE
TKT CERT certificate will be shown:
REGISTRATION FORM
April 8, 2023
TKT Cert Certificate Registration Form REG NO. First Name Last Name Email Address Pass Phrase: State Country Company Name City What is your domain name you wish to secure? What is time period for issuing certificate? Please fill at least five questions to verify yourself 1 2 3 4 5 Please remember my profile information. Please keep me up to date on securely alerts via email Agree certificate all terms and conditions.
Continue
HOME LOGIN POLICY RENEW GUIDELINES MYCERTIFICATE
Your password has been updated and your loginId has been notified of the change !!
Edit your Profile
Change your Passphrase
My profile details is shown
April 8, 2023
1.
Registration
office
Client
Registration
authority
server
Certificate
authority
Certificate
repository
Browser
1
33
4
6 8
9
10
110100
12
Certificate signing request
Registration
repository
Login
repository
2
5
7
April 8, 2023
Certificate signing request Browser registration repository login repos
Request Access installs forward takes store store login & Certificate certificate blank form word Form fills with details domain forward form form Passphrase verify Fills form Client detail Blank form fills Forwards fill form Verified account detail Global certificate authority Client certificate Store Certificate repo
Client Server Registration
office Registration
authority Check
s
Submit
Verify
CA
Generat
e
CERTIFICATE VERIFICATION PROCESS:
April 8, 2023
April 8, 2023
Certificate ver ification
Invalid Invalid Invalid Invalid
Client valid valid valid valid
Path valid
Verified
Not valid certificate
Client CA Type
check
Expiry
check Integrit
y check Certificate
path check
Certificate
valid Client
Certificate
invalid
ROOT-HIERARCHY:
April 8, 2023
N
BROWSER
INTERMMEDIATE
CA-X INTERMMEDIATE
CA-Y
ROOT CA -A
ROOT CA -B
WEB SERVER1 WEB SERVER1
CERTIFICATE CA-B
CERTIFICATE CA-Y
CERTIFICATE WEB SERVER
Root hierarchy
April 8, 2023
Browser
Root hierarchy
Certificate
Certificate
Own CA path
Certificate certificate Throws its
Certificate
Verified
Access services fetch CA
Certificate rep
Root CA Dispatch Client Install
Verify Request
Web server
CLIENT-BROWSER CERTIFICATE VALIDATION:
April 8, 2023
SERVER
ISP
CA
ISP
CERTIFICAT
-E
ISP CERTIF
SERVER
CERTIFICATE
CLIENT
CERTIFICATE
CLIENT
CERTIFICATE 1
2
4
6
7
8
SERVER
CERTFICATE 5
3
CLIENT
CERTIFICATE
CER
9
Client site
April 8, 2023
Browser
Request client certificate&
Request
Service Provided
Provided Client certificate
Verified certificate certificate repo
Fetches certificate
Self certificate fetch certificate
Submits certificate
Verified certificate
Client ISP
Exchang
ee
exExcha
nge
Server
Verificatio CA
April 8, 2023
C 1 GENERATES ITS CERTIFICATE TO C 2
C 2 GENERATES ITS CERTIFICATE TO C 1
CERTIFICATE
AUTHORITY
CA
REPOSITORY
CLIENT CLIENT
4
8
5
3
Tw o client interaction from one CA
April 8, 2023
Two clients interaction from same CA
Decrypted certificate
Encrypted c lient2 certificate encrypted client certificate +
+ CA public key CA repository CA public key
Client certifiacte request its own certif...
Verified
Request for its certificate
Own private +client certificate
Encrypted certificate encrypted certificate
Encrypted certificate exchange with each other
Client CA
Client
Verification
Decrypt
Encryption
Exchange
April 8, 2023
CA 1 CA 2 CA 1
CERTIFICATE
REPOSITORY
CA 2
CERTIFICATE
REPOSITORY
CLIENT CLIENT
1
2
3
4
Two client interaction from different CA
Shares each others certificate
April 8, 2023
Decrypt
C1
CA1 CA2
C2
CA1 Repository
Global Repository
CA2 Repository
Fetc
h
CA
2
cert
if.
Request for CA2 certif.
CertifCA2
Certif+public key of sender
Fetc
h
C2
c
ertif
.
Secure communication
DIGITAL CERTIFICATE WITH SIGNATURE :
April 8, 2023
Hash function
2
4
5
7
CLIENT1 CLIENT2
CERTIFICA- TE
AUTHORITY
1 1
2 3
6
CERTIFICATE
REPOSITORY
April 8, 2023
April 8, 2023
CA Verification
AppendVerificat
ion
Client
Verification
Verification
CA
Verification CA
REPOSITORY Signature repository
Digest + private key
Signed digest+message
Fetch client certificate
Store signature
Encrypted certificate
Certif+public key of c2
Signature sent
Sign+certificate
Sign+certificate
Priv key+sign certif.
April 8, 2023
CERTIFICATE
Repository Reg_no
Certificate serial number
Customer ID
Date of issue
REVOCATION LIST
certificate
Trusted Root
Certificate Store
Certificate serial no
Root ID
CA Name
Date of issue
Revocation list
Certificate
Signature
Repository
Sign_holder_name
Holder_ID
Algorithm
Certificate serial no
Valid date
signature
Login Repository
Reg_no username
Password customer ID
Reference email-id
April 8, 2023
Reg_no
Customer ID
Date of registration
CSR Date
Certificate issue date
Registration form
User serial no
Certificate serial no
Revocation date
Certificate revocation list
Registration AuthorityRevocation repository
CONCLUSION
April 8, 2023
Secure Digital transactions- an important Secure Digital transactions- an important part of electronic commerce in the future.part of electronic commerce in the future.
Privacy of transactions, and authentication Privacy of transactions, and authentication of all parties, is important for achieving the of all parties, is important for achieving the level of trust. level of trust.
Encryption algorithms and key-sizes must be Encryption algorithms and key-sizes must be robust enough to prevent observation by robust enough to prevent observation by hostile entitieshostile entities
April 8, 2023