Using Certificates with Encryption (96)Digital Certificates Explained (128)Acquiring Certificates (112)Building a Certificate Request Utility (224)4.3 ActiveX and Authenticode (64)III: Digital Certificates (64)6.3 Problems Building a Public Key Infrastructure (56)7.3 Server Certificates (136)8.1 Client Certificates (144)Authenticating to the Directory (40)Using Certificate-Based Authentication (35)What's So Different about an Applet? (50)Certificates and Signed Applets (120)Writing LDAP Applets for Netscape Navigator (105)7. Digital Identification II: Digital Certificates, CAs, and PKI (55)7.1 Understanding Digital Certificates with PGP (40)7.2 Certification Authorities: Third-Party Registrars (40)7.3 Public Key Infrastructure (30)7.4 Open Policy Issues (35)12.3 Microsoft's ActiveX (50)15.5 Secure Remote Access and Content Updating (5)Digital Certificates (128)Encrypting Data (16)Accessing the Keystore (28)5.5 Office 2000 Security (24)Certificate Authorities (4)Digital Certificates (96)Windows 2000 and Public-Key Infrastructure (8)Summary (52)Cryptography and CryptoAPI (48)Digital Signatures (219)Test Your Understanding (48)Glossary (33)Security Overview (240)Using Certificates (54)Request Object (6)Types of Payment and Acceptance (22)Secure Electronic Transaction (SET) (28)Implementing Encryption (120)A Closer Look at ESD (30)Cryptography (12)Key Management (76)Security in TCP/IP Layers (14)Public Key Infrastructure and Distribution Models (4)Digital Signatures (88)5.5 Using Outlook's Editors (12)15. Security and Encryption (30)15.1 A Primer on Encryption (42)15.2 Sending and Receiving Signed Messages (116)Basic IPsec Security Concepts and Cryptography (92)Tying All of the Pieces Together: A Comprehensive Example with IPsec and IKE (22)Configuring IKE (86)6.4 Domain Namespace Design (194)7.1 Intrasite and Intersite Topologies (2)7.3 Examples (4)Understanding and Using Word 2002's Privacy and Security Features (72)Preventing and Controlling Word Viruses (94)Troubleshooting (34)8. Security (104)8.4 Digital Certificates (94)1.5 Why Use XML in Web Applications (74)7.2 Transport and Message Formats (22)7.5 Secure Message Exchange with SSL (102)Introduction (52)Installing, Configuring, Managing, Monitoring, and Troubleshooting Certificate Services (36)11. Practice Exam (12)Client Certificate Mapping (54)Server Certificates and Certificate Authorities (45)Installing and Configuring Certificate Services (1)4.4 The Request (1)8. Security (81)8.2 Digital Certificates (17)8.3 Secure Sockets Layer (SSL) (1)Publishing Your Web or Intranet Site with Microsoft Internet Information Server (2)Other Methods for Securing Documents (66)C. What's on Que's Special Edition WOPR 2000 Pack CD (32)Company Organization (1)Windows 2000 Authentication (4)Public Key Infrastructure (PKI) (17)7.5 Collections Reference (100)Macro Virus Protection Issues (56)Putting It All Together (44)6.6 Authentication with the Secure Sockets Layer (100)The Windows 2000 Security Model (2)Certificate Services (91)Practical Applications for Cryptography on the Internet (97)The IPSec Protocol Suite (3)Digital Certificates (25)Secure Web Servers (17)Providing Secure Transactions (15)
PURE Java 2 (1)16. Java Security (50)Procedure for Digitally Signing Code (42)java.security.cert Interface and Class Details (4)java.security.cert Class Details (4)HAVI SECURITY (100)Windows 2000 (2)Security Glossary (98)
All a digital eavesdropper needs to do is to put the sniffing agent in place and write credit card information it discovers to a log file.
Building a Certificate Request Utility
A client certificate is a digital certificate that is designed to certify the identity of an individual.
Digital Certificates Explained
That requires getting an SSL-compliant server (most major servers are compliant) and applying to a certificate authority such as VeriSign or Nortel Entrust (see below for details) for the digital ID necessary for compliant browsers to register your site as valid.
To understand how digital signatures work, you need to understand public-key cryptography.
With a digital certificate installed on your system, you can sign, encrypt, or sign and encrypt messages.
Now that you have a basic understanding of how the process of acquiring and using certificates works, it's time to learn how to actually perform some of these tasks yourself.
To use your applet with Netscape Navigator, you need to create a JAR file that contains the class files for your applet and the digital signatures for each class file.
Authentication, authorization, confidentiality, and integrity are all linked by digital certificate technology.
PKCS#7 applies to encryption envelopes and digital signatures and is a basis of S/MIME (Secure / Multipurpose Internet Mail Exchange).
The basic security mechanism used to protect HAVi home networks from external threats is a digital authentication certificate.
When an SSL-enabled browser talks to an SSL-enabled server, they exchange cryptographic certificates and authenticate each other using secure credentials known as digital certificates.
The ClientCertificate collection of the Request object provides access to the certification fields of the client's digital certificate.
Methods of encoding voice into digital format over communication lines.
Several important steps that have been taken toward standard methods include using digital signatures and digital certificates for authentication purposes, and the Secure Sockets Layer (SSL) protocol to enable secure Web traffic exchanges.
One of the biggest problems surrounding the use of public-key encryption algorithms is being able to verify that the public key you received is really from the person you want to send a secure message to.
Microsoft's approach to providing macro virus security does not focus on identifying viruses placed in macros but rather on providing tools for ensuring that users run macros from only those sources that can be trusted.
As a countermeasure to the man-in-the-middle attack, the IKE protocol uses digital signatures to authenticate the origin of Diffie-Hellman exchanges.
This is a simple configuration, does not use public key cryptography or digital certificates, and might be suitable for small networks.
Authentication, confidentiality, and integrity are all linked by digital certificate technology.
A more scaleable approach is to use digital certificates to distribute public keys.
One of its popular uses is for the X.509 digital certificate. (We discuss the X.509 digital certificate, authentication, and other security issues in
Support for digital signatures that confirm the identity of individuals who have created a document
Microsoft's approach to providing macro virus security does not focus on identifying viruses placed in macros, but rather on providing tools for ensuring that users run macros from only those sources that can be trusted.
This part of the book explains what digital signatures and certificates are and how they can be used to establish identity and assure the authenticity of information that is delivered over the Web.
When the <OBJECT> tag is encountered by a web browser that implements the ActiveX protocol, the browser downloads the control, optionally verifies the control using a digital signature mechanism, loads it into the browser's address space, and executes the code.
As part of Microsoft's security policy, all Office programs (including Project) have a security certificate.
Already, substantial commerce is occurring on the Internet based on old-style, easily forged credit cards, rather than high-tech digital signatures.
In the previous chapter, we explored three techniques for establishing and authenticating a person's identity: the use of paper documents, biometrics, and digital signatures.
Client Certificate Mapping
A common solution to ensuring user authenticity is to issue a client-side digital certificate.
In lieu of your "John Hancock" and sealing wax, you use a digital signature.
The next step in a successful PKI is the concept of a Certificate Authority (CA).
Creating a digital certificate
By default, Internet Explorer will not run an ActiveX control that is not digitally signed with a public key that has a matching "software publisher's certificate."
To sign an applet, you need a digital certificate that identifies you as a software publisher?an object-signing certificate.
Why is the idea of a digital certificate important to the expansion of e-commerce?
Authentication in CryptoAPI is ensured by digital certificates, which are the digital equivalent of photo IDs.
Server Certificates and Certificate Authorities
You have now learned to record a macro, save the project file with a self-signed digital certificate, and use the Visual Basic Editor.
A digital signature is intended to provide some measure of confidence for the end user that code will not do bad things, based on the user's trust in the code signer.
All forms of encryption?digital certificates, PGP, even the lowly password?comprise four distinct elements:
A certification authority (CA) is any organization that issues digital certificates.
Understanding Digital Certificates with PGP
Your client provides a digital certificate to the directory server as identification.
Installing, Configuring, Managing, Monitoring, and Troubleshooting Certificate Services
At that time, there was already substantial commerce occurring on the Internet based on old-style, easily forged credit cards, rather than high-tech digital signatures.
If you are connecting over SSL, you can use digital certificates to authenticate your LDAP client to the directory server.
As you learned earlier in this chapter, Word allows you to add new trusted sources: sources whose digital certificates will certify that their macros can always be trusted.
for a primer on digital communications.
Some of the macros have been signed with a digital certificate to authenticate who the creator was.
A digital certificate could have warned recipients of their misconceptions.
Before you can send a copy of that software to a customer via ESD, you must also have a secure version of the product that is packaged in a digital wrapper.
Public key infrastructure (PKI) is the system of digital certificates, certification authorities, tools, systems, and hardware that are used to deploy public key technology.
The technology behind SET involves digital certificates?a way of verifying that a purchase is being made by a legitimate card holder.
With keytool, you can create new keys, request a digital certificate, and manage a database of keys and certificates.
Office 2000 introduced a new security feature, built around digital signatures, to diminish the threat of macro viruses.
The X.509 digital certificate, discussed later in this chapter, is en coded with ASN.1.
Alice sends her digital certificate to Bob.
Electronic cash lets users send digital messages that act like currency to and from their accounts.
Using SSL on IIS involves simply installing IIS, generating a key pair, and installing your certificate.
Another component of PKI includes digital signing.
Also, if you are performing public-key encryption and you want to use the public key from a digital certificate, you can use the certificate as the key.
Registering for a digital certificate will protect our visitors from spoofing (someone else impersonating our site), allow us to use SSL without users seeing a warning message, and provide an air of respectability to our online venture.
Prevent him from gaining access to your certificate server.
The Security section provides checkboxes for encrypting a message and/or attaching a digital signature to it.
Instead, public key encryption algorithms are typically used in applications involving authentication using digital signatures and key management.
Microsoft Certificate Server (discussed in
The ClientCertificate collection contains information about the digital security certificate on the client browser.
Examples are the SecurID system from Security Dynamics (see Figure 15-3) or the SecureNet Key from Digital Pathways.
CodeSource (URL url, Certificate certs)
A client may securely log on to Active Directory using the X.509 certificate PKI extensions of Kerberos by connecting to the front-end Web servers.
However, DS-RPC is not the best replication mechanism for asynchronous links like these, so instead PetroCorp creates digital certificates and rolls out a certificate server to those sites to enable the replication mechanism to use the underlying mail transport via an SMTP Connector for each link.
The purpose of a Public Key Infrastructure (PKI) is to provide trusted and efficient key and certificate management to support these protocols.
For purposes of authentication, digital certificates are used.
PKI makes use of Microsoft Certificate Services, allowing the deployment of enterprise certificate authorities (CA) in your enterprise and is integrated into Active Directory.
The Kerberos service issues a certificate that Windows 2000 uses to authenticate a client on the network whereby that client can access resources anywhere in the enterprise using a single logon and password.
SMTP Connector messages are encrypted using digital signatures, so to encrypt the messages, you need to install the optional Windows 2000 Certificate Server service and obtain your own digital signature for your organization.
The digital nervous system, Microsoft's initiative to digitize the DNA of a company, presents us with an interesting view of vendor, partner, and customer relationships, as well as employee-to-employee relationships.
The browser checks to see whether a trusted certificate authority signed the key.
out.println ("Client Certificate [" + i + "] = "
Installing and Configuring Certificate Services