 Public Key Infrastructure (PKI)
- ICT technology is advancing vary fast everyday. Therefore, today’s people are more frequently engaged with wireless/wireline communications and network. Obviously, information and data security became very important in order to establish trusted e-world.
 - Public-Key Infrastructure (PKI) – PKI is a framework that provides security services to an organization using public-key cryptography. These services are generally implemented across a networked environment, work in conjunction with client-side software, and can be customized by the organization implementing them. And all security services provide transparency
- Certification Authority (CA) – An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate. An authority trusted by one or more users to create and assign certificates. Certificate users depend on the validity of information provided by a certificate. Thus, a CA should be someone that certificate users trust. A CA is responsible for managing the life cycle of certificates and, depending on the type of certificate and the CPS that applies, may be responsible for the lifecycle of key pairs associated with the certificates.
- Certificate – Public-Key Certificate in one of the formats defined by X.509. This Certificate contains a sequence of data items and has a digital signature computed on that sequence by CA and associates the public key and its user.
- Encryption – Cryptographic transformation of data (called "plain text") into a different form (called "cipher text") that conceals the data's original meaning and prevents the original form from being used. The corresponding reverse process is "decryption", a transformation that restores encrypted data to its original form. A public-key certificate that contains a public key that is intended to be used for encrypting data, rather than for verifying digital signatures or performing other cryptographic functions. Private-key is used for decrypting data. Encrypting and decrypting data through the use of a public-private encryption key pair is known as asymmetric cryptography. The additional keys used for data security are known as symmetric keys. A symmetric key is used to both encrypt and decrypt data. Symmetric keys, then, are used for both encrypting and decrypting data.
- Digital Signatures – A value computed with a cryptographic algorithm and associated with a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. To achieve these properties, the data object is first input to a hash function, and then the hash result is cryptographically transformed using a private key of the signer. The final resulting value is called the digital signature of the data object. The signature value is a protected checksum, because the properties of a cryptographic hash ensure that if the data object is changed, the digital signature will no longer match it. The digital signature is unforgeable because one cannot be certain of correctly creating or changing the signature without knowing the private key of the supposed signer.
Certificate Security Goals • Confidentiality
Ensuring that only the intended party is able to read the information.
• Integrity
Ensuring that the information has not been modified.
• Availability
Ensuring information is always available as and when needed.
• Authorisation & Accountability
Access control to information and ensure responsibility
• Authenticity
Ensuring the identity of communicating party.
• Non –repudiation
Ensuring that a party cannot deny his/her involvement in a transaction.
• Privacy
Ensure identification & information used is kept private. Value Added Products: eDoc is an application for document security that enables any type of documents to be encrypted/decrypted using public key and private key embedded in digital certificates.
To use eDoc, both parties (sender and recipient) need to register and download the digital certificate and the application via Portal.
eDoc will assure that only authorized users can open the files forwarded to intended recipients.
Provide strong data protection security by using digital certificate for encryption/decryption
User friendly interface and support various international cryptography algorithms.
With eDoc, user is able to:
• Attach encrypted file or document via Microsoft Outlook/Exchange.
• Select any certificate(s) in the recipients list from LDAP. eDoc has a flexible grouping that similar to MS Outlook address book.
• Enables registered users to be familiarised with services by going through the online user guides and demo at their convenience.
• Manage and edit the grouping from the recipient list.
• To search certificate in LDAP.
• To save the encrypted document in any user selected drive and media.
- Secure Socket Layer (SSL) Certificate
SSL secures communication channel/link to ensure all data that pass between the web server and browser remains private and confidential.
• It caters for common web server such as Apache Tomcat and Ms Internet Information System (IIS).
• It provides a secured channel in two ways:
- Secured channel between client and server.
- Secured channel between server to server.
• The services provided by SSL are as follows:
- Cross certification.
- Data Encryption/Decryption.
- Digital Signature/Verification.
Web provides data encryption/decryption and digital signature between web and server.
• It ensures confidentiality for web application by encrypting and decrypting data to keep it secure on web transaction and support digital signature.
• User, client and server certificates are verified based on LDAP and CPS. Client certificate status is validate via Certificate Revocation List (CRL).
• To launch the program, user should run the ActiveX program that is distributed to client via web browser that includes Session Manager Module and Client API.
• The web server program consists of Server API. Each user's session key information are stored in user session.
• User authentication is a certificate-based login. First, user needs to select his/her certificate to be used during the secured exchanging Web session, then enters the certificate's password for identity validation.
eNet authenticates servers, and encrypts/decrypts transaction data in server to server environment. It can be applied to various operational environments without customizing. This product applies TLS and SSLv3.0 international standards.
To learn more on our PKI solution, please
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
. |
Product & Services 
