The many applications of digital certificates€¦ · Downloading software 4. Sending email 5....
Transcript of The many applications of digital certificates€¦ · Downloading software 4. Sending email 5....
![Page 1: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/1.jpg)
The many applicationsof digital certificates
Digital certificates appear in many unexpected places.This session discovers them, and explains their variousfunctions in terms accessible to ordinary users. Added-
value of encryption over mere log-ins, the future ofpasswords.
![Page 2: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/2.jpg)
DisclaimerThis presentation will be about technologyfrom a socio-economic persepective. Formathematical details of cryptography,please see the recent German presentationof my colleague Guenter Waller,http://www.pc-treff-bb.de/Vortraege/Zertifikate.pdf
You will find clickable links to the currentpresentation on my www.thomasruddy.eu
![Page 4: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/4.jpg)
Theses
• Cryptography developed through militaryapplications like Enigma encryption.– Encryption needs authentication.
• We live in states based on law and order.• The integrity of society relies on ID management.• ID mgmt can make contracts non-repudiable.• Blockchain may make contracts self- executable.• We are under threat from corporations taking
over ID mgmt for a society that is valuingconvenience over data security.
![Page 6: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/6.jpg)
Authentication
Creating a CHF, source:https://en.wikipedia.org/wiki/Crypto-graphic_hash_function
Verifyingauthentic-ity ofdown-loadedsoftware
![Page 7: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/7.jpg)
Digital fingerprint
“Fingerprints are created byapplying a cryptographichash function to a publickey. ”https://en.wikipedia.org/wiki/Public_key_fingerprintPhoto credit: Author Saurabh R.Patilon Wikimedia
![Page 8: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/8.jpg)
Basic uses of certificates
1. Logging-in to Websites2. Securing one’s own Websites3. Downloading software4. Sending email5. Signing documents6. Using certificates instead of passwords7. Long-term document preservation (PDF/A,
https://www.pdfa.org/topics/)
![Page 9: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/9.jpg)
http://youbroketheinternet.org/9
![Page 11: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/11.jpg)
The Future of Digital Identity
The MyData GlobalNetwork organized by
Finns mydata.org
Mydex.org and Qiy /Sovrin / blockchain ledger(recommend Vigna/CaseyAge of Cryptocurency)
Getting beyond Google/Facebook passwords
![Page 12: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/12.jpg)
Document signing madeconvenient
• www.signinghub.com claim: “Expert inhigh-trust, Advanced & Qualified ElectronicSignatures, Turnkey solution providing both localand remote signing plus a built-in complete PKIsystem”
• docusign.com is competitor offering fewerfeatures
• Some solutions collect user profiles (viasurveillance techniques) to secure IDs.
• Keybase.io is little project also centralizingindicators of one’s ID, but less invasively.
![Page 13: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/13.jpg)
SaaS in the Cloud
• Currently 81 entries for identity-access-
mgmt,
https://azuremarketplace.microsoft.com
• Salesforce, SAP, Citrix
• Axciom -- recent breach!
• Adobe Document Cloud, Adobe Sign,
https://acrobat.adobe.com/us/en/sign.ht
ml
![Page 14: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/14.jpg)
Trust frameworks in law
Identity systems have their ownrules, which fit into their respectivetrust frameworks. The later fallunder general ID mgmt law, whichin turn comprises part of generalcommercial law.Source: Makaay, Esther / Tom Smedinghoff / DonThibeau (2017): “Trust Frameworks: Their CriticalRole in Critical Role in Governing Identity Systems”,http://www.openidentityexchange.org/wp-content/uploads/2017/06/OIX-White-Paper_Trust-Frameworks-for-Identity-Systems_Final.pdf
![Page 15: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/15.jpg)
Historical development of ID
paradigms• Phase One: Centralized Identity (administrative
control by a single authority or hierarchy)
• Phase Two: Federated Identity (administrative
control by multiple, federated authorities)
• Phase Three: User-Centric Identity (individual or
administrative control across multiple authorities
without requiring a federation, vs. server-centric)
• Phase Four: Self-Sovereign Identity (individual
control across any number of authorities) - the
Blockchain, e.g.
![Page 16: The many applications of digital certificates€¦ · Downloading software 4. Sending email 5. Signing documents 6. Using certificates instead of passwords 7. Long-term document preservation](https://reader033.fdocuments.net/reader033/viewer/2022051811/601de60bbcd68c779a763345/html5/thumbnails/16.jpg)
World’s largest ID program
India is registering one billion citizensSupreme court has ruled in favour of citizenprivacy
World Bank has a program,www.worldbank.org/en/programs/id4d
Understanding digital certificates is useful, andapplying them manually is possible. However,big companies are offering mainstream signingsolutions with greater convenience for a largerpublic.
16