Smart Card and Strong Cryptography for instant security
1.
2. OKsystem – brief introduction
Motto: software with a greater intelligence
Since 1990, 4 co-owners 200+ employees
Headquarters in Prague, offices in Brno, NYC
25+ mil. USD annualy
Top 100 Czech, Stability Award AAA
4. Security from one source
We have all components for instant strong cryptography and smart card
deployment from one source:
• BABEL – mobile application for transparent encryption of text messages
• OKsmart – software for easy and transparent smart card usage
– Smart card applets
– Smart card middleware
– Personal web based Card Manager
• OKbase - enterprise java system with plug-in management modules:
– Card management system
– Key management system
– Certificate management
• Software development – from mobile to enterprise systems with strong
security concept based on integration of strong cryptography to
applications
• Smart cards – contact, contactless, combined (hybrid or dual chip)
5. BABEL – it's new and unique
Babel is an iPhone messaging app which allows
you to use your cell phone to exchange
encrypted text messages and iMessages.
7. How it works
BABEL uses proven and standard algorithms for strong
cryptography - AES for message encryption
and Diffie-Hellman for cryptographic keys agreement.
Messages are encrypted not only during transmission but
also in the phone memory. All communication, including
key agreement, can be intercepted without any fear or
risk of potential decryption.
Users do not have to remember any new passwords or
keys, or buy and use digital certificates. Application is
simple, intuitive and uses a standard iOS service for
Contacts and Messages.
Android version is being finalized.
8. Strong cryptography
Strong cryptography exploits encryption algorithms that are highly resistant
to cryptoanalysis and systematic attacks in theory and practice. Well known
and widely used algorithms (RSA, ECC, AES…) are public and proven for years,
and do not contains any hidden secret or backdoors.
• All secrets are concentrated in secret/private keys.
• Without key nobody (younger sister, NSA, Mossad, FSB, …) will decrypt
cyphertext
Every secret forms a weak point, because there is always the risk of being
compromised or lost. Cryptography keys are fundamental and irremovable
weak point of strong cryptography and thus require very special handling.
Keys must be securely generated, stored and used – smart cards should be
used here - your smartphone is not a security device!
Keys must be securely archived in appropriate Key Management System -
there is no other recovery when secret key is corrupt or lost!
9. Smart cards
Smart card is cheap and secure crypto-computer in your pocket.
Smart chip is designed and certified for high security and resistant
against many types of attack. Smart chip can be embedded in various
form factors -credit card size, SIM card size, USB dongle. Smart card
can communicate optionally with contact or contactless
reader, including NFC.
It can deliver security services to master system:
True Random Number Generator for Key generation
Cryptography with secret key –3DES, AES
Asymmetric (public) key cryptography
File system with access control
PIN and admin key authentication
Smart card services are provided by downloadable applets.
10. Smart card security Framework
Smart card is access token to information and communication
system. Smart card can easily bring high security to everyday IT
tasks.
Logical access and authentication
• 802.1x LAN port authentication
• 802.1x wifi authentication
• Smart card logon
• Terminal server authentication
• Web SSL/TLS client authentication
• Legacy password based authentication (smart card & PIN)
Encryption for privacy
• S/Mime e-mail encryption
• File/folder encryption
• Disk encryption
Digital signature and integrity check
• S/Mime e-mail signature
• MS Office suite
• Adobe Acrobat/Reader
12. OKsmart
Smart card middleware
Middleware is system software, that allows host OS
and applications to communicate with cards and
use card services.
OKsmart middleware connects smart cards
powered by OKsmart applets to most popular OS-
MS Windows and MAC OS-X.
Operating system and applications together with
OKsmart seamlessly uses smart card for secure
cryptographic operations – authentication,
encryption and digital signature.
13. OKbase card Management System
OKbase CMS is software for complete smart card life cycle
management. Card deployment for company or its customers
never has been so easy and affordable. Personalization profiles
and ready-made scripts manage all complex tasks for operator.
OKbase CMS performs all card issuance services:
Applet loading (= on card software installation)
Card personalization
• Card body print
• Contact chip
• Contactless chip
OKbase CMS provides daily card life cycle support:
Card activation, deactivation, reactivation, revocation, termination
PIN management
14. OKbase Key Management System
OKbase KMS is software for cryptographic key generation and
life cycle management. KMS is essential when any encryption
take place with or without smart cards.
Basic OKbase KMS functions include:
Cryptography grade random key generation
Secure key archiving for generated or imported keys
Key restore when two or more security officers puts together
restore key
Key activation, deactivation, destruction
OKbaseKMS exploits secure HSM or smart card for key
encryption. Encrypted keys are securely stored in SQL database.
15. OKbase Certificate Management
Digital certificates are core components of PKI systems. A
certificate provides your digital identity to digital documents
and electronic services on the Internet. Companies should
manage certificates for their employees.
OKbase Certificate Management takes care for
complete certificate life cycle, namely:
Certificate requests
Certificate enrolment
Certificate revocation
Certificate archiving
16. Use software with strong cryptography.
Be secure. Remain private. Keep them confused.
Ivo Rosol
Software Development Director
www.oksystem.com