SlideShare a Scribd company logo

Public Digital Identity as a Service

Download as PPTX, PDF
PT Datacomm Diangraha
PT Datacomm Diangraha

Presentation during seminar open data & data integration challenge. Event with Swiss German University

Technology
1 of 37
Public Digital Identity as a Service Open Data & Integration Challenges Swiss Germen University Seminar Sutedjo Tjahjadi Oct 19 2019 1
Who is Datacomm? PT. Datacomm Diangraha 2
Datacomm Cloud Business Certified Infrastructure & Facilities 3 Local Support and Data center location 24x7 Help Desk Support Center 24x7 Network Support Center 24x7 Security Desk Support Center Rated 3 Constructed Facilities by TIA-942 CERTIFIED DCOS Maturity 4 by TIA-942 CERTIFIED ISO 9001:2008 CERTIFIED ISO 27001:2013 CERTIFIED ISO 20000:2011 CERTIFIED PCI-DSS CERTIFIED
Industry 4.0 & Open Data in Digital Era The Rich Landscape of Digital Experience Today 4Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo
Identity In Digital World Identity is required beyond individual 5 Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo Identity
Digital Identity Currently, identity providers span across several services: • National ID card or Passport • Banking credentials • Health card • E-Commerce identities • Social network accounts • Email account (private and corporate) Individuals today are used to having multiple digital identities 6Resource : Maxcode, Understanding digital identity
Digital Identity Definition How is Identity Acquire? 7 Individual preferences Favorite bands Taste of music Interests Acquired attributes Address Medical record Purchase history Inherent characteristics Date of birth Gender Nationality What does she/he like ? What did she/he do ? Where does she/he come from? Digital Identity The sum of all digitally available data about an individual, irrespective of its degree of validity its from or accesibility Resource : Maxcode, Understanding digital identity
Digital Identity A Digital Identity holds three main components 8Resource : Maxcode, Understanding digital identity Identification / Registration the process that allows an entity to obtain a digital identity Authentication the verification process of the identity’s attributes Authorization the process that allows an entity to use the digital identity in electronic transactions
Benefit Public Digital Identity as a Service 9Resource : Digital Identity Road Map Guide - ITU “A successfully implemented National Digital Identity Framework has the potential to introduce a wide range of benefits for the State and its citizens” Potential benefits for the users • Improving the convenience for users • Reducing costs of the access to services • Improving inclusions for citizens • Service delivery improvement • Reducing cost of service delivery • Improving security Potential benefits for the private sector • New revenue opportunities for public and private • Reducing cost of service delivery
Symmetric Cryptography • In Symmetric Cryptography, (aka Secret Key / Shared Key Cryptography) involves a single key to encrypt and decrypt data • This operation is much faster than asymmetric cryptography • Problems with using a symmetric key involve • Sharing key in a secure out-of-band channel • Key management and distribution among each communicating party (it’s unscalable for a HTTPS website to bootstrap and maintain a key individual to each guest/customer) 10Resource : Theo Gravity, Introduction to public key infrastructure A B C A B C *54%f *!N#) Plain text Plain textEncrypted Data Encrypt Decrypt Symmetric Key Use Use
Asymmetric Cryptography Two Keys 11Resource : Theo Gravity, Introduction to public key infrastructure In Asymmetric Cryptography, a pair of digital keys are used to encrypt and/or sign data. The keys are linked by a mathematical formula. Private key ○ Kept private to oneself Public key ○ Can be shared with anyone Public Key Private Key Key Generation
Asymmetric Cryptography How it works 12Resource : Theo Gravity, Introduction to public key infrastructure • You cannot use the same key to do the inverse operation in asymmetric encryption. The opposing key must be used to do the operation. • This means you cannot: • Encrypt data with public key, decrypt same data with public key • Encrypt data with private key, decrypt with same private key • Same situation with decrypting • Summary: • Encryption with private key, must use public key to do opposite • Encryption with public key must use private key to do opposite • hash of data + encryption w/ private key = signature Plain text Plain textCipher text Can't do this with same key in asymmetric encryption Pubic Key Private Key Encrypt DecryptSender Recipient
Asymmetric Cryptography Operations 13Resource : Digital Signature& PKI-Shubham Sharma Clear Text Clear Text Clear Text Clear Text Cipher text Encrypted Cipher text Encrypted Cipher text Encrypted Cipher text Encrypted Clear Text Clear Text Clear Text Clear Text Public Key Private Key Works ! Fails ! x x
Public Key Cryptography 14Resource : PKI Application - Nakov & Nedyalkov • Public-Key Cryptography is an encryption scheme that uses mathematically related, but not identical keys. • Each user has a key pair (public key/private key). • Information encrypted with the public key can only be decrypted using the private key. • Information encrypted with the public key can only be decrypted using the private key. Original Document Encryption Encrypted Document Decryption Original Document Sender Receiver %jdlg*463u&bj vkf@+$mjfjr^!!) 08^& %jdlg*463u&bj vkf@+$mjfjr^!!) 08^&
Public Key Infrastructure Public Key Infrastructure (PKI) describes the procedures and hardware/software infrastructure on how to store, issue, revoke certificates and manage public keys. 15Resource : Theo Gravity, Introduction to public key infrastructure Definition
Public Key Security EcoSystems 16Resource : PKI Application - Nakov & Nedyalkov PRIVACY AUTHENTICATION INTEGRITY NON-REPUDIATION Public key technology Digital certificates Certification Authorities Security Management • Public key technology best suite to solve business needs • Infrastructure = Certification Authorities Services Infrastructure Technology
Multiple Players Building Public Trust 17Resource : PKI Application - Nakov & Nedyalkov Registration Authority (RA) to identity proof users Certification Authorities (CA) to issue certificates and CRL’s Repositories (publicly available databases) to hold certificates and CRLs
What is a digital certificate? 18Resource : Theo Gravity, Introduction to public key infrastructure • Contains identifiers that identify an entity and ties ownership to a public key • These identifiers are called subjects • An example of a subject would be the Common Name (eg, viv.ai) in a certificate used for HTTPS • Contains the public key of the entity (the entity itself is assumed to have the private key) • Is issued by an entity • Can be used for encryption and verifying signatures (since it has the public key)
Think of a certificate as an ID card 19Resource : Theo Gravity, Introduction to public key infrastructure
What is Digital Signature ? To provide Authenticity, Integrity and Non-repudiation to electronic documents 20Resource : Digital Signature& PKI-Shubham Sharma Digital code attached to an electronically transmitted document to verify its contents and the sender's identity. Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document.
Signed Messages 21Resource : Digital Signature& PKI-Shubham Sharma Message Message + Signature Hash SIGN hash With Sender’s Private key Calculated Hash Message + Signature COMPARE Hash Decrypt signature with Sender’s public key Signed Message Sent Thru’ Internet Sender Receiver If OK Signatures verified
Signed Messages Signing & Verification 22 Resource : Digital Signature& PKI-Shubham Sharma Data Hash Signature Digitally signed data Hash function 101100110101 Encrypt hash using signer’s private key 111101101110 Certificate Attach to data Digitally signed data Data Signature 111101101110 Hash Function Hash 101100110101 Decrypt Using Signer’s Public key Hash 101100110101 = ? If the hashes are equal, the signature is valid
Authentication Technologies Public Key Infrastructure – Digital Signatures 23Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo User Certificate Authority Registration Authority Verification Verifier • Certificate Authority - A Certificate Authority issues a digital certificate to an entity. The issued digital certificate is signed with the private key of the CA, so that it is not tampered with. When a host gets a digital certificate of another host, it checks with the corresponding CA to make sure it is an authentic one. • Registration Authority - When an entity requests for a digital certificate, the Registration Authority verifies the identity of the entity to make sure the digital certificate is not mis-issued. • Central Directory - A Central Directory is a central location where public keys are stored and indexed, so that they can be retrieved at the time of verification of digital certificates. • Certificate Management System - A Certificate Management System manages access to stored certificates and the delivery of the certificates to be issued. • Certificate Policy - It consists of policies of digital certificates.
Authentication Protocol 24Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • OAuth 2.0 enables applications to access resources on behalf of a specific user. This is why the OAuth protocol has a resource server — a policy enforcement point that is likely either an API gateway or a reverse-proxy Web access management (WAM) system. • The OAuth access and resource servers work in concert to provide access to resources via a scope (see the Scopes section) entitlement request by the application. • Connect is about authentication — providing an ID Token for interoperable acceto cross- domain relying. • The Connect protocol leaves the policy enforcement to the relying party — juslike SAML does. • Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains. • SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. • SAML 2.0 enables web-based authentication and authorization scenarios including cross- domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.
Conclusion Privacy, Consent & Control Compliance & Regulation Cost & Risk Technology (IOT, Mobility, AI) Interoperability Cyber & Digital Security Public Digital Identity as a Service 25
Certification Authority (CA) 27Resource : PKI Application - Nakov & Nedyalkov Certification Authority Trusted (third) party Enrolls and validtaes subscribers Manages revocation and renewal of certificaties Establishes policies & prcedures What's Important Operational experience High assurance security architecture Scalability Flexibility Interoperability Outsource vs inhouse Trustworthiness Certification Authority = Basis of Trust
Registration Authority (RA) 28Resource : PKI Application - Nakov & Nedyalkov Enrolling, de- enrolling, and approving or rejecting requested changes to the certificate attributes of subscribers. Validating certificate applications. Authorizing requests for key-pair or certificate generation and requests for the recovery backed-up keys. Accepting and authorizing requests for certificate revocation or suspension. Physically distributing personal tokens to recovering obsolete tokens from people authorized to hold and use them.
Certificate Policy (CP) is … 29Resource : PKI Application - Nakov & Nedyalkov the basis for trust between unrelated entities not a formal "contract" (but implied) a framework that both informs and constrains a PKI implementation a statement of what a certificate means a set of rules for certificate holders a way of giving advice to relying parties
Symmetric/Asymmetric Encryption 30Resource : Digital Signature& PKI-Shubham Sharma Symmetric encryption uses the identical key to both encrypt and decrypt the data. Plain text-Input Plain text-outputCipher text Encryption Decryption Same Key (Share secret) "The quick brown fox umps over the lazy dog" "The quick brown fox umps over the lazy dog" "*hfduv&^%)jdjvj@jd me!#8em%"
Asymmetric 31Resource : Digital Signature& PKI-Shubham Sharma Two related keys (public and private) for data encryption and decryption. The private key is never exposed. Takes away the security risk of key sharing.
Authentication Technologies Block Chain & Digital Signature 32Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • Usually a digital signature is made using the private key of the owner. Whoever wants to verify the signature can do so using the corresponding public key. • Suppose a company wants to accept Bitcoins for its trades. Now, because of security reasons, the company would not want that only a single employee will have access to the company’s Bitcoin wallet's password. Any transaction should need approval from more than one employees of the company. A multisignature Address is created for that purpose.
Authentication Technologies Block Chain & Digital Signature …… (continued) 33Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • A multi-signature address is an address associated with more than one Elliptic Curve Digital Signature Algorithm (ECDSA) private keys. So, in an m-of-n address, when a Bitcoin address is generated, it is associated with n private keys. And, at least m private keys will be required to make a transaction possible. • This concept can be used in making digital signatures. One can create a multi-signature m-of- n address using n private keys and use that to record digital signature of documents in a blockchain. Anyone can verify the digital signature using public keys, but to make the digital signature one would need at least m private keys, out f n private keys associated with the multi-signature address.
Authentication Technologies Block Chain, How a blockchain works 34 Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo The block is broadcast to every party in the network ? ? ? ? A wants to send money to B1 The transaction is represente online as a "block" 2 3 Those in the network approve the transaction is valid 4 The block then can be added to the chain, which provides an indelible and transparent record of transactions 5 The money moves from A to B 6
What is a Digital Signature ? 35Resource : PKI Application - Nakov & Nedyalkov A Digital Signature is the result of encrypting the Hash of the data to be exchanged. A Hash (or Message Digest) is the process of mathematically reducing a data stream down to a fixed length field. The Hash uniquely represents the original data. The probability of producing the same Hash with two sets of different data is <.001%. Signature Process is opposite to Encryption Process Private Key is used to Sign (encrypt) Data Public Key is used to verify (decrypt) Signature
Digital Signature Process 36Resource : PKI Application - Nakov & Nedyalkov Step 1– Hash (digest) the data using one of the supported Hashing algorithms, e.g., MD2, MD5, or SHA-1. Step 2- Encrypt the hashed data using the sender’s private key. Step 3- Append the signature (and a copy of the sender’s public key) to the end of the data that was signed DATA Digital Signature Public Step 1 Hash Hash Step 2 Encrypt Private Digital Signature Step 3
Signature Verification Process 37Resource : PKI Application - Nakov & Nedyalkov • Step 1. Hash the original data using the same hashing algorithm. • Step 2. Decrypt the digital signature using the sender’s public key. All digital signatures contain a copy of the signer’s public key. • Step 3. Compare the results of the hashing and the decryption. If the values match then the signature is verified. If the values do not match, then the data or signature was probably modified in transit. Step 1 Step 2 Hash Decrypt Public Key Hash Hash Step 3 DATA Digital Signature

Recommended

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 

Recommended

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityKevin Cedeño, CISM, CISA
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificatesNetri Chowdhary
 
Cryptography
CryptographyCryptography
CryptographyTanviGogri
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Gokul Alex
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 

More Related Content

What's hot

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityKevin Cedeño, CISM, CISA
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Gokul Alex
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 

What's hot (20)

Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
The Blockchain and the Future of Cybersecurity
The Blockchain and the Future of CybersecurityThe Blockchain and the Future of Cybersecurity
The Blockchain and the Future of Cybersecurity
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
SSl and certificates
SSl and certificatesSSl and certificates
SSl and certificates
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
 
Digital signature
Digital signatureDigital signature
Digital signature
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 

Similar to Public Digital Identity as a Service

Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
Block chains and crypto currencies - introduction
Block chains and crypto currencies - introductionBlock chains and crypto currencies - introduction
Block chains and crypto currencies - introductionInitio
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)Zara Nawaz
 
Dsdt meetup july2018
Dsdt meetup july2018Dsdt meetup july2018
Dsdt meetup july2018JDA Labs MTL
 
DSDT Meetup July 2018
DSDT Meetup July 2018DSDT Meetup July 2018
DSDT Meetup July 2018DSDT_MTL
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersMukesh Singh
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themMuhammedYaseen39
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)Pace IT at Edmonds Community College
 

Similar to Public Digital Identity as a Service (20)

Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Block chains and crypto currencies - introduction
Block chains and crypto currencies - introductionBlock chains and crypto currencies - introduction
Block chains and crypto currencies - introduction
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)
 
Dsdt meetup july2018
Dsdt meetup july2018Dsdt meetup july2018
Dsdt meetup july2018
 
DSDT Meetup July 2018
DSDT Meetup July 2018DSDT Meetup July 2018
DSDT Meetup July 2018
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing them
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
 

More from PT Datacomm Diangraha

Start Your Cloud Native Journey with Containerization
Start Your Cloud Native Journey with ContainerizationStart Your Cloud Native Journey with Containerization
Start Your Cloud Native Journey with ContainerizationPT Datacomm Diangraha
 
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...PT Datacomm Diangraha
 
Sutedjo - Digital Transformation for SAP
Sutedjo - Digital Transformation for SAPSutedjo - Digital Transformation for SAP
Sutedjo - Digital Transformation for SAPPT Datacomm Diangraha
 
Nam Khong - SAP on Cloud for Your Intelligent Enterprise
Nam Khong - SAP on Cloud for Your Intelligent EnterpriseNam Khong - SAP on Cloud for Your Intelligent Enterprise
Nam Khong - SAP on Cloud for Your Intelligent EnterprisePT Datacomm Diangraha
 
Micro services container - Nam Khong
Micro services container - Nam KhongMicro services container - Nam Khong
Micro services container - Nam KhongPT Datacomm Diangraha
 
Kubernetes Benefits - Sutedjo Tjahjadi
Kubernetes Benefits - Sutedjo TjahjadiKubernetes Benefits - Sutedjo Tjahjadi
Kubernetes Benefits - Sutedjo TjahjadiPT Datacomm Diangraha
 
OCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes LaunchOCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes LaunchPT Datacomm Diangraha
 
Cloud computing for making indonesia 4.0
Cloud computing for making indonesia 4.0 Cloud computing for making indonesia 4.0
Cloud computing for making indonesia 4.0 PT Datacomm Diangraha
 
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and StandardDisaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and StandardPT Datacomm Diangraha
 

More from PT Datacomm Diangraha (20)

Openshift Workshop
Openshift Workshop Openshift Workshop
Openshift Workshop
 
Start Your Cloud Native Journey with Containerization
Start Your Cloud Native Journey with ContainerizationStart Your Cloud Native Journey with Containerization
Start Your Cloud Native Journey with Containerization
 
Disaster Recovery Cook Book
Disaster Recovery Cook BookDisaster Recovery Cook Book
Disaster Recovery Cook Book
 
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
 
Sutedjo - open banking may 27, 2021
Sutedjo - open banking may 27, 2021Sutedjo - open banking may 27, 2021
Sutedjo - open banking may 27, 2021
 
Darwin - PT IMI
Darwin - PT IMIDarwin - PT IMI
Darwin - PT IMI
 
Sutedjo - Introduction to Cloud
Sutedjo - Introduction to CloudSutedjo - Introduction to Cloud
Sutedjo - Introduction to Cloud
 
Aditya - Connecting Future
Aditya - Connecting FutureAditya - Connecting Future
Aditya - Connecting Future
 
Wiranto
WirantoWiranto
Wiranto
 
Sutedjo - Digital Transformation for SAP
Sutedjo - Digital Transformation for SAPSutedjo - Digital Transformation for SAP
Sutedjo - Digital Transformation for SAP
 
Nam Khong - SAP on Cloud for Your Intelligent Enterprise
Nam Khong - SAP on Cloud for Your Intelligent EnterpriseNam Khong - SAP on Cloud for Your Intelligent Enterprise
Nam Khong - SAP on Cloud for Your Intelligent Enterprise
 
Micro services container - Nam Khong
Micro services container - Nam KhongMicro services container - Nam Khong
Micro services container - Nam Khong
 
Kubernetes Benefits - Sutedjo Tjahjadi
Kubernetes Benefits - Sutedjo TjahjadiKubernetes Benefits - Sutedjo Tjahjadi
Kubernetes Benefits - Sutedjo Tjahjadi
 
OCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes LaunchOCP Datacomm RedHat - Kubernetes Launch
OCP Datacomm RedHat - Kubernetes Launch
 
Cloud computing for making indonesia 4.0
Cloud computing for making indonesia 4.0 Cloud computing for making indonesia 4.0
Cloud computing for making indonesia 4.0
 
Cloud technology for hospitality
Cloud technology for hospitalityCloud technology for hospitality
Cloud technology for hospitality
 
Why build sap on cloud
Why build sap on cloudWhy build sap on cloud
Why build sap on cloud
 
Sap migration to cloud
Sap migration to cloudSap migration to cloud
Sap migration to cloud
 
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and StandardDisaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
 
Hot Disaster Recovery Using Zerto
Hot Disaster Recovery Using ZertoHot Disaster Recovery Using Zerto
Hot Disaster Recovery Using Zerto
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Public Digital Identity as a Service

  • 1. Public Digital Identity as a Service Open Data & Integration Challenges Swiss Germen University Seminar Sutedjo Tjahjadi Oct 19 2019 1
  • 2. Who is Datacomm? PT. Datacomm Diangraha 2
  • 3. Datacomm Cloud Business Certified Infrastructure & Facilities 3 Local Support and Data center location 24x7 Help Desk Support Center 24x7 Network Support Center 24x7 Security Desk Support Center Rated 3 Constructed Facilities by TIA-942 CERTIFIED DCOS Maturity 4 by TIA-942 CERTIFIED ISO 9001:2008 CERTIFIED ISO 27001:2013 CERTIFIED ISO 20000:2011 CERTIFIED PCI-DSS CERTIFIED
  • 4. Industry 4.0 & Open Data in Digital Era The Rich Landscape of Digital Experience Today 4Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo
  • 5. Identity In Digital World Identity is required beyond individual 5 Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo Identity
  • 6. Digital Identity Currently, identity providers span across several services: • National ID card or Passport • Banking credentials • Health card • E-Commerce identities • Social network accounts • Email account (private and corporate) Individuals today are used to having multiple digital identities 6Resource : Maxcode, Understanding digital identity
  • 7. Digital Identity Definition How is Identity Acquire? 7 Individual preferences Favorite bands Taste of music Interests Acquired attributes Address Medical record Purchase history Inherent characteristics Date of birth Gender Nationality What does she/he like ? What did she/he do ? Where does she/he come from? Digital Identity The sum of all digitally available data about an individual, irrespective of its degree of validity its from or accesibility Resource : Maxcode, Understanding digital identity
  • 8. Digital Identity A Digital Identity holds three main components 8Resource : Maxcode, Understanding digital identity Identification / Registration the process that allows an entity to obtain a digital identity Authentication the verification process of the identity’s attributes Authorization the process that allows an entity to use the digital identity in electronic transactions
  • 9. Benefit Public Digital Identity as a Service 9Resource : Digital Identity Road Map Guide - ITU “A successfully implemented National Digital Identity Framework has the potential to introduce a wide range of benefits for the State and its citizens” Potential benefits for the users • Improving the convenience for users • Reducing costs of the access to services • Improving inclusions for citizens • Service delivery improvement • Reducing cost of service delivery • Improving security Potential benefits for the private sector • New revenue opportunities for public and private • Reducing cost of service delivery
  • 10. Symmetric Cryptography • In Symmetric Cryptography, (aka Secret Key / Shared Key Cryptography) involves a single key to encrypt and decrypt data • This operation is much faster than asymmetric cryptography • Problems with using a symmetric key involve • Sharing key in a secure out-of-band channel • Key management and distribution among each communicating party (it’s unscalable for a HTTPS website to bootstrap and maintain a key individual to each guest/customer) 10Resource : Theo Gravity, Introduction to public key infrastructure A B C A B C *54%f *!N#) Plain text Plain textEncrypted Data Encrypt Decrypt Symmetric Key Use Use
  • 11. Asymmetric Cryptography Two Keys 11Resource : Theo Gravity, Introduction to public key infrastructure In Asymmetric Cryptography, a pair of digital keys are used to encrypt and/or sign data. The keys are linked by a mathematical formula. Private key ○ Kept private to oneself Public key ○ Can be shared with anyone Public Key Private Key Key Generation
  • 12. Asymmetric Cryptography How it works 12Resource : Theo Gravity, Introduction to public key infrastructure • You cannot use the same key to do the inverse operation in asymmetric encryption. The opposing key must be used to do the operation. • This means you cannot: • Encrypt data with public key, decrypt same data with public key • Encrypt data with private key, decrypt with same private key • Same situation with decrypting • Summary: • Encryption with private key, must use public key to do opposite • Encryption with public key must use private key to do opposite • hash of data + encryption w/ private key = signature Plain text Plain textCipher text Can't do this with same key in asymmetric encryption Pubic Key Private Key Encrypt DecryptSender Recipient
  • 13. Asymmetric Cryptography Operations 13Resource : Digital Signature& PKI-Shubham Sharma Clear Text Clear Text Clear Text Clear Text Cipher text Encrypted Cipher text Encrypted Cipher text Encrypted Cipher text Encrypted Clear Text Clear Text Clear Text Clear Text Public Key Private Key Works ! Fails ! x x
  • 14. Public Key Cryptography 14Resource : PKI Application - Nakov & Nedyalkov • Public-Key Cryptography is an encryption scheme that uses mathematically related, but not identical keys. • Each user has a key pair (public key/private key). • Information encrypted with the public key can only be decrypted using the private key. • Information encrypted with the public key can only be decrypted using the private key. Original Document Encryption Encrypted Document Decryption Original Document Sender Receiver %jdlg*463u&bj vkf@+$mjfjr^!!) 08^& %jdlg*463u&bj vkf@+$mjfjr^!!) 08^&
  • 15. Public Key Infrastructure Public Key Infrastructure (PKI) describes the procedures and hardware/software infrastructure on how to store, issue, revoke certificates and manage public keys. 15Resource : Theo Gravity, Introduction to public key infrastructure Definition
  • 16. Public Key Security EcoSystems 16Resource : PKI Application - Nakov & Nedyalkov PRIVACY AUTHENTICATION INTEGRITY NON-REPUDIATION Public key technology Digital certificates Certification Authorities Security Management • Public key technology best suite to solve business needs • Infrastructure = Certification Authorities Services Infrastructure Technology
  • 17. Multiple Players Building Public Trust 17Resource : PKI Application - Nakov & Nedyalkov Registration Authority (RA) to identity proof users Certification Authorities (CA) to issue certificates and CRL’s Repositories (publicly available databases) to hold certificates and CRLs
  • 18. What is a digital certificate? 18Resource : Theo Gravity, Introduction to public key infrastructure • Contains identifiers that identify an entity and ties ownership to a public key • These identifiers are called subjects • An example of a subject would be the Common Name (eg, viv.ai) in a certificate used for HTTPS • Contains the public key of the entity (the entity itself is assumed to have the private key) • Is issued by an entity • Can be used for encryption and verifying signatures (since it has the public key)
  • 19. Think of a certificate as an ID card 19Resource : Theo Gravity, Introduction to public key infrastructure
  • 20. What is Digital Signature ? To provide Authenticity, Integrity and Non-repudiation to electronic documents 20Resource : Digital Signature& PKI-Shubham Sharma Digital code attached to an electronically transmitted document to verify its contents and the sender's identity. Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document.
  • 21. Signed Messages 21Resource : Digital Signature& PKI-Shubham Sharma Message Message + Signature Hash SIGN hash With Sender’s Private key Calculated Hash Message + Signature COMPARE Hash Decrypt signature with Sender’s public key Signed Message Sent Thru’ Internet Sender Receiver If OK Signatures verified
  • 22. Signed Messages Signing & Verification 22 Resource : Digital Signature& PKI-Shubham Sharma Data Hash Signature Digitally signed data Hash function 101100110101 Encrypt hash using signer’s private key 111101101110 Certificate Attach to data Digitally signed data Data Signature 111101101110 Hash Function Hash 101100110101 Decrypt Using Signer’s Public key Hash 101100110101 = ? If the hashes are equal, the signature is valid
  • 23. Authentication Technologies Public Key Infrastructure – Digital Signatures 23Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo User Certificate Authority Registration Authority Verification Verifier • Certificate Authority - A Certificate Authority issues a digital certificate to an entity. The issued digital certificate is signed with the private key of the CA, so that it is not tampered with. When a host gets a digital certificate of another host, it checks with the corresponding CA to make sure it is an authentic one. • Registration Authority - When an entity requests for a digital certificate, the Registration Authority verifies the identity of the entity to make sure the digital certificate is not mis-issued. • Central Directory - A Central Directory is a central location where public keys are stored and indexed, so that they can be retrieved at the time of verification of digital certificates. • Certificate Management System - A Certificate Management System manages access to stored certificates and the delivery of the certificates to be issued. • Certificate Policy - It consists of policies of digital certificates.
  • 24. Authentication Protocol 24Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • OAuth 2.0 enables applications to access resources on behalf of a specific user. This is why the OAuth protocol has a resource server — a policy enforcement point that is likely either an API gateway or a reverse-proxy Web access management (WAM) system. • The OAuth access and resource servers work in concert to provide access to resources via a scope (see the Scopes section) entitlement request by the application. • Connect is about authentication — providing an ID Token for interoperable acceto cross- domain relying. • The Connect protocol leaves the policy enforcement to the relying party — juslike SAML does. • Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains. • SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. • SAML 2.0 enables web-based authentication and authorization scenarios including cross- domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.
  • 25. Conclusion Privacy, Consent & Control Compliance & Regulation Cost & Risk Technology (IOT, Mobility, AI) Interoperability Cyber & Digital Security Public Digital Identity as a Service 25
  • 26.
  • 27. Certification Authority (CA) 27Resource : PKI Application - Nakov & Nedyalkov Certification Authority Trusted (third) party Enrolls and validtaes subscribers Manages revocation and renewal of certificaties Establishes policies & prcedures What's Important Operational experience High assurance security architecture Scalability Flexibility Interoperability Outsource vs inhouse Trustworthiness Certification Authority = Basis of Trust
  • 28. Registration Authority (RA) 28Resource : PKI Application - Nakov & Nedyalkov Enrolling, de- enrolling, and approving or rejecting requested changes to the certificate attributes of subscribers. Validating certificate applications. Authorizing requests for key-pair or certificate generation and requests for the recovery backed-up keys. Accepting and authorizing requests for certificate revocation or suspension. Physically distributing personal tokens to recovering obsolete tokens from people authorized to hold and use them.
  • 29. Certificate Policy (CP) is … 29Resource : PKI Application - Nakov & Nedyalkov the basis for trust between unrelated entities not a formal "contract" (but implied) a framework that both informs and constrains a PKI implementation a statement of what a certificate means a set of rules for certificate holders a way of giving advice to relying parties
  • 30. Symmetric/Asymmetric Encryption 30Resource : Digital Signature& PKI-Shubham Sharma Symmetric encryption uses the identical key to both encrypt and decrypt the data. Plain text-Input Plain text-outputCipher text Encryption Decryption Same Key (Share secret) "The quick brown fox umps over the lazy dog" "The quick brown fox umps over the lazy dog" "*hfduv&^%)jdjvj@jd me!#8em%"
  • 31. Asymmetric 31Resource : Digital Signature& PKI-Shubham Sharma Two related keys (public and private) for data encryption and decryption. The private key is never exposed. Takes away the security risk of key sharing.
  • 32. Authentication Technologies Block Chain & Digital Signature 32Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • Usually a digital signature is made using the private key of the owner. Whoever wants to verify the signature can do so using the corresponding public key. • Suppose a company wants to accept Bitcoins for its trades. Now, because of security reasons, the company would not want that only a single employee will have access to the company’s Bitcoin wallet's password. Any transaction should need approval from more than one employees of the company. A multisignature Address is created for that purpose.
  • 33. Authentication Technologies Block Chain & Digital Signature …… (continued) 33Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo • A multi-signature address is an address associated with more than one Elliptic Curve Digital Signature Algorithm (ECDSA) private keys. So, in an m-of-n address, when a Bitcoin address is generated, it is associated with n private keys. And, at least m private keys will be required to make a transaction possible. • This concept can be used in making digital signatures. One can create a multi-signature m-of- n address using n private keys and use that to record digital signature of documents in a blockchain. Anyone can verify the digital signature using public keys, but to make the digital signature one would need at least m private keys, out f n private keys associated with the multi-signature address.
  • 34. Authentication Technologies Block Chain, How a blockchain works 34 Resource : Development of Digital Identity Systems - Maganathin Marcus Veeraragaloo The block is broadcast to every party in the network ? ? ? ? A wants to send money to B1 The transaction is represente online as a "block" 2 3 Those in the network approve the transaction is valid 4 The block then can be added to the chain, which provides an indelible and transparent record of transactions 5 The money moves from A to B 6
  • 35. What is a Digital Signature ? 35Resource : PKI Application - Nakov & Nedyalkov A Digital Signature is the result of encrypting the Hash of the data to be exchanged. A Hash (or Message Digest) is the process of mathematically reducing a data stream down to a fixed length field. The Hash uniquely represents the original data. The probability of producing the same Hash with two sets of different data is <.001%. Signature Process is opposite to Encryption Process Private Key is used to Sign (encrypt) Data Public Key is used to verify (decrypt) Signature
  • 36. Digital Signature Process 36Resource : PKI Application - Nakov & Nedyalkov Step 1– Hash (digest) the data using one of the supported Hashing algorithms, e.g., MD2, MD5, or SHA-1. Step 2- Encrypt the hashed data using the sender’s private key. Step 3- Append the signature (and a copy of the sender’s public key) to the end of the data that was signed DATA Digital Signature Public Step 1 Hash Hash Step 2 Encrypt Private Digital Signature Step 3
  • 37. Signature Verification Process 37Resource : PKI Application - Nakov & Nedyalkov • Step 1. Hash the original data using the same hashing algorithm. • Step 2. Decrypt the digital signature using the sender’s public key. All digital signatures contain a copy of the signer’s public key. • Step 3. Compare the results of the hashing and the decryption. If the values match then the signature is verified. If the values do not match, then the data or signature was probably modified in transit. Step 1 Step 2 Hash Decrypt Public Key Hash Hash Step 3 DATA Digital Signature

Editor's Notes

  1. This is the first page. You can change the text into anything that suit your need.
  2. Who Is Datacomm Local, private company which committed to build robust digital infrastructure to usher Indonesia toward the digital economy. Two primary business of datacomm include infrastructure manage service to Indonesian largest telecommunication operators (Telkom, Telkomsel, Indosat, Lintasarta) and Cloud Services. Why Datacomm? We are backed up by +29 years experiences and +500 people which primarily technical and engineer team that own the wide spectrum of IT expertise, network, security, system application, operation, project management, datacenter and consulting. In the cloud area, we manage cloud service provider, with hybrid/multicloud differentiation in enterprise, secure, local.