Overview:

This study note will give you a short information on smart cards, cryptography, PKI, Certificates, CA, CRL, Kerberos and more.

Smart Cards:

The term smart card has been used to describe a class of credit card-sized devices with varying capabilities: stored-value cards, contact-less cards, and integrated circuit cards (ICC). All of these cards differ in functionality from each other and from the more familiar magnetic-stripe cards used by standard credit, debit, and ATM cards. It is the ICC that is of most interest to the personal computer, because it is able to perform more sophisticated operations such as digital signature and key exchange. A smart card is essentially a miniature computer, embedded in plastic in the form of a credit card, with limited storage and processing capability. The circuitry in a smart card derives power from a smart card reader after the card is inserted into the reader. Data communication between a smart card and an application running on a computer is performed over a half-duplex serial interface managed by the smart card reader and its associated device driver. Smart card readers are available in a variety of form-factors and can be connected to a computer using an RS-232, PCMCIA or USB interface.

Smart cards provide:

• Tamper-resistant storage for protecting private keys and other forms of personal information.
• Isolation of security-critical computations involving the private key from other parts of the system that do not have a “need to know.”
• Portability of credentials and other private information between computers at work, home, or on the road.

Cryptography:

Cryptography is the science of protecting data or messages. Many cryptographic algorithms mathematically combine input plaintext data and an encryption key to generate encrypted data referred to as ciphertext. With a good cryptographic algorithm, it is computationally infeasible to reverse the encryption process and derive the plaintext data from the ciphertext. In order to decrypt the ciphertext some additional data, a decryption key, is needed to perform the transformation.In traditional secret (or symmetric) key cryptography, encryption and decryption keys are identical and must be shared by multiple parties. Parties wishing to communicate with secret-key cryptography must securely exchange the encryption/decryption keys before they can exchange encrypted data.

Public Key Infrastructure (PKI):

A public key infrastructure (PKI) is the set of components that manages certificates and keys used by encryption and digital signature services. A good PKI must provide services for cryptographic operations, certificate enrollment and renewal, certificate distribution and validation, certificate revocation, plus administrative tools and services for managing all of the above. A directory can also be considered a PKI component because it can store information such as CA location, certificates, and certificate revocation lists (CRLs).

A public key infrastructure (PKI) is a system of digital certificates, certification authorities (CAs) and other registration authorities (RAs) that verify and authenticate the validity of each party that is involved in an electronic transaction through the use of public key cryptography. Standards for PKIs are still evolving, even as they are being widely implemented as a necessary element of electronic commerce.

NEXT (2/3)