Explore chapters and articles related to this topic
Automated Service Deployment on an Intent-Driven Campus Network
Published in Ningguo Shen, Bin Yu, Mingxiang Huang, Hailin Xu, Campus Network Architectures and Technologies, 2021
Ningguo Shen, Bin Yu, Mingxiang Huang, Hailin Xu
A digital certificate is an electronic document issued and signed by a certificate authority (CA) to prove the ownership of a public key. Digital certificates can be used to achieve the following: Data encryption: After a key is negotiated between two communication parties using a handshake protocol, all the transmitted messages are encrypted using a single-key encryption algorithm, such as Advanced Encryption Standard (AES).Identity authentication: The identities of both communication parties are signed using public key encryption algorithms such as Rivest-Shamir-Adleman (RSA) and Data Security Standard (DSS) to prevent spoofing.Data integrity: All messages transmitted during communication contain digital signatures to ensure message integrity.
Identity Claims in High Assurance
Published in Kevin E. Foltz, William R. Simpson, Enterprise Level Security 2, 2020
Kevin E. Foltz, William R. Simpson
Revocation services provide a way to revoke an entity’s certificate after it has been lost or otherwise compromised or damaged. Proper verification of the individual requesting revocation must be performed to prevent a denial-of-service (DoS) attack on valid users. However, revocation must not place a high burden on the individual doing the revocation. For most purposes, returning to the location that issued the credential is sufficient, as that location should have enough information about the individual to validate their identity, issue a new credential, and revoke the old credential. In DIL environments, a compromise outside the DIL environment might not matter to the local services, as they are isolated. For example, a compromise of the private key of an individual on a submarine need not affect internal submarine operations by that individual. However, upon returning to the surface, that individual would need a new credential for network-connected services.
Cyber Defence and Countermeasures
Published in Stanislav Abaimov, Maurizio Martellini, Cyber Arms, 2020
Stanislav Abaimov, Maurizio Martellini
Encryption and signature schemes are fundamental cryptographic tools for providing privacy and authenticity, respectively, in the public-key setting. Digital signatures are central to the operation of public key infrastructures and many network security schemes (e.g., SSL/TLS, many VPNs, etc.). A public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity that is, information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
Plug and Charge Solutions with Vehicle-to-Grid Communication
Published in Electric Power Components and Systems, 2023
PKI is used to create, manage and distribute digital certificates. PKI structure is distributed in three stages. The first level is Root Certificate Authorities (V2G-Root, MO Root, OEM-Root, PE-Private Root). The second level is subordinate CAs (Sub-CAs). The third level is Leaf Certificates for authentication (EVSE-Leaf Certificate, OEM-provisioning leaf certificate, contract certificate). The Root CA is the trust base for the entire system. The root CA delegates the task of issuing certificates to the sub-CA. Digital certificates are proof of identity for communicating entities. A sub-CA 1 and a sub-CA 2 can be operated in each PKI (OEM, MO, CPO). At least one sub-CA is required, optionally two sub-CAs or there can be only sub-CA1 without sub-CA2. The certificate is a proof that the public key (associated with a private key) has been signed by a trusted entity and that no further certificates can be derived (signed) from them.