securing e government public key infrastructure prof dr mohamed kouta chairman of mis department...
TRANSCRIPT
![Page 1: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/1.jpg)
Securing e GovernmentSecuring e GovernmentPublic Key InfrastructurePublic Key Infrastructure
Prof Dr Mohamed KoutaProf Dr Mohamed KoutaChairman Of MIS DepartmentChairman Of MIS Department
Arab Academy For Science And TechnologyArab Academy For Science And Technology
![Page 2: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/2.jpg)
OutlineOutline
Security Requirements.Security Requirements. Symmetric Key Cryptosystem.Symmetric Key Cryptosystem. Asymmetric (Public) Key Cryptosystem.Asymmetric (Public) Key Cryptosystem. Over View of Digital Signature.Over View of Digital Signature. Secure Socket Layer Protocol.Secure Socket Layer Protocol. Digital Certificate.Digital Certificate. Certificate Authority.Certificate Authority. PKI Components.PKI Components. PKI Implementation.PKI Implementation. Using biometrics and Smart Token.Using biometrics and Smart Token. PKI Assessment.PKI Assessment.
![Page 3: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/3.jpg)
Security RequirementsSecurity Requirements
Privacy.Privacy. Authenticity.Authenticity. Non repudiationNon repudiation Integrity.Integrity.
![Page 4: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/4.jpg)
Symmetric Key Cryptosystem
Poly alphabetic Cipher
Consider a key length = 4
Key = BAND1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Plain Text M= E BUS INES S
B AND BAND B
Cipher Text E(M)= G CIW KOSW U
![Page 5: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/5.jpg)
Symmetric-key Cryptosystems
Encryption
Es
Decryption DsSender Receiver
M M
C
Secret
Key
Secret
Key
Secure ChannelSecret
Key
Intruder
Overview
![Page 6: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/6.jpg)
Symmetric-key Cryptosystems
Encryption
Es
Decryption DsSender Receiver
M M
C
Secret
Key
Secret
Key
Secure ChannelSecret
Key
Intruder
Overview
![Page 7: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/7.jpg)
Asymmetric-key Cryptosystems
Encryption
EK
Decryption DKSender Receiver
M M
C
Public
Key
Private
Key
Intruder
Overview
![Page 8: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/8.jpg)
Overview of Digital SignatureOverview of Digital Signature
Signer’s Private Key
SignedDocument
EncryptedDigestHash
Algorithm
Digest
Remember, a digital signature involves services provided by Certificate Authority (CA)
![Page 9: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/9.jpg)
Verifying the Digital SignatureVerifying the Digital Signaturefor Authentication and Integrityfor Authentication and Integrity
Hash Algorithm
Digest
Digest??
Signer’sPublic Key
And so does the process of verifying the validity of a digital signature
![Page 10: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/10.jpg)
Sender’s ComputerSender’s Private Signature Key
Sender’s Certificate
+
+
Message
+Digital Signature
Receiver’s Certificate
Encrypt
Symmetric Key
Encrypted Message
Receiver’sKey-Exchange Key
Encrypt
DigitalEnvelope
Message
Message Digest
10© Prentice Hall, 2000
![Page 11: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/11.jpg)
Receiver’s Computer
DecryptSymmetric
Key
Encrypted Message
Sender’s Certificate
+
+
Message
compare
DigitalEnvelope
Receiver’s Private Key-Exchange Key
Decrypt
Message DigestDigital SignatureSender’s Public Signature Key
Decrypt
Message Digest
11© Prentice Hall, 2000
![Page 12: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/12.jpg)
Digital CertificateDigital Certificate
X509 StandardX509 StandardEach certificate contains theEach certificate contains the
public-key of a user and is signedpublic-key of a user and is signed
with the private-key of a trusted with the private-key of a trusted
certificate authoritycertificate authority
![Page 13: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/13.jpg)
CertificateCertificate AuthorityAuthority
In an uncontrolled system, anyone could publish a In an uncontrolled system, anyone could publish a new public-key and assume a new identity.new public-key and assume a new identity.
Any Participant can send his public-key to any other Any Participant can send his public-key to any other one broadcast the keyone broadcast the key
![Page 14: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/14.jpg)
CertificateCertificate AuthorityAuthority
This would be like allowing anyone to issue his or This would be like allowing anyone to issue his or her own passport or driving licensesher own passport or driving licenses
This is clearly unacceptable for any application that, This is clearly unacceptable for any application that, like electronic commerce, requires authentication like electronic commerce, requires authentication and non-repudiation.and non-repudiation.
In order to assure a proper information exchange In order to assure a proper information exchange mechanism, an important entity should be involved mechanism, an important entity should be involved in the process which is the Certificate Authority in the process which is the Certificate Authority (CA).(CA).
![Page 15: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/15.jpg)
CertificateCertificate AuthorityAuthority
Cont. Distribution of Public KeysCont. Distribution of Public Keys
Public key CertificatePublic key Certificate
![Page 16: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/16.jpg)
CertificateCertificate AuthorityAuthority
Requirements of setting up the CARequirements of setting up the CA1.1. Compatibility with existing Internet based Certificate Compatibility with existing Internet based Certificate
AuthoritiesAuthorities It should be possible to use the certificates in It should be possible to use the certificates in
applications such as Netscape navigators, secure email, applications such as Netscape navigators, secure email, and custom built business-to-business e-commerce and custom built business-to-business e-commerce applications.applications.
Certificates must be consistent with accepted Certificates must be consistent with accepted standards; such the widely recognized X.509 standards; such the widely recognized X.509 certificate formats.certificate formats.
![Page 17: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/17.jpg)
Certificate AuthorityCertificate Authority
Effective Distribution mechanismsEffective Distribution mechanisms Directory server support:-Directory server support:-
includes client certificates, and certificate validity includes client certificates, and certificate validity status.status.
Certificates accompanying signatures:-Certificates accompanying signatures:- The certificate, being signed by the ECA, enables the The certificate, being signed by the ECA, enables the
receiving party to check the validity of both the receiving party to check the validity of both the certificate, and the accompanying signature.certificate, and the accompanying signature.
Support for certificate revocation:-Support for certificate revocation:-
![Page 18: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/18.jpg)
Certificate AuthorityCertificate Authority
Revocation of Revocation of CertificatesCertificates The user’s private key The user’s private key
is compromisedis compromised The user is no longer The user is no longer
certified by this CAcertified by this CA The CA’s certificate is The CA’s certificate is
compromisedcompromised
![Page 19: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/19.jpg)
Certificate management Certificate management cyclecycle
User
CertificateAuthority
Program
Request a certificateSend browser form
Send public key
Request certificatefor key linked with LIR ID
Certificate
CA never sees the private key
Certificate
Certificate
Some time later the user wants to revoke the certificate…
Revocation requestCertificate is included
in the Certificate Revocation List (CRL)
![Page 20: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/20.jpg)
PKI ComponentPKI Component
Certificate Authority (CA).Certificate Authority (CA). Issues Digital CertificatesIssues Digital Certificates
Authorization Authority (AA).Authorization Authority (AA). Response for Digital Certificate (DC) requestResponse for Digital Certificate (DC) request
Registration Authority (RA).Registration Authority (RA). Contains a database for DC and Certificate Revocation ListContains a database for DC and Certificate Revocation List CRL.CRL.
Directory Services.Directory Services. Handles DC exchange.Handles DC exchange.
Applications.Applications.
![Page 21: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/21.jpg)
PKI ImplementationPKI Implementation
Issuing the Certificate Practice Statement Issuing the Certificate Practice Statement (CPS).(CPS).
A statement of Practices that CA employs in issuing DC.A statement of Practices that CA employs in issuing DC.
Building the PKI as according CPS.Building the PKI as according CPS. Training for users and administration Staff.Training for users and administration Staff. Connections to secured systems that could Connections to secured systems that could
circumvented the PKI must be ended.circumvented the PKI must be ended. Integration with the different applications. Integration with the different applications.
![Page 22: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/22.jpg)
Using Biometrics and Using Biometrics and Smart Token inSmart Token in
Electronic signature Electronic signature
![Page 23: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/23.jpg)
How a citizen can apply for a Smart TokenHow a citizen can apply for a Smart Token Step 1Step 1 The citizen (Applicant A) provides his National Security Number Card (NSN)The citizen (Applicant A) provides his National Security Number Card (NSN) to to
one of the Service Provider (SP).one of the Service Provider (SP). Step 2Step 2 SP sends the NSN information to the CA.SP sends the NSN information to the CA. Step 3Step 3 CA checks for Applicant already has a DC or revoked with RA.CA checks for Applicant already has a DC or revoked with RA. Step 4Step 4 If A is applying first time, CA asks for authorization from AA.If A is applying first time, CA asks for authorization from AA. Step 5Step 5 AA responses for CA.AA responses for CA. Step 6Step 6 CA asks A to generate his keys pair.CA asks A to generate his keys pair. Step 7Step 7 The Two pairs are generated inside the applicant smart Token.The Two pairs are generated inside the applicant smart Token. Step 8Step 8 The public Key is sent to the CA.The public Key is sent to the CA. Step 9Step 9 The CA generates and sends the DC back to the applicant Token.The CA generates and sends the DC back to the applicant Token. Step 10Step 10 The token is trained for the applicant finger print. The token is trained for the applicant finger print.
![Page 24: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/24.jpg)
Sender side Pre Session StagePre Session Stage
CA
2 check validity
Sender (S) Receiver (R)
1 S w
ants
to c
omm
unicat
e w
ith R
3 SDC
3 R
DC
![Page 25: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/25.jpg)
Sender side
ESM + DE
Sender PC
Sender Token
Sender Data
MD
SDS +SDC
1- Selecting the message M to be sent from the sender PC (SPC).
2- According to the Hashing Algorithm (HA) stored in the SPC , M will be hashed and the message digest (MD)
will be generated.
3- The message digest MD is transferred from the SPC to the sender Smart Token (SST).
6- Using a random number generator (RNG), a session key (SK) will be generated inside the SPC.
7- Encrypting M+SDS+SDC using symmetric key encryption algorithm SKEA and Sk as encryption key and call it the encrypted signed message (ESM).
8- Extracting the receiver public key (RPUK) from the RDC available in the SCL.
9- Encrypt the SK with RPUK using PKUK to create Digital Envelop (DE) send ESM+DE.
4- Using public key cryptographic algorithm (PKCA) ,the MD is encrypted with the sender private key (SPRK) to get the sender digital signature (SDS).
5- The SDS+ a copy from the sender digital certificate (SDC) are sent back to the SPC.
![Page 26: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/26.jpg)
Sender side Third ProcessThird Process
Receiver PC
DE
Encrypted Signed message (ESM)Encrypted session keyBy receiver public key (DE)
Sender PC
ESM+
![Page 27: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/27.jpg)
1-DE is sent to the receiver smart token (RST).
4- By the SK the message will be Decrypted using the same SKEA Now we have : M+ SDS + SDC.
5- The SDC received from CA is compared with SDC received from the sender to assure its validity. If its valid the procedure continue , aborted otherwise. 6- Decrypt the SDS by the sender public key SPUK contained in the SDC to get MD. Call it MD1.
8- Using M generate a message digest MD using the same HA. Call it MD2.
7- Compare the two digests MD1 and MD2. If MD1 and MD2 are identical then message accepted otherwise the message is rejected.
Receiver PC
Receiver side
2- Using PKEA the DE is Decrypted by the RPRK to get the session key SK.
3- Send SK back to the RE PC
Receiver Token
ESM + DE
Received Data
DE
SK
![Page 28: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/28.jpg)
Token blank containToken blank contain
1- RSA Encryption/decryption Algorithm.1- RSA Encryption/decryption Algorithm.
2- USB Interface.2- USB Interface.
3- Biometric sensor.3- Biometric sensor.
4- Image processing.4- Image processing.
5- Feature extraction & recognition.5- Feature extraction & recognition.
6- ROM.6- ROM.
7- RAM7- RAM
![Page 29: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/29.jpg)
Smart Token Block
Biometric Device
Interface Bus
USB including power supply
Token Block Diagram
![Page 30: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/30.jpg)
SMART TOKEN BLOCKU
SB
inte
rfac
e
BUS
Biometric Interface
ROMPrivate KeyCertificate contain Public KeyFinger print of the owner
RAMProcessing and result storage RSA En /Dec
Algorithm& Key Generation
Biometric Device
Interface Bus
Power supply from USB
Control unitFeature extraction & recognition
Image
processing
USB
BUS
![Page 31: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/31.jpg)
Biometric Verification for Biometric Verification for Smart TokenSmart Token
![Page 32: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/32.jpg)
AT77C101B-CB02V AT77C101B-CB02V SensorSensor
![Page 33: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/33.jpg)
Architecture of the Architecture of the automatic identity automatic identity
authentication systemauthentication system
![Page 34: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/34.jpg)
Image processing and Image processing and extraction of fingerprint extraction of fingerprint
minutiaminutia
![Page 35: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/35.jpg)
Step (1) Input ImageStep (1) Input Image
![Page 36: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/36.jpg)
Step (2) Region of Step (2) Region of InterestInterest
![Page 37: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/37.jpg)
Step (3) Orientation Step (3) Orientation FieldField
![Page 38: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/38.jpg)
Step (4) Ridge DetectionStep (4) Ridge Detection
Ridge ending and ridge bifurcation.
![Page 39: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/39.jpg)
Step (5) Extracted Step (5) Extracted RidgesRidges
![Page 40: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/40.jpg)
Step (6) Thinned RidgesStep (6) Thinned Ridges
![Page 41: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/41.jpg)
Step (7) Smoothing Step (7) Smoothing procedureprocedure
• • The presence of undesired spikes and breaks present in a The presence of undesired spikes and breaks present in a thinned ridge map may lead to many spurious thinned ridge map may lead to many spurious minutiae being detected.minutiae being detected.
• • Therefore, before the minutiae detection, a smoothing Therefore, before the minutiae detection, a smoothing procedure is applied to remove spikes and to join procedure is applied to remove spikes and to join broken ridges.broken ridges.
![Page 42: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/42.jpg)
Step (8) Minutiae Step (8) Minutiae detectiondetection
![Page 43: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/43.jpg)
Last Step Minutia Last Step Minutia ExtractionExtraction
![Page 44: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/44.jpg)
![Page 45: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/45.jpg)
MinutiaeMinutiae M Matchingatching
Alignment of the input ridge and the template ridge
![Page 46: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/46.jpg)
Applying the matching Applying the matching algorithm to an input algorithm to an input
minutiae set and a minutiae set and a templatetemplate
(a) input minutiae set (b) template minutiae set
![Page 47: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/47.jpg)
Applying the matching Applying the matching algorithm to an input algorithm to an input
minutiae set and a minutiae set and a templatetemplate (Cont.) (Cont.)
(c) alignment result based on the minutiae marked with green circles
(d) matching result where template minutiae and their correspondences are connected by green lines.
![Page 48: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/48.jpg)
PKI AssessmentsPKI Assessments
CPSCPS CACA AAAA RARA CRL policies.CRL policies. Certificate Usage with applications.Certificate Usage with applications. Auditing.Auditing. Cryptographic devices and dataCryptographic devices and data Cryptographic AlgorithmsCryptographic Algorithms Critical Information Flow.Critical Information Flow. Sensitive Software Applications.Sensitive Software Applications. Key Managements.Key Managements. Network Devices Hosts, Routers, firewalls, switches).Network Devices Hosts, Routers, firewalls, switches).
![Page 49: Securing e Government Public Key Infrastructure Prof Dr Mohamed Kouta Chairman Of MIS Department Arab Academy For Science And Technology](https://reader035.vdocument.in/reader035/viewer/2022062620/5519daa35503468b0c8b4b14/html5/thumbnails/49.jpg)
Examples forExamples for PKI applications PKI applications
E-mail.E-mail. E-Gov services (Pension, ..).E-Gov services (Pension, ..). E-Election (voting).E-Election (voting). Group decision making.Group decision making. Multi signature.Multi signature. Notarizing.Notarizing. E-payment.E-payment. Medical care.Medical care.
Note:Note: It is up to the application to deploy the smart token. It is up to the application to deploy the smart token.