Hardware Security Module (HSM) plays a critical role in securing the storage of private keys and accelerating compute-intensive cryptographic processes associated with public-key encryption, symmetric-key(secret-key) encryption and digital signature applications. Using HSM in Oracle Transparent Data Encryption applications will ensure that the Key material stored on the card is protected and not exportable (never leaves the card) and all associated… Read more »
In a typical Single Sign-On (SSO)/Federation scenario using SAML, the Service Provider (SP) initiates the user authentication request using SAML AuthnRequest assertion with an Identity Provider (IDP). The IDP authenticates the principal and returns a SAML AuthnStatement assertion response confirming the user authentication. If the user is successfully authenticated, the SP is required to have the subject’s profile attributes of the authenticated… Read more »
With increasing incidents of online frauds through username/password compromises and stolen/forged identity credentials – Strong authentication using multi-factor credentials is often considered as a defensive solution for ensuring high-degree of identity assurance to accessing Web applications. Adopting multi-factor credentials based authentication has also become a most common security requirement for enabling access control to critical online banking transactions and to safeguard online customer information (Mandated by FFIEC… Read more »
Interesting news..I am not sure how far this story is true ! The Iraqi insurgents has used the SkyGrabber utility to eavesdrop the live video feeds from the US Drones…as reported by Wallstreet journal yesterday. Quite interesting to note, the multi-million dollar unmanned aircraft did’nt use “Encrypted Communication” in first place. It’s time for them to deploy a tamper-proof encrypted… Read more »
The untold reality is ….when your Web application on the DMZ hits the Internet… the colorful performance graphs/numbers does’nt mean anything ! Unless your performance guru in the lab captured the QoS requirements and realized it proactively and accounted its actual overheads associated with Security, Network bandwidth, High-availability and other mission-critical requirements. Otherwise…performance is the nagging issue that every datacenter guy gnaws…. when an application… Read more »
I admit that I am not a SOA expert or pretend to be one ! Lately, I had a chance to explore few security features intended for securing XML Web Services and Java EE applications. With my little knowledge to SOA, I found that XML Web services play a vital role in SOA to enable loosely-coupled services and ensuring interoperability. From a security perspective, the core foundation… Read more »
Last few weeks, I have been pulled into an interesting gig for demonstrating security for _____ SOA/XML Web Services and Java EE applications…. so I had a chance to play with some untold security features of Solaris 10. KSSL is one of the unsung yet powerful security features of Solaris 10. As the name identifies, KSSL is a Solaris Kernel Module that… Read more »
Looks like convergence projects are in the limelight… lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources. Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that… Read more »
Java Card technology has been a passion of mine for so long and I always tried my best to keep updated on Smart card technologies…… not just because of my role at Sun, I did get several opportunities to work closely with citizen-scale Java Card deployments with multiple National ID, eID/ICAO, US DoD/CAC, PIV/FIPS-201 cards and related Identity management projects. It is always been quite adventurous everytime to experience a card issuance… Read more »