WebPKI.org - Security standards for the Web

Authentication Token for the "Cloud"

Besides a cool buzzword, what could an authentication token for the cloud possibly be?

Well, since human users mostly interact with cloud services through the "Universal Client", the Internet browser, this probably means that such a token scheme must be integrated with the browser in some way, right?

Because tokens are supposed to be secure, there should be a way to maintain token integrity even in the harsh open Internet environment; otherwise we may better stick to passwords forever!

Finally, we can't ignore that Mobile Phones have become the shortest path to the Internet.

Here follows a short list of what I see as desirable properties for a token scheme that could work for everything from bloggers to the NSA:

Browser interface for Issuing, Managing, and Using tokens
Supporting PKI, OTP, Information Cards, etc.
VSDs (Virtual Security Domains) enabling independent issuers securely Sharing a token container
Transaction Based Operation and E2ES (End To End Security) making on-line personalization of tokens Technically as secure and robust as traditional smart card production in a "bunker"
Unified system for enhanced smart cards and mobile phones with embedded security hardware
PEP (Privacy Enabled Provisioning) option to suite usage with any provider
Building on Standards including XML Schema, XML Security, NIST SP800-56A, and NSA Suite B

For those who are heavy into authentication technologies, I have compiled a set of links to the most important documents.

Note that this is work-in-progress and contents may change from day to day! In addition, documents, software and hardware are not always "in sync".

SKS/KeyGen2 - Executive Level Presentation	http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf
API Description (SKS)	http://openkeystore.googlecode.com/svn/trunk/resources/docs/sks-api-arch.pdf
Open Hardware Development Platform	TBD
SKS integration in a CPU	http://openkeystore.googlecode.com/svn/trunk/resources/docs/tee-se-combo.pdf http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/se/SEReferenceImplementation.java http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/tee/TEEReferenceImplementation.java
Open Software Project	http://code.google.com/p/openkeystore
Secure Key Store - Reference Implementation	Java source code
KeyGen2 XML Schema	XML Schema
JUnit KeyGen2 Output	JUnit Printout
Application Note: Remote Key Unlock	http://webpki.org/papers/keygen2/remote-key-unlock.pdf
Public Domain Invention Disclosure	http://openkeystore.googlecode.com/svn/trunk/resources/docs/Efficient-Provisioning-of-Complex-Structures-Over-Unsecured-Channels.pdf

Primary Contact

anders.rundgren@telia.com

LinkedIn profile