PGP Identity Management Secure Authentication and Authorization over the Internet
Access of computer services have conventionally been managed by means of secret passwords and centralized authentication databases, this method dates back to early timeshare systems. Now that applications have shifted to the Internet it has become conspicuously evident that the use of passwords is not scaleable or secure enough for this medium. As an alternative, this paper discusses ways to implement federated identity management using strong-cryptography and the same PGP key infrastructure that is widely deployed on the Internet today.Pretty Good Authentication
PGP website article
Draft 7/10/04 (pdf)
A discussion of the limitations of traditional user authentication and authorization methods to control access of services over the Internet. Why passwords are risky; attacks and exploits. As an alternative, how to use OpenPGP to create a lightweight but very secure authorization protocol to grant and transfer user access privileges using authorization certificates signed with strong public key cryptography.Mac Crypto-Internet Commerce Workshop
Slides are available
I organized and managed the "Macintosh Cryptography and Internet Commerce Software Development Workshop". Typically a three day event (on a shoestring budget) that attracts key Mac developers, industry leaders and legends to discuss such topics ranging from Cryptosystems, Digital Cash and Security issues to feedback sessions where developers were able to directly discuss their requirements with Apple engineers. Past workshop proceedings are avalable online at http://www.vmeng.com/mc/Introduction to Crypto Systems
I developed an introduction seminar on the workings of modern cryptosystems. which overviewed such topics as: secret/public key encyption, digital signitures, PGP, key exchanges, key management, e-commerce, and governement & patent issues.
Slides are available
A timely session on how to protect your identity and information, as well as how to avoid and foil those who would spy upon you whether they are business competitors, identity thieves, terrorists, or anyone else.
AppleShare IP has introduced a developer accessable programable User Access Method API. The PGPUAM is a pair of plug-ins that allow a user to perform two way authenticated logins to an AppleShare IP server from a Mac OS client. The PGPUAM leverages the PGPsdk (but doesn't include it). Source code included.
The control of user access through secret passwords and centralized authentication databases dates back to early timeshare systems. However this strategy is no longer scaleable or secure enough for today's highly distributed, Internet based services.PGPTicket Internet Draft - 16-Nov-98This paper discusses the limitations of traditional user authentication and authorization methods and offers a single sign-on alternative using strong-cryptography and the same PGP key infrastructure that is widely deployed on the Internet today. PGPticket, a lightweight but very secure authorization protocol based on the SPKI and OpenPGP standards is designed to control access of services over a public network. PGPticket grants and transfers user access privileges through authorization certificates signed with strong public key cryptography.
OpenPGP specifies message formats and certificate formats used for exchange of encrypted and/or authenticated objects. This document discusses methods of extending OpenPGP's message formats to support an authorization system. This system would use public key cryptography to authenticate a user to a server and establish the user's access permissions. The concept is that the user acquires a ticket signed by some issuer that specifies what they are entitled to do. That ticket is then submitted to a server. The server uses a challenge/response method to verify that the holder really has the matching private key. The server then allows the access specified.Building Fast Network Software
Based on my original Technote 1059: On Improving Open Transport Network Server Performance , this talk detailed some techniques that Macintosh network server developers can employ to achieve higher performance when using the Open Transport network API. Slides are available in PDF format
RSX can be a very effective solution to the types of multi-tasking problems that occur in typical process control applications. This paper, published in the Aug 1987 issue of The RSX Multi-Tasker describes one way in which I used some of the RSX parent-offspring tasking directives in an application called Banktalk. Banktalk.pdf
These are notes from an S-100 Bus forum held at Personal Computing 77, centered around the future expansion and problem with the S-100 bus structure s100forum.pdf
While at PGP, I authored a number of technical notes and samples for PGP's Developer Relations Website. Note: these samples are export controlled, and thus require that your enter through PGP's export control firewall.PGPsdk Application Notes
- TN01 - PGPOpenDefaultKeyRings always returns an error
- TN02 - I am short of random bits
- TN03 - Notes on creating DH/DSS Keys
PGPsdk Sample Code
- DumpKeyRing - Iterating through a Keyring
- ClearSig - PGP Clear Signing a block
- HL Signer - High level PGP ClearSign a block
- Verify - PGP Verifying a signature block
- Signer - Low level PGP Signing and Verifying of discontigous data
While at Apple Computer, I authored a number of technical notes and samples for Apple's Developer Relations Website:Open Transport
Power Manager
- TN1059: OpenTransport Performance
- Writing Fast Mac OS Network Servers (slides)
- OT/PPP Control Strip Sample
- Network IoStream Snippet
- HTTP Server Framework Sample
- ARA/PPP username and password.
- Accessing the DialAssist data.
- Using the OT modem script engine.
Storage Management Security
- TN1039: Disk Access & Power Manager.
- TN1046: PowerMgr Addenda
- TN1079: Power Management & Servers:
- TN1086: Power Management & The Energy Saver API