تبلیغات
ناب ترین مطالب تکنولوژی اطلاعات - مطالب SH.Zahedi - شهرام زاهدی

به نام خدا

 

    تماس با مدیر سایت/Contact  ایمیل من

 وبلاگ من



-->

محقق شدن اتصال به اینترنت پر‌سرعت از ‌طریق پریز‌های معمولی برق

گوشه و کنار فناوری اطلاعات ,

دوشنبه 5 دی 1384

پریز‌های معمولی برق، به وسیله‌ی تراشه‌های جدید ساخته‌شده توسط شرکت Matsushita، می‌توانند به‌عنوان وسیله‌ای برای ارتباط با اینترنت پر‌سرعت در خانه‌ها استفاده شوند و مصرف‌کنندگان را از کابل‌های Ethernet و دردسر اتصال به شبکه‌های wireless، نجات دهند.

Matsushita ، پس از معرفی این فناوری جدید، اعلام کرده‌است که از این پس مصرف‌کنندگان خواهند توانست از سیم‌های برق در خانه‌ها نه‌تنها برای انتقال الکتریسیته، بلکه برای انتقال داده نیز استفاده کنند. به این ترتیب دستگاه‌های جدیدی که تراشه‌های ساخت Matsushita در آنها تعبیه شده‌اند، می‌توانند از طریق ارتباط دو‌شاخه با پریز‌های معمولی، به شبکه‌های اینترنت پر‌سرعت متصل شوند.
گفتنی‌است که این فناوری قبلا نیز در بعضی جاها از جمله در آمریکا وجود داشته است، اما سیستم Matsushita، از این جهت منحصر‌به‌فرد است که می‌تواند اطلاعات را با سرعتی بسیار زیاد، تا 170 مگا‌بیت در ثانیه، یعنی سرعتی بیشتر از Ethernet، منتقل کند.
Matsushita همچنین خانه‌ای رویایی را برای‌ مصرف‌کنندگان به‌تصویر کشیده‌است که در آن همه‌ی اعضای خانواده قادر خواهند‌بود فیلم‌هایی با کیفیت بسیار بالا را در هر اتاق خانه که‌ یک پریز برق در آن موجود باشد، دانلود کرده و مشاهده کنند.
با اتصال دستگاه‌های ویژه‌ی ساخت این شرکت به پریز برق، تنها کاری که مصرف‌کنندگان باید انجام دهند، وصل کردن تلویزیون یا دیگر دستگاه‌ها به پریز، برای اتصال فوری به اینترنت پر‌سرعت است، که امکان ارسال اطلاعات online را بسیار سریع‌تر از اتصال از طریق مودم، فراهم خواهد ساخت.
Matsushita امیدوار است که یخچال‌ها، تلویزیون‌ها و و دستگاه‌های دیگری را که این تراشه‌ها در آن‌ها نصب شده‌باشند، تولید کند. چنین یخچال‌هایی، این امکان را به مصرف‌کنندگان خواهند داد که از طریق تلفن‌همراه و یا laptopهای خود به آنها متصل شوند و مثلا موجودی تخم‌مرغ در یخچال را چک کنند، و یا دستگاه‌های برقی نظیر ماشین لباس‌شویی، کولر و...را از بیرون خانه خاموش یا روشن کنند.

منبع : www.its.co.ir


Secure e-Mail

امنیت اطلاعات ,

یکشنبه 4 دی 1384

Because of the speed and convenience it offers, e-mail has become an instrumental part of day-to-day business processes. Yet as widely as it is used today, e-mail cannot fully serve as a business-commerce platform.
Simply put, e-mail lacks assurance. Messages and attachments traveling across networks and the Internet can be easily opened or altered. This means that the parties cannot be certain that their communication is protected from interception and tampering.
This lack of assurance prevents organizations from using e-mail as a business-commerce platform to conduct negotiations or contractually obligate parties. Rather, businesses must revert to less efficient processes, such as courier service, when communications require a higher level of security and assurance.
Now, as organizations respond to regulatory requirements, customer demands for data privacy and increased competitive pressures, there is a growing demand for secure e-mail. The need is especially strong in key industries, including the insurance, financial services, healthcare, manufacturing and legal sectors.
With the KOBIL GmbH Secure e-Mail technology application, enterprises can help ensure the privacy and integrity of e-mail communications without compromising end-user convenience. In turn, e-mail can be incorporated into trusted e-business processes, helping to shorten transaction times and reduce business process costs.

Author : Shahram ZAHEDI

KOBIL System GmbH


Web Server SSL Security

امنیت اطلاعات ,

یکشنبه 4 دی 1384

Web server authentication is an essential element of an organization’s trust strategy for e-business. In the same way that an enterprise wants to verify the identities of individuals who transact business on their web site, those visitors want to validate the entity they conduct transactions with. By reliably authenticating web servers to visiting browsers, SSL server certificates help build that trust.
Until recently, enterprises had to rely on an external provider to issue SSL server certificates. For many organizations—especially larger enterprises – this service-based model did not meet their needs. For example, in an environment with hundreds of servers, the annual cost of deploying server certificates quickly escalates. In addition, the speed and flexibility of issuing certificates is constrained by the provider’s business processes and delivery capabilities.
Given these factors, many organizations would prefer to manage web server authentication on their own. Now that is possible with the RSA Security Web Server SSL technology application.

Author : Shahram ZAHEDI

KOBIL System GmbH



Secure VPN

امنیت اطلاعات ,

یکشنبه 4 دی 1384

Virtual Private Networks (VPN) have given the world a new way to communicate. Now employees, business partners and customers can tap into critical information resources they need anytime and anywhere through the Internet.
The ability to enable instantaneous communication and information exchange can boost productivity and sharpen an organization’s competitive edge, but when the doors to the network are opened, how do you keep intruders locked out?
Virtual Private Networks provide a private tunnel through the Internet, but privacy does not equal security. The security of an organization’s network is only as strong as the method utilized to identify the end points of the VPN. VPN access protected by user name and passwords is a weak form of authentication and can easily be broken. Once a password is compromised, organizations no longer know who is at the other end of the VPN tunnel. For organizations to fully realize the benefits of a VPN, it must provide:
• Strong authentication of users and devices
• Confidentiality and privacy of information exchanged within the VPN
• Seamless security that is easy to deploy and has minimal impact on users
• Rapid and easy deployment for small and large numbers of users
• Low total cost of ownership over the lifetime of the VPN
With the KOBIL GmbH Secure VPN technology application, enterprises can help ensure against unwanted intruders by strongly authenticating users and devices entering into the VPN.

Author :

Shahram ZAHEDI, 

KOBIL System GmbH


PUBLIC KEY INFRASTRUCTURE

امنیت اطلاعات ,

یکشنبه 4 دی 1384

THE OPEN STANDARD FOR ESTABLISHING INTEGRITY


The security demands on today’s software applications are rapidly changing. The growth of
business process automation and business-to-business integration using the Internet requires a mechanism for digital trust not accomplished by traditional physical barriers, sernames/passwords and other authentication and verification methods. Public key infrastructure (PKI) leverages public key cryptography and provides a unified, scalable framework for securing a wide range of enterprise and Internet applications. The scalability of PKI comes from the use of public/private key pairs and the comparative safety in exchanging public keys over open networks. PKI-based digital certificates allow developers to bind public keys to the identities of individuals and entities—to support authentication, credential validation and the establishment of rules of trust between parties in a transaction. KOBIL Trus software provides the capabilities software developers need to implement this open standard into their transactional environment.


SIMPLIFYING DEVELOPMENT AND DEPLOYMENT OF A NETWORK OF TRUST

KOBIL Trust software gives application developers the capabilities they need to simplify the
development of applications for managing digital certificates and integration into a public key infrastructure. These products help organizations and software vendors build open PKI applications and security products not tied to a single PKI vendor. Applications created with these products seamlessly and automatically interoperate with existing PKI products that support Public Key Cryptography Standards (PKCS) and Public Key Infrastructure x.509 (PKIX) standards. In addition to the certificate management functionality, KOBIL Trust products include protocol support for real-time PKI interaction, including certificate request/response operations such as certificate enrollment, look-up and validation. These products provide a complete portfolio of solutions for enterprises, software OEMs and device manufacturers, helping them meet regulatory and other data security goals. KOBIL GmbH is one of the respected leaders and innovators in information security worldwide.
Establishing trust in a transactional environment requires certification of the integrity of individual transactions. Trust must also “persist” throughout the life of the transaction. Two major components are required: validation that the transaction comes from an authorized sender, and only that sender, and certification that the transaction contents were not tampered with. KOBIL Trust products enable developers to integrate digital transaction signing capabilities which provide a “seal of approval” on the sender’s identity as well as a secure digital “wrapper” around the contents. This helps enforce nonrepudiation because applications have a record of exactly when and by which entity the transaction was initiated. These capabilities help establish a network of trust for your electronic transactions.

Author : Shahram ZAHEDI

KOBIL System GmbH


What is Digital Certificate

امنیت اطلاعات ,

یکشنبه 4 دی 1384


• A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real

• A form of personal identification that can be verified electronically. Only the certificate owner who holds the corresponding private key can present a certificate for authentication through a Web browser session. Anyone can verify that the certificate is valid by using a readily available public key.

• A Digital Certificate issued by a Certificate Authority certifies that a merchant and a particular website are connected, just as a photo on your driver's licence connects your identity with your personal details. A digital certificate verifies to the shopper that the virtual store is actually associated with a physical address and phone number which can increase the shoppers confidence in the authenticity of the merchant.


• A digital certificate is a special message signed by a certificate authority that contains the name of some user and their public key in such a way that anyone can "verify" that the message was signed by no one other than the certification authority and thereby develop trust in the user's public key.

• Online identification authenticates a consumer, merchant and a financial institution. Digital certificates used to encrypt information exchanged in SET transactions. A certificate is a public key digitally signed by a trusted authority (the financial institution) to identify the user of the public key.

• A digital certificate is a special kind of message that contains information about who it belongs to, who it was issued by, a unique serial number or other unique identification, valid dates, and an encrypted "fingerprint" that can be used to verify the contents of the certificate. Digital certificates are issued by trusted third parties, known as Certificate Authorities. ...

• A digitally signed statement that binds the identifying information of a user, computer, or service to a public/private key pair. A digital certificate is commonly used in the process of authentication and for securing information on networks.

• an attachment to an electronic message that allows the recipient to authenticate the identity of the sender via third party verification from an independent certificate authority. Digital certificates are used to identify encryption and decryption codes between message senders and recipients.

• An electronic document used to verify the identity of a user, server or other End Entity. Digital Certificates are used to verify that a user sending a message is who he, she or (in the case of other End Entities) it claims to be and to provide the recipient with a means to encode a reply.

So  it is a part of our life and business and we have to learn how to live with it. It makes our buisines more easier and faster then ever before.

www.verisign.com
www.rsasecurity.com

www.globalsign.com.tr

Author : Shahram ZAHEDI

KOBIL System GmbH



Some Terms of Cryptography Technology

امنیت اطلاعات ,

یکشنبه 4 دی 1384

Hash Method
Hash methods are not used for the encryption or decryption of data. Rather, their purpose is to generate some kind of data “fingerprint.” This fingerprint has a fixed length and represents a digest that uniquely belongs to the original data, nor is it reversible, i.e. there are practically no meaningful data matching the fingerprint. Therefore, hash methods are also called one-way functions. Hash methods are important for generating digital signatures, designed to reduce the document to be signed to its “fingerprint.“ Widely used hash algorithms are MD5, SHA1 or RipeMD.

Symmetric Encryption
For this type of encryption, the same key (the so-called „session key“) is used for both encryption and decryption of a given message. The major advantage of this family of methods lies in its high throughput which is attained both during encryption and decryption. The most widely known symmetrical algorithms are Triple DES (3DES), RC2 and RC4 as well as AES and IDEA. The essential disadvantage of symmetrical methods lies, however, in key management. Both sender and recipient have to agree on the same key, even if they never meet in person as a rule. It is precisely at this point that public key methods come in, which simultaneously form the basis for public.

Public Key Encryption
In contrast to symmetric methods, the public key method uses two different keys for encrypting and decrypting. Therefore the term asymmetric encryption is also used. Here, each user holds a pair of keys, consisting of a private key that must be kept secret at all costs, and a public key that may, or even must, be known to everyone involved. Supposing someone intends to send you an encrypted message, he or she only needs your  public key, which is accessible to anyone. Using this public key, the data is then encrypted. Afterwards this key text can only be decrypted with the matching private key. As long as the private key actually remains accessible to the owner only the confidentiality of the overall system is preserved. The organizational distribution of public keys, and the assignment to their respective owners is handled by certification authorities (also called CA or trust centers).

The major advantage of public key algorithms lies in the substantially simplified distribution of keys because no secret information has to be transmitted. However, this advantage is come by at the expense of speed, as this type of algorithms is noticeably slower than those of the symmetrical  methods. For this reason, symmetrical methods and public key methods are often combined into socalled  hybrid methods which compile the advantages of either method: Messages are encrypted using a symmetrical method. The keys used in the process are called session keys. Then the session keys are encrypted once more, though this time using the recipient’s public key (the so-called “key wrapping”). The recipient initially decrypts the session key using the private key, then uses the former to decrypt the actual data.

The most widely known public key method is RSA, also used by the TCOS smart cards that


Digital Signatures
Digital signatures are utilized to verify identities. A digital signature ties a given message inalienably to its author’s identity. In this sense, digital signatures compare to handwritten signatures. The hash algorithms already introduced are inserted here in order to reduce the data payload to be signed to a certain quantity. Once the fingerprint of the message has been generated through the hash method, it is encrypted by using the owner’s private key. This results in a digital signature. Application of the private key by the owner guarantees that this process can be performed by no other person—provided the private key is accessible to the owner only, a fact which underlines the necessity of saving the private key securely inside a smart card.

Verification of a digital signature requires three things:
• the digital signature as such.
• the signed message in plain text.
• the public key of the person who issued the signature.
Initially, the digital signature is decrypted again with the help of the public key of the signed person. Since the public key is accessible to everyone, this operation may accordingly be performed by anyone. This results in turn in the fingerprint of the message. This fingerprint cannot be used, however, to reconstruct the original message. Rather, another approach is taken: the (separately communicated) message is reduced once again to its fingerprint by the verifying person, using the hash method. The fingerprint thereby obtained is now compared to the fingerprint contained in the previously decrypted message. If the two match, the digital signature is correct, in case of a mismatch it has to be rejected as invalid. Successful verification of a digital signature establishes whether a given message was in fact generated by the person who signed and whether it has been altered since the time of its generation.

Certificates
In order to employ public key methods in a meaningful manner, the distribution of the public key must  be regulated. Basically, a certificate represents nothing more than the assignment of a public key to the person that holds the corresponding private key. Extremely important is the correctness of this assignation, because the verification of digital signatures is after all effected with the help of these public keys, whereas the interpersonal relations are subject to faith. In order to prevent forgery of the assignment, the certificates are protected in turn against manipulation, using digital signatures. The certificates are issued by certification authorities, also called trust centers or CAs. The certification authorities publish a self-signed root certificate to render the validity of certificates verifiable.

Thus, certification authorities protect the integrity of public keys while smart cards protect private keys.
The internationally accepted standard for certificates was defined by the ITU (International
Telecommunications Union) under the name ITU-T X.509. A given X.509v3 certificate contains the following data:

• version
• serial number of the certificate
• the signature-algorithm used
• name of the certification authority (issuing authority)
• expiration date
• name of owner (applicant)
• public key of owner
• information regarding the intended usage of the certificate, where applicable
• signature of the certification authority regarding the foregoing data.

Certification Authorities
A certification authority (subsequently also referred to with the acronym “CA“) is a trustworthy organization that issues certificates. Thus, the CA acts as warrantor for assigning the certificate owner’s identity to his or her public key. The CA publishes all certificates issued in the form of a directory service, thus offering access to the public keys to ayone.
The first thing a given user must do is to apply for a certificate at a CA of his confidence (or at the CA in charge, respectively). In general, this takes the following course:

1. A given user generates a new pair of keys him- or herself, consisting of a public and a private key.
2. Then the user generates an application for certification, containing at least his or her own name and his or her public key.
3. The application is sent to the CA.
4. Depending on the security level requested, the user may have to appear at the CA in person and produce official identification.
5. Using the data provided, the CA makes out a certificate and signs it with the CA’s private key.
6. The CA sends the completed certificate to the owner and publishes it in its directory service.
For some applications, the CA issues fully personalized smart cards, especially in the case of higher security levels. In these cases, the steps described may be skipped because the certificate and the private key both are already contained in the smart card. The security level of a given certificate (also called class) is essentially defined by the degree to which the user has identified him- or herself to the CA. For a certificate of a low security level, for instance, nothing except the user’s e-mail address is subjected to verification. High security levels require that users present themselves in person and identify themselves, presenting official ID-documents. Since this  necessitates considerable administrative effort, ertificates of higher security levels are generally subject to fees and more expensive than those of lower security levels, some of which are even offered free of charge.

Author : Shahram ZAHEDI

KOBIL System GmbH


Digital world

امنیت اطلاعات ,

یکشنبه 4 دی 1384

Digital communication is unsafe nowadays. Data are often transmitted in unprotected form via the internet, and are easily accessed and manipulated. E-mails are as confidential as postcards: anyone  may read them on their way from the sender to the recipient, or even manipulate their contents.

There exist three basic requirements for the protection of digital communication:

• Confidentiality Protection against the disclosure of information toward non-authorized persons who possess the ability to eavesdrop on the communication channel.


• Integrity Preservation of the data consistency. No one except the author can alter the information unnoticed while it is being stored or transmitted via an unsafe medium.

• Authentication (non-deniability / access control) Protection of a person’s identity or of the authenticity of the data source. The data can later be traced to its author at any given time with no chance of denial on the author’s part. Nonauthorized access is recognized and deflected.

Cryptography is the science dealing with the security of information. Modern cryptography knows of two fundamental processes: encryption and decryption.  Encryption transposes a message in plain text into another message using a key, into the so called key text, making it impossible1 to retrieve the plain text without knowledge of the key. Decryption, in turn, is the reverse process, transposing the coded text back into plain text by using the key. The security of modern cryptographic methods is based on the assumption that the likelihood of deciphering the correct key declines in proportion to the length of the key. Meaning, the longer the length of the key, the safer the encryption method. As a rule, the key length is defined in bits;
examples being the (by now dated) DES method using a 56 bits key length or the Triple DES method using 168 bits. Cryptography has nothing to do with clandestine activity. Cryptographic methods, interfaces and protocols have to comply with international standards in order to guarantee the interoperability among the various platforms and providers. The safety of a given cryptographic method has to rest solely in the ability to keep the key secret, not in the ability to keep the method secret! Cryptographic methods that are publicly known and discussed in detail by the expert community offer a trustworthy basis to providers for keeping their sensitive data safe.

Author : Shahram ZAHEDI

KOBIL System GmbH


بقیه مطالب وبلاگ l یک مثال ساده در ماکرو نویسی
l ایجاد یک ماجول در ماکرو
l اولین درس ماکرو
l آغاز ماکرو نویسی در اکسل
l تبلت پی سی چیست؟
l سیستم عامل آندروید چیست ؟
l ملکه تبلت‌ درCES 2011 کیست؟
l چگونه یك متخصص امنیتی شوم؟
l تحلیلى اقتصادى از تاثیر اینترنت و فناورى اطلاعات بر بازارها و موسسات بیمه‌
l راه‌اندازی بزرگ‌ترین مرکز فناوری دنیا در چین
l معرفی MRTG به عنوان نرم افزار Monitoring شبکه
l نرم‌افزار یک ‌بیستم صادرات هند را شامل می‌شود
l سایت انستیتوی فیلم آمریكا
l What is Chief Information Officer
l مدیریت زنجیره تأمین با استفاده از فناوری‌های بی‌سیم و موبایل