The%20Cryptographic%20Token%20Key%20Initialization%20Protocol%20(CT-KIP) PowerPoint PPT Presentation

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: The%20Cryptographic%20Token%20Key%20Initialization%20Protocol%20(CT-KIP)


1
The Cryptographic Token Key Initialization
Protocol (CT-KIP)
  • Dave Mitton, RSA Security
  • for Magnus Nyström
  • IETF SAAG

2
CT-KIP Primer
  • A client-server protocol for initialization (and
    configuration) of cryptographic tokens with
    shared keys
  • Intended for general use within computer and
    communications systems employing connected
    cryptographic tokens

3
Objectives
  • To provide a secure and interoperable method of
    initializing cryptographic tokens with secret
    keys
  • To provide a solution that is easy to administer
    and scales well
  • To provide a solution which does not require
    private-key capabilities in tokens, nor the
    existence of a public-key infrastructure

4
Message flow
CT-KIP server
CT-KIP client
5
Principle of Operation
6
Current status
  • Version 1.0 finalized in December 2005
  • Describes a 4-pass protocol for the
    initialization of cryptographic tokens with
    secret keys
  • Includes a public-key variant as well as a
    shared-key variant
  • Public-key variant assumes completely blank
    token (i.e. totally un-initialized)

7
The One-Time Password Specifications (OTPS)
  • CT-KIP was developed as one of several OTPS
    documents
  • The OTPS effort was launched one year ago, to
    simplify the use and integration of OTP
    technology
  • Analogous to the PKCS process, documents
    developed through an open process (no membership
    required)

8
OTPS Documents
(EAP-POTP, OTP-TLS)
(OTP-WSS-Token, (OTP-Validation Service)
(OTP-PKCS11, OTP-CAPI)
Authentication Server
(CT-KIP, CT-KIP-PKCS11)
9
Future work
  • A 1- and 2-pass version of CT-KIP is available in
    draft form from the OTPS pages
  • Internet draft draft-nystrom-ct-kip-00
  • Going forward, intent is to submit, and develop,
    this in IETF I-D form in parallel with the OTPS
    process

10
More information
  • Internet draft
  • http//www.ietf.org/internet-drafts/draft-nystrom-
    ct-kip-00.txt
  • OTPS documents
  • http//www.rsasecurity.com/rsalabs/otps
  • Mailing list (ordinary majordomo)
  • mailtomajordomo_at_majordomo.rsasecurity.com
  • Editors
  • mailtootps-editor_at_rsasecurity.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "The%20Cryptographic%20Token%20Key%20Initialization%20Protocol%20(CT-KIP)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!