What Is Internet Authentication Service?
Network Security Services ( NSS ) is a set of program libraries that support cross-platform development of secure client and server applications. It provides server-side hardware TLS / SSL acceleration and optional support for client-side smart cards. NSS provides a fully open source implementation that supports TLS / SSL and S / MIME. Earlier, Mozilla Public License 1.1, GNU General Public License, and GNU Lesser General Public License were licensed in a multi-license manner, but the upgrade from version 3.14 to the GPL-compatible MPL 2.0 license.
- NSS was developed from
- NSS includes a framework where developers and OEMs can contribute patches, such as assembly code that optimizes performance on their specific platform. Mozilla has certified NSS 3.x for 18 platforms. NSS has produced a Netscape Portable Runtime (NSPR), an open source API independent of the platform, which facilitates cross-platform development and complete system function design. NSS, NSPR, etc. have been widely used by many products. [2]
Cyber Security Services Software Development Kit
- In addition to libraries and APIs, NSS provides security tools needed for debugging, diagnostics and certificate and key management, encryption module management, and other development tasks. NSS comes with extensive and growing documentation, including introduction materials, API references, man pages for command line tools, and sample code.
- Programmers can use NSS as source code and as a shared (dynamic) program library. Each NSS release has backward compatibility with the previous version, allowing NSS users to upgrade directly to the new NSS shared library without having to recompile or relink their applications. [2]
Cybersecurity services interoperability and open standards
- NSS supports a range of security standards, including the following:
- TLS 1.0 (RFC 2246), 1.1 (RFC 4346), and 1.2 (RFC 5246). The Transport Layer Security (TLS) protocol comes from SSL v3.0, replaced by the IETF, and maintains backward compatibility with SSL v3.
- SSL 2.0 and 3.0. The condom layer (SSL) protocol allows clients and servers to authenticate each other and create an authenticated and encrypted connection.
- DTLS 1.0 (RFC 4347) and 1.2 (RFC 6347).
- DTLS-SRTP (RFC 5764).
- The following PKCS standards:
- PKCS # 1. RSA standard, which implements the public key encryption algorithm based on the RSA algorithm.
- PKCS # 3. The RSA standard, which implements the DiffieHellman key agreement.
- PKCS # 5. The RSA standard, which stipulates password-based encryption methods, such as encrypting private keys on storage devices.
- PKCS # 7. The RSA standard, which conventions applications that encrypt data, such as digital signatures and digital envelopes.
- PKCS # 8. The RSA standard, which stipulates the storage and encryption of private keys.
- PKCS # 9. The RSA standard, which specifies the type of attribute to choose, including PKCS # 7. Use of PKCS # 8 and PKCS # 10.
- PKCS # 10. RSA standard, agreed on the syntax of the certificate request.
- PKCS # 11. The RSA standard, which stipulates the communication of cryptographic tokens (such as hardware accelerators and smart cards) and allows applications to be independent of specific algorithms and implementations.
- PKCS # 12. The RSA standard, which stipulates the format for storing or transmitting private keys, certificates, and other secret materials.
- Cryptographic Message Syntax, used in S / MIME (RFC 2311 and RFC 2633). The IETF messaging standard (based on the popular Internet MIME standard) provides a consistent method for sending and receiving signed and encrypted MIME data.
- X.509 v3. ITU standard, the format of a certificate used for authentication in public key encryption.
- OCSP (RFC 2560). Online Certificate Status Protocol (OCSP) provides real-time certificate validity confirmation services.
- PKIX certificate and CRL configuration (RFC 3280). According to the IETF's Public Key Infrastructure (X.509) working group (also known as PKIX), it consists of four parts of the standard developed for the Internet's public key infrastructure.
- RSA, DSA, ECDSA, Diffie--Hellman, EC Diffie--Hellman, AES, Triple DES, Camellia, IDEA, SEED, DES, RC2, RC4, SHA-1, SHA-256, SHA-384, SHA-512, MD2 MD5, HMAC: Common algorithms in public key and symmetric key encryption.
- FIPS186-2 pseudo-random number generator. [2]
Cyber Security Services Hardware Support
- NSS supports PKCS # 11 interface to access encrypted devices such as SSL accelerators, HSM-s and smart cards. Since most device vendors (such as SafeNet and Thales) also support this interface, applications that use NSS can operate at high speed using cryptographic hardware and use private keys residing on smart cards, as long as the device vendor provides the necessary middleware . New Encryption Standard New Instructions (AES-NI) is supported in NSS 3.13 and later. [2]
Java Network Security Services Java Support
- Network Security Services for Java (JSS) includes a Java interface to NSS. It is provided by NSS and supports most security standards and encryption technologies. JSS also provides a pure Java interface for ASN.1 types and BER / DER encoding. The Mozilla CVS tree provides source code for Java interfaces to NSS. [2]