QuoVadis Group EUGridPMA Update September 2014. Overview ► Founded in 1999 in Bermuda, with particular focus providing PKI managed services to multinational.

Slides:

Advertisements

Similar presentations

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Extended validation SSL March 2007 Tim Moses (chair, CA / Browser Forum)

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

Lecture 23 Internet Authentication Applications

Jaroslav Pinkava May 2001 Certification Authority in Praxis. Security Aspects. Conference Security and Protection of Information Ing. Jaroslav Pinkava,

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Host of the 13 th ECRF Annual Conference - Budapest 2010.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Phillip Hallam-Baker Extended Validation Presentation to ISTTF September 23, 2008 VeriSign/Extended Validation ISTTF Presentation 9/23/2008.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Chapter 11: Active Directory Certificate Services

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Configuring Active Directory Certificate Services Lesson 13.

Public Key Infrastructure from the Most Trusted Name in e-Security.

The proof of your digital documents. Copyright Lex Persona – All rights reserved 2 Our approach to paper reduction The current approach –The.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. Code Signing Distributing trustworthy software over the Internet.

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Configuring Directory Certificate Services Lesson 13.

Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust TM.

Module 9: Fundamentals of Securing Network Communication.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

Riccardo Genghini - Ws E-Sign Chairman – IETF PKIX San Francisco March Electronic Signature infrastructure for Europe Riccardo Genghini Cen/Isss.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

eIDAS: current state of play and the Luxembourgish approach

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.

ETSI TC ESI PRESENTATION TO CAB FORUM Iñigo Barreira /Arno FiedlerFebruary 2016 meeting, Scottsdale, AZ © ETSI All rights reserved.

NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.

QuoVadis Group Overview for EUGridPMA. Snapshot Trust/Link certificate services for the global enterprise –Digital certificates including End User, Qualified,

QuoVadis accreditation with EuGridPMA Alessandro Usai

OASIS Juan Carlos Cruellas – UPC Stefan Drees - DSS-X co-chair Nick Pope – Thales eSecurity OASIS Digital Signature Services and ETSI standards Juan Carlos.

QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009.

EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager

HellasGrid CA & euGridPMA

Service Organization Control (SOC)

Secure Enterprise Technology Initiatives e-Provisioning Group

Public Key Infrastructure from the Most Trusted Name in e-Security

WEQ-012 PKI Overview March 19, 2019

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

National Trust Platform

Presentation transcript:

QuoVadis Group EUGridPMA Update September 2014

Overview ► Founded in 1999 in Bermuda, with particular focus providing PKI managed services to multinational organisations – More than 3,500 customers – Operations in Bermuda, Switzerland, Holland, Belgium, and UK – Provide CA services to several NRENs (Managed SSL, Grid) ► Leadership in major segments of CA business – 11 th largest SSL CA and 6 th largest EV SSL CA according to Netcraft (out of 80+ trusted CAs) – Leading Qualified CA in Europe; multiple jurisdictions – Significant expertise in digital signature solutions ► Roots are trusted in all major software including mobile devices – Including distribution of next-generation SHA256 roots ► More international audits and certifications than any other CA

3 QuoVadis Offering Trust/Link for SSL Trust/Link for End Users Trust/Link Enterprise Custom CAs SSL: Business (wildcard, SAN) Extended Validation End User: Standard (ETSI TS Advanced Advanced+ GRID Qualified: Netherlands (EU) Switzerland Bermuda National eID: SuisseID PKIoverheid sealsign Software Signing and Validation Service Personal Signing Service Time-Stamping Service Managed PKIDigital CertificatesSigning Solutions Extenders for Ease of Integration: TLEWS Web Service BYOD Extender (SCEP) Secure Gateway Extender (CMP) Smartcard Enrolment Extender

Managed PKI Managed PKI service to easily manage the full lifecycle of digital certificates, from issuance through renewal or revocation, across numerous departments and locations. ► Easy-to-use Web console for rapid rollout ► Dependable costs, no client investment in CA infrastructure or operations ► Lifecycle management of all certificate types (SSL or End User) ► Real time issuance of certificates ► Easily scalable to large numbers of users ► Highly customizable by groups within account – Delegated administration, with granular roles and flexible workflows – Tailored signup forms and notification s – Certificate templates – Reports and audit ► Optional API for integration with enterprise systems

Signing Solutions ► sealsign software – In-house deployment allowing addition of digital signatures and validation to existing systems, such as e-invoicing and e-archiving ► Signing and Validation Service – “Signing as a service” allowing customers to rapidly deploy mass signing on existing systems, with signing platform and certificates securely hosted by QuoVadis ► Personal Signing Service – “Signing as a service” allowing individual users of enterprise applications and online transaction websites to digitally sign PDF documents from any web-enabled device ► Trusted Time-Stamping Service – Adds independent verification of when a transaction occurred ► Adobe and Microsoft – Automatically trusted signatures in Adobe Acrobat and Microsoft Office

EUGridPMA ► QuoVadis has been involved with the EUGridPMA since – QuoVadis are accredited by the EUGridPMA according to the “Classic X.509 CAs with secured infrastructure” Authentication profile. – The “QuoVadis Root Certification Authority” Certificate is included in the IGTF Distribution of Authority Root Certificates. ► QuoVadis seeks to become an independent/direct EUGridPMA member (previously we were “proxied” under SWITCH). – QuoVadis will perform a self-audit in accordance with "Guidelines for auditing Grid CAs version 1.0" (GFD-I.169) and the relevant Authentication Profiles. The results of this audit will be presented at a future EUGridPMA meeting. ► QuoVadis seeks to be accredited under the "Profile for Member Integrated X.509 Credential Services with Secured Infrastructure“ (MICS).

Summary of our Audits and Accreditations ► The accreditations maintained by QuoVadis include: – WebTrust for Certification Authorities – WebTrust for Extended Validation – WebTrust for Baseline Requirements – Swiss Qualified Certification Services Provider SuisseID and Qualified Time-stamping Authority – Netherlands Qualified Certification Services Provider PKIoverheid and eHerkenning ISO/IEC – Belgium Qualified TSP – Bermuda Authorised Certification Services Provider

► WebTrust for CAs is the dominant commercial standard to assess CAs ► Managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). ► The annual WebTrust audit of QuoVadis is performed by Ernst & Young. ► To obtain and retain the WebTrust seal, the CA must meet all the WebTrust for CAs Principles and Criteria. ► The following areas are included in the scope of every WebTrust engagement 1.CA Business Practices Disclosure 2.Service Integrity Key Life Cycle Management Controls Certificate Life Cycle Management Controls 3.CA Environmental Controls WebTrust for Certification Authorities

WebTrust for EV/ Baseline Requirements ► WebTrust for Extended Validation (EV) is used to assess a CA’s controls against the CA/B Forum “Guidelines for the Issuance and Management of EV Certificates”. Created to provide basis for differentiating certificates which have stronger authentication standards. Only suitably accredited CAs may issue EV SSL certificates. ► WebTrust for Baseline Requirements (BR) is used to assess a CA’s controls against the CA/B Forum “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates”. A successful WebTrust for BR audit is required by the Browsers, such as Mozilla. ► The annual WebTrust for EV/ BR audits of QuoVadis are performed by Ernst & Young. ► The EV Guidelines/ BR require quarterly Internal Audit testing of at least 3% of SSL certificates issued.

Swiss Qualified Certification Services Provider ► ZertES is the Swiss digital signature law. Lays out requirements for electronic signature to achieve same legal status as hand written signature. ► ZertES accreditation is granted by the Swiss Accreditation Service (SAS) and the Swiss Federal Office of Communications (BAKOM) based on an audit by KPMG ► The following areas are included in the scope of the QuoVadis audit: – The Certification Service Provider (CSP) requirements of ZertES, the accompanying VZertES regulatory provisions and also the more detailed Technical and Administrative Regulations – Requirements for Time Stamping Authorities (TSA) based on ETSI TS and ETSI TS – Requirements for Qualified Electronic Signatures according to ETSI TS , ETSI TS and SR

Netherlands Qualified Certification Services Provider ► PKIoverheid: the PKI designed for trustworthy electronic communication within and with the Dutch government. QuoVadis have PKIoverheid Issuing CAs under Dutch Government Root. ► QuoVadis is certified by BSI against the following requirements: – ETSI TS (Qualified Certificates) and ETSI TS (for PKIoverheid SSL/EV); – Dutch Digital Signature Law (Dutch Besluit Elektronische handtekeningen); – The following PKIoverheid Program of Requirements: Part 3a (Personal certificates, Organisational) Part 3b (Services/SSL) - based on Baseline Requirements Part 3c (Citizen) Part 3e (EV SSL) – this is based on the EV Guidelines but has additional requirements ► QuoVadis are supervised by the Netherlands Authority for Consumers and Markets (ACM). QuoVadis are also ‘audited’ by Logius and ACM. ► QuoVadis is “supervised” as a CSP in Belgium by FOD Economie on the basis of the Dutch accreditation.

Questions Barry Kilborn: Stephen Davidson: