Product Manager, Keon PKI

Slides:



Advertisements
Similar presentations
Digital Certificate Installation & User Guide For Class-2 Certificates.
Advertisements

Installation & User Guide
Ljubomir Ivaniš CPU d.o.o.
Digital Certificate Installation & User Guide For Class-2 Certificates.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Digital Certificate Installation & User Guide For Class-2 Certificates.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
eToken PKI Client Overview
Trusted Identity & Access Management The Next Critical Step
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services
Security and Policy Enforcement Mark Gibson Dave Northey
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Public Key Infrastructure from the Most Trusted Name in e-Security.
Windows 2003 and 802.1x Secure Wireless Deployments.
Digital Certificate Installation & User Guide For Class - 2 Certificates.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Overview of Access and Information Protection
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Week #7 Objectives: Secure Windows 7 Desktop
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
What is Driving the Virtual Desktop? VMware View 4: Built for Desktops VMware View 4: Deployment References…Q&A Agenda.
Configuring Directory Certificate Services Lesson 13.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
About Softex Mission Statement: “To provide innovative security software products and solutions for computing devices” Softex was founded in 1992 by IBM.
1 Overview of Microsoft Windows 2000 Multipurpose OS Reduces total cost of ownership (TCO)
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Public Key Infrastructure and Applications
Data and Applications Security Developments and Directions
Hardware Cryptographic Coprocessor
Module 8: Securing Network Traffic by Using IPSec and Certificates
Installation & User Guide
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Security in ebXML Messaging
NAAS 2.0 Features and Enhancements
Data Security for Microsoft Azure
Goals Introduce the Windows Server 2003 family of operating systems
Objective Understand the concepts of modern operating systems by investigating the most popular operating system in the current and future market Provide.
Dell Data Protection | Rapid Recovery: Simple, Quick, Configurable, and Affordable Cloud-Based Backup, Retention, and Archiving Powered by Microsoft Azure.
Public Key Infrastructure from the Most Trusted Name in e-Security
Installation & User Guide
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Module 8: Securing Network Traffic by Using IPSec and Certificates
Install AD Certificate Services
September 2002 CSG Meeting Jim Jokl
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Objective Understand the concepts of modern operating systems by investigating the most popular operating system in the current and future market Provide.
Presentation transcript:

Product Manager, Keon PKI ecarboni@rsasecurity Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI 781-301-5323 ecarboni@rsasecurity

RSA Keon® Robust, flexible Certification Authority Enhanced PKI Services Interoperable across multiple certificate authorities, directory servers and applications Powerful desktop with common credential store, two-factor authentication and file encryption Security server providing policy management, trust management and credential mobility Application Integration RSA BSAFE® Cert tools natively PKI-enabling applications RSA Keon Agent toolkit for integrating existing non-PKI applications (SSO)

RSA Keon Enhanced Services RSA Keon Advanced PKI Web App RSA SecurID Authenticator RSA Keon Security Server RSA Keon Desktop RSA Keon Agent Application server (e.g.SAP) E-mail RSA Keon Certificate Server RSA BSAFE PKI-enabled app.

RSA Keon Security Server Extend the use of digital certificates across organizations and applications Keon Credential Store management and delivery for mobile users Focal point for CA interoperability within Keon Automated certificate validation Centralized management for private key access policy Centralized logging depot for Keon components Replication for scalability Simplified Administration

RSA Keon Desktop Providing the critical requirements for desktop e-Security File Encryption Protection of Credentials PKI Credential Interoperability Smart Card Support Reduced Logon Ease of Deployment

Security Non-repudiation requires trust in certificates Certificates & Cryptography bind digital identities to the data and transactions they manipulate Authenticators bind people to their digital identities

How Secure is the Private Key? Password Hard Drive Where is it stored? How user authenticates to the store? Virtual Smart Card Crypto Operation Smart Card PIN

Local PKI Credential Storage Password Password PKCS #12 export

PKCS #12 Issues PKCS #12 implementations hard to use Requires manual intervention No life cycle support Inconsistent update of credentials Limited security for private key Password based Allows replication of identity

Smart Cards and Authentication Smart Cards are ideal for PPK Authentication The Private Key lives in secure tamper resistant storage “2 factor” authentication is re-introduced since you need both the Smart Card and a PIN to unlock it The crypto happens on the Smart Card with the help of a crypto accelerator They fit into your wallet, and they scrape frost off car windows nicely!

The Benefits of Smart Cards They are secure They are portable They can perform operations other than authentication signatures, encryption They can support other applications E-cash, Loyalty, ... They can be used as Employee badges

RSA SecurID 3100 Smart Card Highest security On-card digital signatures Supports latest application features Dual keys and certificates Mobility Credential store on-card with keys, certificates, login information and RSA SecurID seed Versatile Supports RSA Keon Desktop for PKI applications and classic RSA SecurID-protected systems

RSA SecurID 3100 Smart Card Smart Card Readers Smart Cards PC/SC Setec SetCad 203N Philips PE112/PE122 Smart Cards Philips DX Setec 8k Setec 16k GemPlus GPK8000

Smart Card-Reader Interface There are actually two standardization issues to be dealt with The electrical interface between the reader hardware and the PC Fortunately standards exist here RS232 and USB More problematic is the interface between the reader hardware and the smart card Two classes of interface were needed here: Electrical Interface Standards Command Interface Standards ISO 7816 addresses these issues

Smart Card Reader Interface The next level of problem is the API between the smart card reader, and the host PC software Until recently, each reader manufacturer had a proprietary API which was used to talk to the reader driver This was an effort by the smart card reader manufacturers to lock applications into a particular reader Several years ago a consortia headed by Microsoft defined the PC/SC interface It was intended to be use by systems other than Windows (Unix, PDAs, …) In reality, it is primarily a Microsoft Windows standard

Smart Card Formatting There are two major ways of dealing with this formatting problem: One solution is to develop a standardized way to layout the card directory, and name the files PKCS15 developed by RSA Labs is an example The other solution is to abstract the interface to the card so that you no longer deal with directories and files JavaCard is an example

PKI Credential Interoperability Sharing credentials across multiple applications Netscape Communicator Microsoft apps CAPI/CSP PKCS#11 RSA Keon Credential Store

The Barriers to Smart Cards They need a reader This will be an issue until these become embedded in keyboards and notebooks They cost money But prices are getting pretty reasonable Not all applications support PPK and Smart Cards But many of today’s applications are Web based, and the browsers do support them Industry compatibility PC/SC Readers now available PKCS #15 from RSA Labs

PKCS15 What is it? People frequently confuse PKCS11 and PKCS15 It is a specification for organizing cryptographic data onto an authentication objects (e.g. card, other devices) Allows multiple PKCS15 applications to live on same card People frequently confuse PKCS11 and PKCS15 PKCS11 is a standard which defines how to plug cryptographic tokens into a crypto solution These tokens could be smart cards or crypto accelerators for example PKSC15 is a standard which defines the layout of a smart card format, and the naming standard for common files The application developers who use smart cards are focusing on PKCS15

RC4 128-bit Private Area Key Encryption Private Key RSA Keon Advanced PKI Credential Store Format Keon Credential Store Private Area Public Area Symmetric File Encryption Key NT/NetWare Credentials RC4 128-bit Private Area Key User’s Encryption X.509 Certificate Public Key User’s Signing Signing Private Key Encryption Private Key Virtual Smart & Physical Smart Card

Unique PKI Issues for B2B & Extended Enterprises Partners wishing to use PKI to protect transactions over the Internet. Must support the “Big 2” web browsers and mail clients Must be secure over a public network Must be unobtrusive to partners’ PCs Must be easy to use Solution must be secure, scalable, and manageable Users credentials must be mobile

Unique PKI Issues for B2B & Extended Enterprises Large enterprise deployments wanting to use PKI for a variety of functions Browser, S/MIME, IPSec The enterprise requires unobtrusive software Must be easy to use The solution must be secure and be run over a public network

RSA Keon Advanced PKI Ease of Use: Credential Mobility Security Server RSA Keon Advanced PKI takes the concept of the Credential Store one step further, by providing user credential mobility. A user can move from RSA Keon Desktop to Desktop with confidence their credentials will follow them to each secured work environment. Today’s PKI deployments offer mobility with physical smart cards only. If an organization deploys a software-based PKI implementation, end users are tied to a physical device, their workstation. RSA Keon Advanced PKI supports physical and virtual smart cards to provide customers the flexibility needed for secure e-business. RSA Keon Advanced PKI, with the concept of a virtual smart card offers organizations the benefits of a physical smart card without the additional costs associated with readers and deployment of hardware.

Downloadable Desktop Architecture PKCS #11 Browsers and Mail Clients Microsoft Browsers and Mail Clients IPSec and Other Applications PKCS #11 CSP PKCS #11 or CSP RSA Security Cryptographic Services Logoff Service COM server Local Security Service

Downloadable Desktop Credential mobility Multiple user credentials Certificate auto-enrollment Keon Certificate Server Support Optional SecurID authentication Standards-based repository

Downloadable Desktop Unobtrusive software Reduced sign-on/web SSO Small footprint No device drivers Installed by a normal user No reboot Reduced sign-on/web SSO Interoperability with client PKI applications Microsoft Internet Explorer, Outlook Express, Outlook 2000 Netscape Navigator, Messenger Other “CSP” Applications Compatibility with authorization products Public APIs and CLIs for integration and customization

Authentication Options Physical Smart Card Virtual Smart Card PKCS #5 Password Enhancement SecurID

The Most Trusted Name in e-Security WWW.RSASECURITY.COM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.