National Trust Platform

Slides:

Advertisements

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Public Key Infrastructure and Applications

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

(n)Code Solutions A division of GNFC

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

PKI Implementation in the Real World

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Public Key Infrastructure Ammar Hasayen ….

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.

Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Creating and Managing Digital Certificates Chapter Eleven.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.

TAG Presentation 18th May 2004 Paul Butler

Key management issues in PGP

Authentication, Authorisation and Security

Information Security message M one-way hash fingerprint f = H(M)

TAG Presentation 18th May 2004 Paul Butler

e-Health Platform End 2 End encryption

Module 8: Securing Network Traffic by Using IPSec and Certificates

Secure communication among services

Public Key Infrastructure (PKI)

Digital Signature.

IS3230 Access Security Unit 9 PKI and Encryption

Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)

Secure Enterprise Technology Initiatives e-Provisioning Group

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

CompTIA Security+ Study Guide (SY0-501)

Security in ebXML Messaging

زير ساخت كليد عمومي و گواهي هويت

Secure Electronic Transaction (SET) University of Windsor

Public Key Infrastructure from the Most Trusted Name in e-Security

Information Security message M one-way hash fingerprint f = H(M)

The Secure Sockets Layer (SSL) Protocol

Module 8: Securing Network Traffic by Using IPSec and Certificates

Install AD Certificate Services

Building Security into Your System

PKI (Public Key Infrastructure)

Electronic Payment Security Technologies

Presentation transcript:

National Trust Platform September 24th, 2018

What do we call the « National Trust Platform » ?

Why do we need a Trust Platform ? Authentication Confidentiality Integrity Non repudiation

Encryption Signature Trusted certificates Fab5f62863 Cdedc51435 52c9d3 Clear Text Message Fab5f62863 Cdedc51435 52c9d3 Verify signature

The National Platform PKI Certification authority Root authority Subordinate authorities: National Education CA Person CA Infrastructure CA Signature CA Others … Registration authority Log management HSM Enrollment Entity Users PKCS#10 Forms Servers SCEP PKCS#10 Forms

The Certification Authority entity Trusted certification authorities Trusted certificates Certificates lifecycle Certificate policy

The Root Certification Authority Signature of Subordinate Certification Authority certificates Subordinate Certification Authority certificates lifecycle Issuing Certificate Revocation List (CRL)

The subordinate certification authorities Signature of User / Server Certificate Requests Backup of encryption key pairs User / Server certificates lifecycle CRL updating and publication

The Person Certification Authority User authentication User data encryption User signature 09/2017 – 09/2018 = 634 certificates The cost of one user authentication certificate from an external provider is 100 €

The Infrastructure Certification Authority Client / Server authentication Encryption Time stamping Server stamping Code signature 09/2017 – 09/2018 = 369 certificates The cost of one SSL certificate from an external provider = 250 €

The Signature Certification Authority Electronic signature 09/2017 – 09/2018 = 790129 certificates ! The cost of one temporary signature certificate from an external provider = 26 € Money saving ? Yes, it is money saving.

Keys management HSM BULL PROTECCIO RSA upto 4096 bits key length

The Registration Authority Search / retrieval of issued certificates Certificate requests Key recovery requests Revocation requests Renewal requests

The Enrollement Entity Requester: Certificate request Enrollment Entity NO Regiistration Authority Certification Authority YES

The certificate policy Issuer DN Key Usage Validity dates User DN User’s Public key

The secure environment ACLs TLS authentication with certificates PKI Officer validation Security tokens

The Signature services The signature validation service The timestamping service The safebox service

The Signature service To ensure the signer’s identity To establish a relation between the signer and the signed document (non repudiation) To ensure that the document was not modified (integrity) Signer Signed document fab5f62863cdedc5143552c9d37d6679e3304f7a

The Signature validation service To verify the document’s integrity since its signature To verify the relation between the signer and the signed document To verify the signer’s certificate (CRLs, validity, trustworthy CA) Certificate Revocation Lists Certification Authorities fab5f62863cdedc5143552c9d37d6679e3304f7a

The Timestamping service To ensure that the document was signed at a precise time To ensure that the document has not been modified since this time fab5f62863cdedc5143552c9d37d6679e3304f7a Certificate Date& Time Signature Timestamping Authority Certification Authority Data to be timestamped fab5f62863cdedc5143552c9d37d6679e3304f7a NTP server Sattelite GPS

The Safebox service To ensure the storage of the data protected from any modification To ensure the confidentiality of the stored data (encryption, secure access) Decryption of the digital object Deposit Deposit hash validation Deposit access request Deposit proof validation Fab5f62863 Cdedc51435 52c9d37d66 79e3304f7a Deposit Hash of the digital object Encryption of the digital object Deposit proof signed and timestamped

To sum up The National Trust Platform provides us with trusted mechanisms which allow to: Safely authenticate users, processes, machines Encrypt the data to keep it confidential Ensure the integrity of the data stored or transferred We can dematerialize procedures by using electronic signature services and secure storage. We have the mecanisms to identify document signers, verify signatures and securely store the proof of valid signatures.