© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
(n)Code Solutions A division of GNFC
Planning a Public Key Infrastructure
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Electronic Filing Case Study NSW Land and Environment Court.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
© Southampton City Council Sean Dawtry – Southampton City Council Implementing a PKI The Southampton Pathfinder for Smart Cards in public services.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Rural Development Department Government of Tripura Venue: Conference Hall #1, Pragna Bhawan, Gorkhabasti Date: 7 th March, 2014.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Secure Electronic Transaction (SET)
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
UNCLASSIFIED NGA NIPRNET Presentation to FLIP Coordinating Committee, Digital Working Group Larry Glick, (314) , Aeronautical.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
By Umair Ali. Dec 2004Version 1 -PKI - a security architecture – over the internet. -Provides an increased level of confidence for exchanging information.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
DIGITAL SIGNATURE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Digital Signatures and Digital Certificates Monil Adhikari.
PKI Services for CYPRUS STOCK EXCHANGE Kostas Nousias.
CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.
TAG Presentation 18th May 2004 Paul Butler
Training for developers of X-Road interfaces
Public Key Infrastructure (PKI)
TAG Presentation 18th May 2004 Paul Butler
Module 8: Securing Network Traffic by Using IPSec and Certificates
Installation & User Guide
Module 8: Securing Network Traffic by Using IPSec and Certificates
PKI (Public Key Infrastructure)
Presentation transcript:

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services

© Southampton City Council Sean Dawtry – Southampton City Council SmartPath Sean Dawtry Corporate IT Consultant Southampton City Council Tel

© Southampton City Council Sean Dawtry – Southampton City Council Agenda Overview of SmartPath Principles Project Scope PKI How Does it Work Main Partners Issues The Future

© Southampton City Council Sean Dawtry – Southampton City Council Overview Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery. Though Development of PKI Build Around Existing SmartCities Scheme Available from Kiosks, PCs in Libraries 6000 Citizens

© Southampton City Council Sean Dawtry – Southampton City Council Principles Bridge Digital Divide Through SmartCard Secure Needed Real World Application –Housing Repairs Portability and Interoperability

© Southampton City Council Sean Dawtry – Southampton City Council Scope Business Process Development –SmartCities –Housing –PKI/Certificate Management Infrastructure Development System Design Integration –With Back Office –SmartCities Secure Portal Intuitive User Interface

© Southampton City Council Sean Dawtry – Southampton City Council PKI PKI (Public Key Infrastructure) –Enables users of a unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. –The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.

© Southampton City Council Sean Dawtry – Southampton City Council Digital Certificate A digital certificate is an electronic “passport" that establishes your credentials when doing business or other transactions on the Web. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509.

© Southampton City Council Sean Dawtry – Southampton City Council Digital Certificate Can be held –Web Browser –USB Token –Smartcard

© Southampton City Council Sean Dawtry – Southampton City Council CA and RA Certificate Authority –Organisation responsible for issuing and revoking certificates Registration Authority –Organisation responsible for performing the registration process and verifies the identification of the individual

© Southampton City Council Sean Dawtry – Southampton City Council CA and RA Southampton City Council –currently performs the CA function. Smartcities –Currently performs the RA function Both are currently one in the same

© Southampton City Council Sean Dawtry – Southampton City Council CP and CPS Certificate Policy –Lays down the CA’s legal obligations –Liabilities –Holders obligations Certificate Practice Statement –Details the processes by which the PKI will be managed i.e. Physical Controls, Personnel Controls, backup and recovery

© Southampton City Council Sean Dawtry – Southampton City Council CP and CPS How do they relate –The Certificate Policy generally states WHAT is to be adhered to. The Certificate Practice Statement states HOW it will be adhered to

© Southampton City Council Sean Dawtry – Southampton City Council Verification Meets Office of the E-Envoy’s authentication framework Applicant must produce two forms of approved documents to verify identification

© Southampton City Council Sean Dawtry – Southampton City Council Benefits of PKI Entity Authentication –Verifies the Identity of a person or organisation Data Confidentiality –Ensures transmitted data is secure Data Integrity –Ensures that data is not tampered with in Transit

© Southampton City Council Sean Dawtry – Southampton City Council Benefits of PKI Non Repudiation –Neither party can deny transaction ever took place Privilege Management –Policies that govern access to sensitive data

© Southampton City Council Sean Dawtry – Southampton City Council Why PKI E-Government programme opens up more data to more people Could be sensitive Need to ensure interest of all parties are taken into consideration Important to know who is at the ‘other end’ Prevention of fraud

© Southampton City Council Sean Dawtry – Southampton City Council Registration Create X509 Certificate Citizen Registers CMS Account created within the Card Management System Certificate Request is granted and CMS authorised to encode card Entrust Poller Poller Checks for new requests frequently CMS Informed if request is invalid FTP Certificate Request is created and stored in FTP Directory Check CRM to Determine Valid user Entrust ‘Get Access’ Account Created

© Southampton City Council Sean Dawtry – Southampton City Council Authentication Cardholder inserts card and PIN Certificate is copied to Cryptographic Store in Web Browser Entrust ‘Get Access’ Server CA ‘Get Access’ Server confirms that certificate is valid and performs authentication process Web Client ‘Get Access’ acts as a proxy server for resources from SCC application server through firewall e.g. Housing Repairs All communication between BEA Weblogic and the user occurs through the firewall and the ‘Get Access’ Server BEA Weblogic Server SCC Back office Systems

© Southampton City Council Sean Dawtry – Southampton City Council Entrust ‘Get Access’ Server Data SCC Once completed Data Flush takes place to remove the certificate from the browser Authentication

© Southampton City Council Sean Dawtry – Southampton City Council Lost/Stolen/Blacklisted Cards Card Loss Report –Smartcities Creates a ‘Hotlist’ –‘Hotlist’ Sent to SmartPath –Checked – Certificate and Account Revoked –New Card Requested if Necessary –Registration Process Begins

© Southampton City Council Sean Dawtry – Southampton City Council Issues Take Up –Hindsight is a good thing –Public Perception ‘Leading Edge’ –Some Components ‘volatile’ 2 pence pieces! –Jammed in Card Readers Certificate Practice/Policies –Lots of work

© Southampton City Council Sean Dawtry – Southampton City Council Main Partners ECSoft –Primary Integration Partner Entrust –PKI –Security and Authentication Smartcities/SchlumbergerSema –Smartcards and Smartcard Integration

© Southampton City Council Sean Dawtry – Southampton City Council The Future Develop Key Components as a Product that Could Implemented Elsewhere Share Documents –Certificate Practice Statement –Certificate Policy –Design Documents Add more Services –Requiring higher security levels Revenues and Benefits Secure Payments (in and out) Social Care

© Southampton City Council Sean Dawtry – Southampton City Council The Future Develop as a National model Integrate With UK-Online Obtain T-Scheme Approval

© Southampton City Council Sean Dawtry – Southampton City Council

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.