IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

Slides:



Advertisements
Similar presentations
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC
Planning a Public Key Infrastructure
Public Key Infrastructure (PKI)
PKI -An Industry Perspective Lisa Pretty Executive Director.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Security+ Guide to Network Security Fundamentals, Fourth Edition
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 Digital Credential for Higher Education John Gardiner August 11, 2004.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Selected problems of the e-signature law and of its implementation Doc. RNDr. Daniel Olejár, CSc. Department of computer science Comenius University, Bratislava.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Configuring Directory Certificate Services Lesson 13.
Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.
Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Belgian EID Card 15/12/2004 Derette Willy eID program manager.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Some Technical Issues in PKI Deployment David Chadwick
Building and extending the internal PKI
Ondrej Sevecek | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI | Enterprise certification.
QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009.
TAG Presentation 18th May 2004 Paul Butler
TAG Presentation 18th May 2004 Paul Butler
Organized by governmental sector (National Institute of information )
Security in ebXML Messaging
زير ساخت كليد عمومي و گواهي هويت
E-MARC Recommendations
Public Key Infrastructure from the Most Trusted Name in e-Security
Session 1.6a: PRESENTATION
Tim Polk, NIST PKI Program Manager March 2000
National Trust Platform
Presentation transcript:

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000

2 Outlines  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

3 Interoperability at the EU side  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

4 Private Key Storage  Software (Disk)  Various Certificate Store (Microsoft, Netscape, Opera, etc...)  Key protection (pin code, token, etc...)  PC lost? / upgraded? (backup, import/export, etc...)  Hardware (SmartCard)  Key-pair generation  Reader Installation & Costs  Compatibility (ship + OS + Data)

5 Certificate Management  Certificate Lifecycle (history)  Certificate History (Expiration/Renewal)  Certificate Revocation (Status Checking)  Key Usage (key protection)  One certificate for every key usage  Multiple certificates (Encryption, Authentication, Non- Repudiation, etc)  Certificate Usage (public vs private)  One certificate (ID-card) for every application/domain  Multiple certificates (one for each application/domain)

6 Products Limitations  Certificate Chaining  Deliver the complete chain  No cross-certification support  Certificate Extensions  Basic Constraints (the only one supported)  Naming Constraints (not supported)  Policy Constraints & Mappings (not supported)  Certificate Status  CRLs (no check)  OCSP (not yet available)

7 Interoperability at the CA side  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

8 Accreditation Schemes  Step1: EC Directive adoption  A common framework for electronic signature... defines: Electronic Signature Qualified Certificate TTP requirements  Step2: Local Laws adaptation  Germany (BSI)  UK (T-Scheme)  France (MEFI)  Netherlands (TTP.NL)  Etc...  Step3: EESSI  Standards... but very complex (and not accepted yet)  A lawyers and lobbying world

9 Products Interoperability  Component Interoperability  Ability to mix and match PKI products  Depends on messages exchanged between components to support: Certificate request Certificate renewal Certificate revocation  Enterprise Interoperability  Ability to connect PKI s into a larger P functional PKI  Cross-certification  Repositories/Directories

10 Common Trust Levels  Hierarchical Model  Root Signing (a signle hierarchy of certificates)  Proprietary accreditation rules  Not flexible and irrealistic  Non-hierarchical Model  Cross-certification (multiple hierarchies of certificates)  Opened cross-certification rules  Very flexible but irrealistic  Meshed Model  CA bridge (multiple hierarchies per business domain)  Opened bridging rules  Very flexible but need for an independant organization (EC?)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.