Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Key Management Infrastructure (EKMI) Securing data for e-Business and e-Government Arshad Noor, Co-Chair, EKMI-TC

Published byBernard Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Key Management Infrastructure (EKMI) Securing data for e-Business and e-Government Arshad Noor, Co-Chair, EKMI-TC"— Presentation transcript:

1 Enterprise Key Management Infrastructure (EKMI) Securing data for e-Business and e-Government Arshad Noor, Co-Chair, EKMI-TC arshad.noor@strongauth.com OASIS Symposium 2007, San Diego arshad.noor@strongauth.com www.oasis-open.org

2 Business Challenge Regulatory Compliance PCI-DSS, HIPAA, FISMA, SB-1386, etc. Avoiding fines ChoicePoint $15M, Nationwide $2M Avoiding lawsuits – BofA, TJX Avoiding negative publicity VA, IRS, TJX, E&Y, Citibank, BofA, WF, Ralph Lauren, UC, etc.

3 e-Business/e-Government Challenges Sharing data while keeping it secure Protected Critical Information Infrastructure (PCII) at the DHS Medical, Taxpayer and Employee data Other sensitive data Protecting data across the enterprise Laptops, Desktops, Databases, PDAs, Servers, Storage devices, Partners, etc.

4 The Encryption Problem ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy ● Generate ● Encrypt ● Decrypt ● Escrow ● Authorize ● Recover ● Destroy.........and on and on

5 Key Management Silos

6 What is an EKMI? An Enterprise Key Management Infrastructure is: “A collection of technology, policies and procedures for managing all cryptographic keys in the enterprise.”

7 EKMI Characteristics A single place to define EKM policy A single place to manage all keys Standard protocols for EKM services Platform and Application-independent Scalable to service millions of clients Available even when network fails Extremely secure

8 EKMI Harmony

9 The Encryption Solution WAN SKS Server Generate Protect Escrow Authorize Recover Destroy Encrypt Decrypt SKS Server Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt Encrypt Decrypt

10 EKMI Components Public Key Infrastructure For digital certificate management; used for strong-authentication, and secure storage & transport of symmetric encryption keys Symmetric Key Management System SKS Server for symmetric key management SKCL for client interactions with SKS Server EKMI = PKI + SKMS

11 SKMS Big-Picture DB Server Crypto Module Application Server Crypto Module SKCL C/C++ Application RPG Application Java Application Key Cache JNIRPGNI Server Client Network 1 2 3 4 5 6 1. Client Application makes a request for a symmetric key 2. SKCL makes a digitally signed request to the SKS 3. SKS verifies SKCL request, generates, encrypts, digitally signs & escrows key in DB 4. Crypto HSM provides security for RSA Signing & Encryption keys of SKS 5. SKS responds to SKCL with signed and encrypted symmetric key 6. SKCL verifies response, decrypts key and hands it to the Client Application 7. Native (non-Java) applications make requests through Java Native Interface 77

12 The Sharing Problem - (DHS-PCII) DHS Personnel First Responder Encryption Key Private Sector PCI Data PCI Ciphertext Encryption Key shared out-of-band Internet + = Key shared out-of-band

13 The Sharing Problem - Multiplied Encryption Keys First Responders (50 States, 3000+ Counties, 20,000+ Cities) DHS Personnel (180,000+) Private Sector PCI Data (Tens of thousands?)

14 The Sharing Problem - Solved* PCII Database SKS Server Internet DHS Personnel (180,000+) Private Sector PCI Data (Tens of thousands?) First Responders (50 States, 3000+ Counties, 20,000+ Cities)

15 The Healthcare Solution ER Application and Database Patient Registration SKS Server EMT N Laptop EMT 1 Laptop Wireless MAN AP ER Nurse

16 The Financial Solution

17 Solutions to Barriers

18 EKMI-TC Goals Standardize on a Symmetric Key Services Markup Language (SKSML) Create Implementation & Operations Guidelines Create Audit Guidelines Create Interoperability Test-Suite

19 EKMI-TC Members/Observers FundServ, PA Consulting, PrimeKey, Sterling Commerce, StrongAuth, US DoD, Visa International, Wave Systems Booz Allen Hamilton, EMC (RSA), Entrust, Mitre Corporation, Oracle, Sigaba, Symantec Individuals representing Audit and Security backgrounds

20 Conclusion “Securing the Core” should have been Plan A from the beginning; but its never too late. OASIS EKMI-TC is driving new key- management standards that cuts across platforms, applications and industries. Get involved!

21 Resources OASIS EKMI-TC Resources Use Cases, SKSML Schema, Presentations, White Papers, Guidelines, etc. www.strongkey.org - Open Source SKMS implementation www.strongkey.org www.issa.org - Article on SKMS in February 2007 issue of ISSA Journal www.issa.org

Download ppt "Enterprise Key Management Infrastructure (EKMI) Securing data for e-Business and e-Government Arshad Noor, Co-Chair, EKMI-TC"

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
SafeNet Luna XML Hardware Security Module

SafeNet Luna XML Hardware Security Module
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:

The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Enterprise Key Management Infrastructures: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.

Enterprise Key Management Infrastructures: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Enterprise Key Management Infrastructure (EKMI) Arshad Noor CTO, StrongAuth, Inc. Chair, EKMI TC – OASIS

Enterprise Key Management Infrastructure (EKMI) Arshad Noor CTO, StrongAuth, Inc. Chair, EKMI TC – OASIS
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.

Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
Yash Solutions LLC Cumming,GA www.yashsolutions.com Go Lean, Go Green Get IT Done! From: Kal Ayyar, Healthcare IT Practice Offc: 678-564-1478 Cell: 404-425-6579.

Yash Solutions LLC Cumming,GA Go Lean, Go Green Get IT Done! From: Kal Ayyar, Healthcare IT Practice Offc: Cell:
Electronic Commerce Yong Choi School of Business CSU, Bakersfield.

Electronic Commerce Yong Choi School of Business CSU, Bakersfield.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 9-1.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter

Similar presentations

Ads by Google