Presentation is loading. Please wait.

Presentation is loading. Please wait.

EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager

Published byJob Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager"— Presentation transcript:

1 EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager katsan@simetriyazilim.com katsan@simetriyazilim.comkatsan@simetriyazilim.com Simetri Software A.Ş. Tel: +90 312 472 2110 Fax: +90 312 472 21 12 www.simetriyazilim.com info@simetriyazilim.com info@simetriyazilim.cominfo@simetriyazilim.com

2 2 Outline Simetri Software Introduction Simetri Software Introduction Simetri Trust Center Overview Simetri Trust Center Overview Legal Requiremtns Legal Requiremtns Technical Requirements Technical Requirements Selection of a PKI System Selection of a PKI System EJBCA Components at the Trust Center EJBCA Components at the Trust Center Integrating SimSign Server with EJBCA Integrating SimSign Server with EJBCA

3 3 Simetri Software in Brief According to 2006 figures Simetri Software is the 2 nd largest company in Turkey in the first 500 IT company in MIS sector According to 2006 figures Simetri Software is the 2 nd largest company in Turkey in the first 500 IT company in MIS sector Provides products and services to Ministry of Internal Affairs, Ministry of Industry and Commerce, İstanbul Chamber of Commerce and other large organisations Provides products and services to Ministry of Internal Affairs, Ministry of Industry and Commerce, İstanbul Chamber of Commerce and other large organisations Its various applications run in 81 cities and 931 counties with 100.000+ users. Its various applications run in 81 cities and 931 counties with 100.000+ users. Provides products and services to its customers with 100+ software engineers. Provides products and services to its customers with 100+ software engineers.

4 4 Simetri Trust Center Overview Recently (for over 4 years) Simetri is focused at the information security area. Recently (for over 4 years) Simetri is focused at the information security area. It provides a Trust Center service for its customer which satisfied the legal requirements and became a Legal CSP in Turkey It provides a Trust Center service for its customer which satisfied the legal requirements and became a Legal CSP in Turkey It has gained TS-ISO 27001 ISMS accreditation for its Trust Center as part of the legal requirements. It has gained TS-ISO 27001 ISMS accreditation for its Trust Center as part of the legal requirements.

5 5 What is a Trust Center anyway ? A Trust Center is the premises where Digital ID s are issued and managed A Trust Center is the premises where Digital ID s are issued and managed It has to be reliable (againts ID and credentials theft) It has to be reliable (againts ID and credentials theft) Administratively and Administratively and Technically Technically and maintain trust at all times We assume we provide the administrative reliability by managing and maintaining our ISMS system We assume we provide the administrative reliability by managing and maintaining our ISMS system How about the technical reliability and requirements ? How about the technical reliability and requirements ?

6 6 Legal Requirements Compliancy with e-signature legislations (Law and Regulations) Compliancy with e-signature legislations (Law and Regulations) Product Selection Requirements (EAL4+, FIPS 140-2 and etc. For smartcards, HSMs and such) Product Selection Requirements (EAL4+, FIPS 140-2 and etc. For smartcards, HSMs and such) ISMS TS ISO 27001 ISMS TS ISO 27001 Business Continuity Plan Business Continuity Plan CP and CPS and etc. CP and CPS and etc. Compliancy with ETSI TS 101456 & CERN CWA 14171-1 (Dual two factor authentication, roles and their duties ) Compliancy with ETSI TS 101456 & CERN CWA 14171-1 (Dual two factor authentication, roles and their duties )

7 7 Technical Requirements Selection of a PKI System Selection of a PKI System One of the most ciritical decisions in the process : One of the most ciritical decisions in the process : Must be reliable Must be reliable Flexible Flexible Cost effective Cost effective Secure Secure

8 8 Technical Requirements Evaluated several products : Evaluated several products : OpenCA OpenCA Windows 2003 CA Server Windows 2003 CA Server A US Origin CA A US Origin CA and EJBCA and EJBCA

9 9 Technical Requirements Why did we select EJBCA ? Why did we select EJBCA ? Flexibility and customizability : Flexibility and customizability : Flexible Administration Flexible Administration Adding new profiles is easy Adding new profiles is easy Customizing is easy Customizing is easy Secondary Services Support (More complete solution) Secondary Services Support (More complete solution) OCSP Server OCSP Server TSA TSA Directory Service Integration Directory Service Integration External RA External RA HSM Support HSM Support

10 10 Technical Challenges Surpassed Multilanguage support (Xdoclet, certificate encoding) Multilanguage support (Xdoclet, certificate encoding) Custom certificate field requirements (Serial Number, Subject Directory Attributes and such ) Custom certificate field requirements (Serial Number, Subject Directory Attributes and such ) TSA and OCSP hardware (smartcard) support TSA and OCSP hardware (smartcard) support Internal RA Approval Mechanism in order to achieve dual authentication Internal RA Approval Mechanism in order to achieve dual authentication

11 11 EJBCA Components at the Trust Center Root CA Directory (LDAP) EU CA TSA EU OCSP Server Sub CAs RAs EU External RA

12 12 SIM SignServer Workflow and EJBCA integration Web Web Application Client Application System Users Document Signed and TimeStamped Document Signed Doc Verification Internet User Signed Document Sharing

13 13 Solutions at the speed of thought… Thank you

Download ppt "EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager"

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Universal Electronic Signatures Tarvi Martens ESTONIA.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
3SKey 3SKey.

3SKey 3SKey.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Host of the 13 th ECRF Annual Conference - Budapest 2010.

Host of the 13 th ECRF Annual Conference - Budapest 2010.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mr. Pedro Fuertes Head of Business Development and Innovation

Mr. Pedro Fuertes Head of Business Development and Innovation
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Similar presentations

Ads by Google