Presentation is loading. Please wait.

Presentation is loading. Please wait.

TeleTrusT Initiatives for PKI Solutions

Published byMalcolm Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "TeleTrusT Initiatives for PKI Solutions"— Presentation transcript:

1 TeleTrusT Initiatives for PKI Solutions
PKI Forum meeting ‚PKI in Europe‘ Dublin, June 27st-29nd, 2000 TeleTrusT Initiatives for PKI Solutions Helmut Reimer TeleTrusT Deutschland e. V.

2 TeleTrusT: Association of Competence
Promoting the trustworthiness of information and communication technology applied Cryptography & Biometrics founded in 1989 more than 95 members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. non-profit, political independent

3 TeleTrusT: Working Groups / Projects Interoperability, Standards, Appropriate Security
Legal aspects of the liability of communications (WG1) Security architecture / IC-Card security (WG2) Applications in health services (WG3) Open e-commerce security (WG4) Promotions (WG5) Biometrics identification (WG6) Public key infrastructure (WG7) MailTrusT (WG8) Chipcard-terminals (Project, MKT, UCTS) Project BioTrusT

4 Trustworthy IT Goals: - privacy / confidentiality - integrity - subscribers identification /authentication Conditions: - technology accepted publicly - security as a appropriate component of the business processes - the participant has an acting role - clearly recognisable risk spread

5 PKI & DS: Expected fields of application
Private and business communications over the Internet (in connection with encryption). E-banking (i. e. home banking), e-business, e-commerce with better consumer protection. Public health services. Services of communes and authorities for the citizens. Many (but not all) applications require a legal recognition of the DS

6 PKI & DS-Regulations: The Pros and Cons/I
Advantages The legal and evidence values of DS should be defined. The PKI is functional simple. By a national PKI- policy, the mutual recognition of certificates would be able to be supported The asymmetric crypto-graphy and their algo-rithms obtains acknow-ledgements by law. Providers of compo-nents and services and the customers have dependable conditions for investments.

7 PKI & DS-Regulations: The Pros and Cons/II
Disadvantages The application of DS already requires a complete solution for the start. Business cases are not in view of the regulations. Quite difference views on CSP supervising or accreditation. The governmental-driven applications may be more or less closed shops

8 PKI, DS and E-Commerce Business to Business Business to Consumer
Enterprise and/or Consumer to Authorities or public services Different security policies, different business conditions, different business cases Public key infrastructure: One for all?

9 CA Services: Business Case? /I
E. g. Banking Organisations In house CA services: Cost / benefit relations can be calculated, security policy / business conditions / riscs / assurance conditions can be defined The costs for the customer can be formed marketably How can this concept support other applications?

10 CA Services: Business Case? /II
E. g. CA Service Provider Return of investment? Costs by regulation (SigG: CA, Directory Services, Chipcard-Personalisation, Time Stamping ...) How does the integration of the services occur into the business concepts of the users? (E. g. Distribution of costs between different applications)

11 E-Commerce Security / I
Security by regulation: Evaluation of technical components according to specific criteria (ITSEC, CC, FIPS ) Does so practical security result for an application? The same level of security - only a result of an unique security policy?

12 E-Commerce Security / II
Security by business conditions: The practical security of application is the goal Evaluation of components and the business process according to application specific criteria Assurance and liability are components of the security policy Recognition of e. g. other certificates is part of business policy

13 TeleTrusT: Steps 2000 / I In general: The integration of PKI & DS into applications is much more difficult than expected TTT is included in the development of national specifications and standards: Interoperability at PKI-Level (SigI) Chipcards with DS functionality (DIN-Spec)

14 TeleTrusT: Steps 2000 / II Multifunctional Office Identity Chipcard
Health Professional (Chip-) Card Evaluation of Chipcards ITSEC E4 high Generic PKI security policy Definition of application projects (e. g. The results should be inserted into international standardization

15 TeleTrusT: Steps 2000 / III What do we need?
Implementations of the DS in applications (reengineering of business processes) Security oriented Work Flow Systems / reliable archiving and more general Application and acceptance experiences

16 TeleTrusT Experiences 2000
MailTrusT - Sphinx: End-to-end-security with PKI for business communications E-Commerce / E-Business / E-Banking: Different protokolls are in use (e. g. SET, HBCI...) the certification infrastructure establishes itself with application specific certificates The interoperability and mutual recognition of certificates are current questions

Download ppt "TeleTrusT Initiatives for PKI Solutions"

Similar presentations

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Secure Communication Architectures.

Secure Communication Architectures.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
Security Controls – What Works

Security Controls – What Works
Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.

Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
A Comparative Study on the e-Commerce Laws of Taiwan and the Philippines September 20, 2006 John C.T. Ko & Regina Rose N. Regidor for Taiwan for the Philippines.

A Comparative Study on the e-Commerce Laws of Taiwan and the Philippines September 20, 2006 John C.T. Ko & Regina Rose N. Regidor for Taiwan for the Philippines.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Similar presentations

Ads by Google