Presentation is loading. Please wait.

Presentation is loading. Please wait.

Product Manager, Keon PKI

Published byLenard Hart Modified over 6 years ago

Similar presentations

Presentation on theme: "Product Manager, Keon PKI"— Presentation transcript:

1 Product Manager, Keon PKI ecarboni@rsasecurity
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

2 RSA Keon® Robust, flexible Certification Authority
Enhanced PKI Services Interoperable across multiple certificate authorities, directory servers and applications Powerful desktop with common credential store, two-factor authentication and file encryption Security server providing policy management, trust management and credential mobility Application Integration RSA BSAFE® Cert tools natively PKI-enabling applications RSA Keon Agent toolkit for integrating existing non-PKI applications (SSO)

3 RSA Keon Enhanced Services
RSA Keon Advanced PKI Web App RSA SecurID Authenticator RSA Keon Security Server RSA Keon Desktop RSA Keon Agent Application server (e.g.SAP) RSA Keon Certificate Server RSA BSAFE PKI-enabled app.

4 RSA Keon Security Server
Extend the use of digital certificates across organizations and applications Keon Credential Store management and delivery for mobile users Focal point for CA interoperability within Keon Automated certificate validation Centralized management for private key access policy Centralized logging depot for Keon components Replication for scalability Simplified Administration

5 RSA Keon Desktop Providing the critical requirements for
desktop e-Security File Encryption Protection of Credentials PKI Credential Interoperability Smart Card Support Reduced Logon Ease of Deployment

6 Security Non-repudiation requires trust in certificates
Certificates & Cryptography bind digital identities to the data and transactions they manipulate Authenticators bind people to their digital identities

7 How Secure is the Private Key?
Password Hard Drive Where is it stored? How user authenticates to the store? Virtual Smart Card Crypto Operation Smart Card PIN

8 Local PKI Credential Storage
Password Password PKCS #12 export

9 PKCS #12 Issues PKCS #12 implementations hard to use
Requires manual intervention No life cycle support Inconsistent update of credentials Limited security for private key Password based Allows replication of identity

10 Smart Cards and Authentication
Smart Cards are ideal for PPK Authentication The Private Key lives in secure tamper resistant storage “2 factor” authentication is re-introduced since you need both the Smart Card and a PIN to unlock it The crypto happens on the Smart Card with the help of a crypto accelerator They fit into your wallet, and they scrape frost off car windows nicely!

11 The Benefits of Smart Cards
They are secure They are portable They can perform operations other than authentication signatures, encryption They can support other applications E-cash, Loyalty, ... They can be used as Employee badges

12 RSA SecurID 3100 Smart Card Highest security
On-card digital signatures Supports latest application features Dual keys and certificates Mobility Credential store on-card with keys, certificates, login information and RSA SecurID seed Versatile Supports RSA Keon Desktop for PKI applications and classic RSA SecurID-protected systems

13 RSA SecurID 3100 Smart Card Smart Card Readers Smart Cards PC/SC
Setec SetCad 203N Philips PE112/PE122 Smart Cards Philips DX Setec 8k Setec 16k GemPlus GPK8000

14 Smart Card-Reader Interface
There are actually two standardization issues to be dealt with The electrical interface between the reader hardware and the PC Fortunately standards exist here RS232 and USB More problematic is the interface between the reader hardware and the smart card Two classes of interface were needed here: Electrical Interface Standards Command Interface Standards ISO 7816 addresses these issues

15 Smart Card Reader Interface
The next level of problem is the API between the smart card reader, and the host PC software Until recently, each reader manufacturer had a proprietary API which was used to talk to the reader driver This was an effort by the smart card reader manufacturers to lock applications into a particular reader Several years ago a consortia headed by Microsoft defined the PC/SC interface It was intended to be use by systems other than Windows (Unix, PDAs, …) In reality, it is primarily a Microsoft Windows standard

16 Smart Card Formatting There are two major ways of dealing with this formatting problem: One solution is to develop a standardized way to layout the card directory, and name the files PKCS15 developed by RSA Labs is an example The other solution is to abstract the interface to the card so that you no longer deal with directories and files JavaCard is an example

17 PKI Credential Interoperability Sharing credentials across multiple applications
Netscape Communicator Microsoft apps CAPI/CSP PKCS#11 RSA Keon Credential Store

18 The Barriers to Smart Cards
They need a reader This will be an issue until these become embedded in keyboards and notebooks They cost money But prices are getting pretty reasonable Not all applications support PPK and Smart Cards But many of today’s applications are Web based, and the browsers do support them Industry compatibility PC/SC Readers now available PKCS #15 from RSA Labs

19 PKCS15 What is it? People frequently confuse PKCS11 and PKCS15
It is a specification for organizing cryptographic data onto an authentication objects (e.g. card, other devices) Allows multiple PKCS15 applications to live on same card People frequently confuse PKCS11 and PKCS15 PKCS11 is a standard which defines how to plug cryptographic tokens into a crypto solution These tokens could be smart cards or crypto accelerators for example PKSC15 is a standard which defines the layout of a smart card format, and the naming standard for common files The application developers who use smart cards are focusing on PKCS15

20 RC4 128-bit Private Area Key Encryption Private Key
RSA Keon Advanced PKI Credential Store Format Keon Credential Store Private Area Public Area Symmetric File Encryption Key NT/NetWare Credentials RC4 128-bit Private Area Key User’s Encryption X.509 Certificate Public Key User’s Signing Signing Private Key Encryption Private Key Virtual Smart & Physical Smart Card

21 Unique PKI Issues for B2B & Extended Enterprises
Partners wishing to use PKI to protect transactions over the Internet. Must support the “Big 2” web browsers and mail clients Must be secure over a public network Must be unobtrusive to partners’ PCs Must be easy to use Solution must be secure, scalable, and manageable Users credentials must be mobile

22 Unique PKI Issues for B2B & Extended Enterprises
Large enterprise deployments wanting to use PKI for a variety of functions Browser, S/MIME, IPSec The enterprise requires unobtrusive software Must be easy to use The solution must be secure and be run over a public network

23 RSA Keon Advanced PKI Ease of Use: Credential Mobility
Security Server RSA Keon Advanced PKI takes the concept of the Credential Store one step further, by providing user credential mobility. A user can move from RSA Keon Desktop to Desktop with confidence their credentials will follow them to each secured work environment. Today’s PKI deployments offer mobility with physical smart cards only. If an organization deploys a software-based PKI implementation, end users are tied to a physical device, their workstation. RSA Keon Advanced PKI supports physical and virtual smart cards to provide customers the flexibility needed for secure e-business. RSA Keon Advanced PKI, with the concept of a virtual smart card offers organizations the benefits of a physical smart card without the additional costs associated with readers and deployment of hardware.

24 Downloadable Desktop Architecture
PKCS #11 Browsers and Mail Clients Microsoft Browsers and Mail Clients IPSec and Other Applications PKCS #11 CSP PKCS #11 or CSP RSA Security Cryptographic Services Logoff Service COM server Local Security Service

25 Downloadable Desktop Credential mobility Multiple user credentials
Certificate auto-enrollment Keon Certificate Server Support Optional SecurID authentication Standards-based repository

26 Downloadable Desktop Unobtrusive software Reduced sign-on/web SSO
Small footprint No device drivers Installed by a normal user No reboot Reduced sign-on/web SSO Interoperability with client PKI applications Microsoft Internet Explorer, Outlook Express, Outlook 2000 Netscape Navigator, Messenger Other “CSP” Applications Compatibility with authorization products Public APIs and CLIs for integration and customization

27 Authentication Options
Physical Smart Card Virtual Smart Card PKCS #5 Password Enhancement SecurID

28 The Most Trusted Name in e-Security

Download ppt "Product Manager, Keon PKI"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
eToken PKI Client Overview

eToken PKI Client Overview
Trusted Identity & Access Management The Next Critical Step

Trusted Identity & Access Management The Next Critical Step
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Similar presentations

Ads by Google