Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Trust Platform

Published byJesko Schmidt Modified over 5 years ago

Similar presentations

Presentation on theme: "National Trust Platform"— Presentation transcript:

1 National Trust Platform
September 24th, 2018

2 What do we call the « National Trust Platform » ?

3 Why do we need a Trust Platform ?
Authentication Confidentiality Integrity Non repudiation

4 Encryption Signature Trusted certificates Fab5f62863 Cdedc51435 52c9d3
Clear Text Message Fab5f62863 Cdedc51435 52c9d3 Verify signature

5 The National Platform PKI
Certification authority Root authority Subordinate authorities: National Education CA Person CA Infrastructure CA Signature CA Others Registration authority Log management HSM Enrollment Entity Users PKCS#10 Forms Servers SCEP PKCS#10 Forms

6 The Certification Authority entity
Trusted certification authorities Trusted certificates Certificates lifecycle Certificate policy

7 The Root Certification Authority
Signature of Subordinate Certification Authority certificates Subordinate Certification Authority certificates lifecycle Issuing Certificate Revocation List (CRL)

8 The subordinate certification authorities
Signature of User / Server Certificate Requests Backup of encryption key pairs User / Server certificates lifecycle CRL updating and publication

9 The Person Certification Authority
User authentication User data encryption User signature 09/2017 – 09/2018 = 634 certificates The cost of one user authentication certificate from an external provider is 100 €

10 The Infrastructure Certification Authority
Client / Server authentication Encryption Time stamping Server stamping Code signature 09/2017 – 09/2018 = 369 certificates The cost of one SSL certificate from an external provider = 250 €

11 The Signature Certification Authority
Electronic signature 09/2017 – 09/2018 = certificates ! The cost of one temporary signature certificate from an external provider = 26 € Money saving ? Yes, it is money saving.

12 Keys management HSM BULL PROTECCIO RSA upto 4096 bits key length

13 The Registration Authority
Search / retrieval of issued certificates Certificate requests Key recovery requests Revocation requests Renewal requests

14 The Enrollement Entity
Requester: Certificate request Enrollment Entity NO Regiistration Authority Certification Authority YES

15 The certificate policy
Issuer DN Key Usage Validity dates User DN User’s Public key

16 The secure environment
ACLs TLS authentication with certificates PKI Officer validation Security tokens

17 The Signature services
The signature validation service The timestamping service The safebox service

18 The Signature service To ensure the signer’s identity
To establish a relation between the signer and the signed document (non repudiation) To ensure that the document was not modified (integrity) Signer Signed document fab5f62863cdedc c9d37d6679e3304f7a

19 The Signature validation service
To verify the document’s integrity since its signature To verify the relation between the signer and the signed document To verify the signer’s certificate (CRLs, validity, trustworthy CA) Certificate Revocation Lists Certification Authorities fab5f62863cdedc c9d37d6679e3304f7a

20 The Timestamping service
To ensure that the document was signed at a precise time To ensure that the document has not been modified since this time fab5f62863cdedc c9d37d6679e3304f7a Certificate Date& Time Signature Timestamping Authority Certification Authority Data to be timestamped fab5f62863cdedc c9d37d6679e3304f7a NTP server Sattelite GPS

21 The Safebox service To ensure the storage of the data protected from any modification To ensure the confidentiality of the stored data (encryption, secure access) Decryption of the digital object Deposit Deposit hash validation Deposit access request Deposit proof validation Fab5f62863 Cdedc51435 52c9d37d66 79e3304f7a Deposit Hash of the digital object Encryption of the digital object Deposit proof signed and timestamped

22 To sum up The National Trust Platform provides us with trusted mechanisms which allow to: Safely authenticate users, processes, machines Encrypt the data to keep it confidential Ensure the integrity of the data stored or transferred We can dematerialize procedures by using electronic signature services and secure storage. We have the mecanisms to identify document signers, verify signatures and securely store the proof of valid signatures.

Download ppt "National Trust Platform"

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
PKI Implementation in the Real World

PKI Implementation in the Real World
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google