Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times."— Presentation transcript:

1 Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times

2 Assuring e-Trust always www.certiver.com 2 Today's Agenda  Who is CertiVeR  Solutions from CertiVeR  CertiVeR – TACAR proposal  Questions

3 Assuring e-Trust always www.certiver.com 3 CertiVeR Mission Create and maintain an environment of consistent and constant trust in the use of digital signatures to promote wider acceptance and adoption of e-signatures at a lower cost.

4 Assuring e-Trust always www.certiver.com 4 Real Time Certificate Status Checking  Uses OCSP –Checks certificate validity in real time –No need for CRLs –Reduces costs Management overheads Communications costs –Minimises likelihood of invalid certificates being accepted Reduces fraud

5 Assuring e-Trust always www.certiver.com 5 CertiVeR Services Validation  OCSP Validation via CRL or OCSP database connection in real time. –Provision of enhanced OCSP responder –High Availability –Back up –Load Sharing –Automated Revocation

6 Assuring e-Trust always www.certiver.com 6 CertiVeR Services Enhanced Validation information  Certificate Status –Active, Revoked or Suspended –Multiple CA integration  Purpose of Certificate –Use of OCSP response extensions to disclose attributes of the user certificate or the Certification Authority policy. –Used for authorisation by applications to carry out specific functions or transactions Invalid Certificate

7 Assuring e-Trust always www.certiver.com 7 CertiVeR Services: Load Sharing, Backup & High Availability  Backup of your certificates database: –Backup in case of failure with security guarantee –Lower cost than if you were to do it yourself  High Availability: –Hot standby backup in case of failure –Load sharing or balancing –Ensure high availability and reliability –Guarantee performance levels

8 Assuring e-Trust always www.certiver.com 8 CertiVeR Services Automated Revocation  Automated certificate revocation module or application via voice and speaker recognition. –High Security, Liability and Reliability Biometrics user registration Speaker and Voice recognition integrated with revocation –High Availability, 24x7 –Outsourcing of service to CertiVeR

9 Assuring e-Trust always www.certiver.com 9 CertiVeR Services Optional Manual Revocation  Common Call Center for all CAs –Economies of Scale –Lower shared costs –More user friendly –High Availability, 24x7 Automated system may transfer problematic calls –Security provided through Secret questions A similar security level could also be provided via Web

10 Assuring e-Trust always www.certiver.com 10 CertiVeR Services - Outsourcing Certificate Status Database Management  Offload management  Reduce costs  Improve service  Enhance reliability  Increase accuracy  Raise level of trust and confidence

11 Assuring e-Trust always www.certiver.com 11 CertiVeR Services CA Certification  Creation of or assistance with CPS  Audit of CA in accordance with international and national norms –Legal requirements –Required by customers –Facilitates trust chains  CertiVeR Proof of Trustworthiness

12 Assuring e-Trust always www.certiver.com 12 CertiVeR Services Common Trust with Credibility  Certificate Authority Audit.  Establishment of Cross Trust with other CAs.

13 Assuring e-Trust always www.certiver.com 13 CertiVeR Services Trust Chaining  Establish trust chains between CAs based on CertiVeR certification  Eliminates islands of PKIs.  Facilitates universal acceptance of digital certificates  Encourages wider use of certificates  Generates more revenues for CAs

14 Assuring e-Trust always www.certiver.com 14 CertiVeR Cross-Trust How do you trust other CAs?  Chaining Trust –Cross-certification –Cross-validation  No more PKI Islands –Degree of Trust –Validity Time of Trust –Validity Period of Trust

15 Assuring e-Trust always www.certiver.com 15 CertiVeR Services Ready applications for digital signature  Provide tools and services to make applications PKI ready: –Already integrating GTK 3.9.4  Single validation access point for several CA,s  Provision of access APIs  Quality Control and post development support  Facilitate the rise of applications using digital signatures –Needing more than one certificate –Needing more than just certificate validation

16 Assuring e-Trust always www.certiver.com 16 CertiVeR – TACAR 1 st Proposal Revocation Administration done by CA CRL for User Certs synch CA Users, Grid Users, etc. CAs TACAR CA’s Root List CertiVeR Sites OCSP Responder Cert Status Database Revocation Module Publish Root Certs Revoke User Certs Revoke Root Certs OCSP Validation Request for TACAR’s Repository and hierarchies

17 Assuring e-Trust always www.certiver.com 17 CertiVeR – TACAR 2 nd Proposal Revocation Administration done by CertiVeR synch CertiVeR Sites OCSP Responder Cert Status Database Revocation Module CA Users, Grid Users, etc. CAs Publish Root Certs TACAR CA’s Root List Revoke Root Certs OCSP Validation Request for TACAR’s Repository and hierarchies Revoke User Certs

18 Assuring e-Trust always www.certiver.com 18 OCSP Signature Validation We offer two options: 1. Sign OCSP responses with a certificate trusted by all parties. 2. Sign OCSP responses with a certificate issued by the same CA hierarchy as the certificates whose status is being asked for.

19 Assuring e-Trust always www.certiver.com 19 The Business case for CertiVeR Annual cost assumptions included Service DescriptionDone byCost UnivCost SME Status CheckingYourself15,000€40,000 Back upYourself2,000€10,000 High AvailabilityYourself18,000€100,000 (Automated) RevocationYourself40,000€50,000 CA Certification3rd Party15,000€15,000 Trust ChainTACAR5,000€20,000 PKI Enablement/Appl.Yourself15,000€20,000 Total€ 110,000| € 275,000 Cost cover up to 10.000 users

20 Assuring e-Trust always www.certiver.com 20 The Business case for CertiVeR Annual cost assumptions included depending on degree of Administration Service DescriptionDone byCost Enhanced Status Checking (1)CertiVeR€20,000 Back upCertiVeR€5,000 High AvailabilityCertiVeR€20,000 Automated RevocationCertiVeR€30,000 CA CertificationCertiVeR€15,000 Trust Chain (included in (1))TACAR€0€0 PKI Enablement/Appl.CertiVeR€10,000 Total€100,000 Savings of €60,000 or 120% each site!!! Cost cover up to 10.000 users (1) Status Checking + Trust chain integration Discount Univ. 50% = 50,000€

21 Assuring e-Trust always www.certiver.com 21  The most cost-effective services offered The Basic services by CertiVeR Service DescriptionBy CertiVeR(50%)By Univers.Saving Enhanced status checking10,000 €20,000 €10,000€ User Revocations15,000 €40,000 € 25,000€ High Availability10,000 €18,000 €8,000€ TOTAL35,000 €78,000 €43,000 € TOTAL saving 43.000 €/year/site 123% over CertiVeR cost 55% over University cost

22 Assuring e-Trust always www.certiver.com 22  Chargeable services to your customers. –You get CertiVeR services for nothing! The Business case for CertiVeR Revenue opportunities Service DescriptionFee per operation Times/yearSaving Validations0.1€1.500.000150.000€ Revocations (annual cost)5 €/year/user 5.000 25.000€ Certificate replacement20 € 500 10.000€ Revenues covered by 5.000 users

23 Assuring e-Trust always www.certiver.com 23 Try now our demo at: http://www.certiver.com

24 Assuring e-Trust always www.certiver.com 24 Any Questions ?

Download ppt "Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Similar presentations

Ads by Google