Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer"— Presentation transcript:

1 Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer mcashwell@xcert.com Sept 2000 Margie Cashwell Senior Sales Engineer mcashwell@xcert.com Sept 2000

2 Overview State of Digital Mobile Telephony Examples of Wireless Applications PKI Architecture Scalability Extensibility Scalable Solutions Sample Architectures

3 State of Digital Mobile Telephony Global System for Mobile Communications (GSM) has over 215 million subscribers GSM alone has more subscribers than the Internet has users (210) Paradigm shift in mobile telephony 3G, –Sprint 1st cellular provider to offer service in US

4 Examples of Wireless Applications Top three uses of Internet enabled mobile phones: –Travel related uses –Online banking –Email Wireless scale = Internet Scale x 100 = Enterprise x 1,000

5 PKI Architecture Requirements: –Multi- Functional –Extensible –Support mass-market network devices embedded in: mobile phones: pagers PDAs “smart phones”

6 Extensibility Ration of device size to certificate size X.509 certificate format too complex Elliptic curve keys in certificates WTLS certificate format Ability to support new certificate formats

7 Proven Scalable Solutions 8 Million Certificates on a single server Individual and batch certificate issuance and revocation Remote publishing of user certificates Locating and retrieving user certificates Concurrent signing operations Concurrent real time online certificate status checking

8 Xcert Sample Architecture

9 Trust Model with External CAs

10 WebSentry

11 Sentry Product Suite Unique ‘rapid deploy’ PKI platform for Internet and e-commerce applications that scales to a million users & manages security for corporations that use the Internet to conduct business

12 Sentry Product Suite Sentry CA - Issue & manage certificates WebSentry - PKI enable your servers Sentry RA - Provide remote enrollment Xcert Development Kit - PKI enable your apps Professional Services & Training - Achieving ROI Support - Reliable customer service

13 Xcert PKI Overview Internet based Customizable Simple Scalable Lightweight Secure Non-proprietary PKI enables the application service User authorization Non-repudiation of transactions (digital signatures) Remote user enrollment Minimizes enrollment bottlenecks Industrial strength CA Issues certificates Manages certificates Manages Access Control Lists Supports PKI enabled applications

14 Platforms –NT & Solaris Certificates & CRLs –X509 v3 (all standard extensions) Application Support –Web –Email –VPN –ERP –SSO –Document security Directories –LDAP, X500 Protocols –HTTP, SSL, LDAP, SMTP, PKCS Crypto –DSA, RSA, ECC Crypto Hardware –All PKCS #11 High Assurance –FIPS-140 level 3 hardware –Real time revocation Sentry CA Specifications

15 Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

16 Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

17 Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

18 Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server

19 Sentry CA Architecture Add-on Components: Publishing Backend Alternate SQL data stores

20 Sentry CA Features Enrollment –Interfaces Vetting –Notification –Examination –Auto vetting Extensions –Profiles Storage –Interfaces Suspension & revocation –Status checking Renewal Certificate lifecycle management

21 Sentry CA Features Creating CAs Managing CAs –User maintenance CA security & practices Exporting CAs Importing CAs Cloning Subordination CRLs External CAs CA lifecycle management

22 External CAs

23 Sentry CA Features System administration –Work benches –ACL management Admin, vettors, end users –Logging –Backing up –Upgrading Extending the back-end –Publishing –Data stores

24 Sentry RA Industrial strength enrollment solution –Accepts certificate requests –Verifies credentials –Supports CA signing process –Revokes certificates Streamlined configuration –auto notification –auto enrollment –auto renewal –application specific profiles Distributed component / Stand-alone server Offloads enrollment bottlenecks from CA Flexible scalability

25 Sentry RA

26 WebSentry High assurance PKI for web servers –Plugs into standard web servers –User authorization –Controls access to web pages –Queries Sentry CA certificate status ACL rules Zero tolerance security

27 Wrap Up Wireless devices large part of the future, The best way to bring these devices into the network in a secure fashion is with certificates. We expect to see significant PKI and WAP development over the next 18 months.

Download ppt "Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer"

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory

Understanding Active Directory
WSU A Symphony in Four Movements. A Century of Controlled Flight.

WSU A Symphony in Four Movements. A Century of Controlled Flight.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Similar presentations

Ads by Google