Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002.

Similar presentations


Presentation on theme: "PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002."— Presentation transcript:

1 PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002

2 Agenda 1.Introduction/Orientation 2.Digital Communication 3.What is PKI? 4.PKI Administrative Records Functions 5.PKI Operational Records v. PKI Electronic Recordkeeping Requirements 6.Recommendations

3 PKI Case Study: Overview Not a PKI tutorial Work for the National Archives and Records Administration Opportunity for records managers/archivists

4 Digital communication Closed and secure (national defense, VPN) Open and secure (SSL) Open and non-secure (PKI)

5 PKI a ‘hot technology” E-Commerce E-Governance State of Illinois

6 What Is PKI? A PKI is an asymmetric cryptography security environment that supports the transmission, delivery, and receipt of digital communications over a non- secure communications channel.

7 What Does PKI Do? Authenticates sender of digital communications Protects integrity of digital communications Key Pair Private Public Trusted third party

8 How PKI Works in Digital Communications

9 Hash Digest Values 337.60 KB AaAEAACoAQAKAGjhX8 4+VC1d3)NgDiPHvG+/R8 hKCAUCACOvWKATFOY Iz3XS5gAAgI1wrAKO1ge AAAAAAAAAAAAAAAA= 337.60 KB AaAEAACoAQAKAGy2YV 8gORjFeuf3yfnn7V)QMKB CgKywNfTD+avB8UVEYK AAAoUB2gKo1gEAALgAA AAAAAAAAAA=

10 Key PKI management concepts PKI standard: X.509 Certificate Policy (CP): What Certificate Practice Statement (CPS): How PKI administrative records v. PKI transaction records Little or no good practice guidance

11 Certificate Policy (CP) for Access Certificates for Electronic Services General Provisions Identification and Authentication Operational Requirements Physical, Procedural, and Personnel Security Controls Technical Security Controls Certificate and CRL Profiles Policy Administration

12 CP Operational Requirements Certificate Issuance & Acceptance Certificate Suspension & Revocation Computer Security Audit Procedures Records “Archival” Compromise & Disaster Recovery

13 Certificate Practice Statement (CPS) To Be Discussed Later Under PKI Operational and Electronic Recordkeeping Requirements

14 PKI Records

15 PKI Administrative Records

16 PKI Administrative Records Guidance Constraints PKI records are not unique PKI operational system v. PKI recordkeeping system Some PKI records are paper-based

17 PKI functions Plan/define PKI Establish, startup, install Operate Audit/monitor Reorganize/dismantle

18 PKI Functions, Activities, and EXAMPLE Records Example Records

19 Example Operate Functions and Related Records FunctionsRecords

20 PKI Requirements Overview

21 PKI Record capture Operational 1.Accurate and complete at or near the time of the event 2. Event log that tracks all activities associated with capture 3.Automatic population of record series title, disposition, and vital records status Recordkeeping 1. As database tables or as “rendered for viewing” 2. Technology neutral formats 3. Paper-based records 4. Document transfer of records to ERS 5.Confirm integrity of transferred records 6.Complete and accurate transfer of metadata

22 PKI records metadata Operational 1.Augment event log data with series title, retention period, vital record status 2. For each unique event Common name Certificate number Date of event Distinguished name 3. Restrict changes in metadata to authorized persons Recordkeeping 1.Minimum attributes specified in operational requirements 2.For CP and CPS use registered Object ID 3. View/print complete metadata 4. Computer generated unique id for each record 5. Record location of electronic and paper records 6. Human readable bar code for all paper records 7. Restrict changes to authorized persons

23 Recommendations Become knowledgeable about X.509 Get involved in PKI discussions NOW Understand the differences between operational PKI systems and PKI recordkeeping requirements Adopt/implement federal government guidance Don’t accept “we can’t do that” from IT and PKI vendors Make the risk management argument

24 Summary Topics covered Seize the opportunity

25 Questions?

26 Thank you! Charles Dollar thecdollar@cs.com (253) -6346 Tel.: (253) 853-6346


Download ppt "PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002."

Similar presentations


Ads by Google