Download presentation
Presentation is loading. Please wait.
1
PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002
2
Agenda 1.Introduction/Orientation 2.Digital Communication 3.What is PKI? 4.PKI Administrative Records Functions 5.PKI Operational Records v. PKI Electronic Recordkeeping Requirements 6.Recommendations
3
PKI Case Study: Overview Not a PKI tutorial Work for the National Archives and Records Administration Opportunity for records managers/archivists
4
Digital communication Closed and secure (national defense, VPN) Open and secure (SSL) Open and non-secure (PKI)
5
PKI a ‘hot technology” E-Commerce E-Governance State of Illinois
6
What Is PKI? A PKI is an asymmetric cryptography security environment that supports the transmission, delivery, and receipt of digital communications over a non- secure communications channel.
7
What Does PKI Do? Authenticates sender of digital communications Protects integrity of digital communications Key Pair Private Public Trusted third party
8
How PKI Works in Digital Communications
9
Hash Digest Values 337.60 KB AaAEAACoAQAKAGjhX8 4+VC1d3)NgDiPHvG+/R8 hKCAUCACOvWKATFOY Iz3XS5gAAgI1wrAKO1ge AAAAAAAAAAAAAAAA= 337.60 KB AaAEAACoAQAKAGy2YV 8gORjFeuf3yfnn7V)QMKB CgKywNfTD+avB8UVEYK AAAoUB2gKo1gEAALgAA AAAAAAAAAA=
10
Key PKI management concepts PKI standard: X.509 Certificate Policy (CP): What Certificate Practice Statement (CPS): How PKI administrative records v. PKI transaction records Little or no good practice guidance
11
Certificate Policy (CP) for Access Certificates for Electronic Services General Provisions Identification and Authentication Operational Requirements Physical, Procedural, and Personnel Security Controls Technical Security Controls Certificate and CRL Profiles Policy Administration
12
CP Operational Requirements Certificate Issuance & Acceptance Certificate Suspension & Revocation Computer Security Audit Procedures Records “Archival” Compromise & Disaster Recovery
13
Certificate Practice Statement (CPS) To Be Discussed Later Under PKI Operational and Electronic Recordkeeping Requirements
14
PKI Records
15
PKI Administrative Records
16
PKI Administrative Records Guidance Constraints PKI records are not unique PKI operational system v. PKI recordkeeping system Some PKI records are paper-based
17
PKI functions Plan/define PKI Establish, startup, install Operate Audit/monitor Reorganize/dismantle
18
PKI Functions, Activities, and EXAMPLE Records Example Records
19
Example Operate Functions and Related Records FunctionsRecords
20
PKI Requirements Overview
21
PKI Record capture Operational 1.Accurate and complete at or near the time of the event 2. Event log that tracks all activities associated with capture 3.Automatic population of record series title, disposition, and vital records status Recordkeeping 1. As database tables or as “rendered for viewing” 2. Technology neutral formats 3. Paper-based records 4. Document transfer of records to ERS 5.Confirm integrity of transferred records 6.Complete and accurate transfer of metadata
22
PKI records metadata Operational 1.Augment event log data with series title, retention period, vital record status 2. For each unique event Common name Certificate number Date of event Distinguished name 3. Restrict changes in metadata to authorized persons Recordkeeping 1.Minimum attributes specified in operational requirements 2.For CP and CPS use registered Object ID 3. View/print complete metadata 4. Computer generated unique id for each record 5. Record location of electronic and paper records 6. Human readable bar code for all paper records 7. Restrict changes to authorized persons
23
Recommendations Become knowledgeable about X.509 Get involved in PKI discussions NOW Understand the differences between operational PKI systems and PKI recordkeeping requirements Adopt/implement federal government guidance Don’t accept “we can’t do that” from IT and PKI vendors Make the risk management argument
24
Summary Topics covered Seize the opportunity
25
Questions?
26
Thank you! Charles Dollar thecdollar@cs.com (253) -6346 Tel.: (253) 853-6346
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.