Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002."— Presentation transcript:

1 PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002

2 Agenda 1.Introduction/Orientation 2.Digital Communication 3.What is PKI? 4.PKI Administrative Records Functions 5.PKI Operational Records v. PKI Electronic Recordkeeping Requirements 6.Recommendations

3 PKI Case Study: Overview Not a PKI tutorial Work for the National Archives and Records Administration Opportunity for records managers/archivists

4 Digital communication Closed and secure (national defense, VPN) Open and secure (SSL) Open and non-secure (PKI)

5 PKI a ‘hot technology” E-Commerce E-Governance State of Illinois

6 What Is PKI? A PKI is an asymmetric cryptography security environment that supports the transmission, delivery, and receipt of digital communications over a non- secure communications channel.

7 What Does PKI Do? Authenticates sender of digital communications Protects integrity of digital communications Key Pair Private Public Trusted third party

8 How PKI Works in Digital Communications

9 Hash Digest Values 337.60 KB AaAEAACoAQAKAGjhX8 4+VC1d3)NgDiPHvG+/R8 hKCAUCACOvWKATFOY Iz3XS5gAAgI1wrAKO1ge AAAAAAAAAAAAAAAA= 337.60 KB AaAEAACoAQAKAGy2YV 8gORjFeuf3yfnn7V)QMKB CgKywNfTD+avB8UVEYK AAAoUB2gKo1gEAALgAA AAAAAAAAAA=

10 Key PKI management concepts PKI standard: X.509 Certificate Policy (CP): What Certificate Practice Statement (CPS): How PKI administrative records v. PKI transaction records Little or no good practice guidance

11 Certificate Policy (CP) for Access Certificates for Electronic Services General Provisions Identification and Authentication Operational Requirements Physical, Procedural, and Personnel Security Controls Technical Security Controls Certificate and CRL Profiles Policy Administration

12 CP Operational Requirements Certificate Issuance & Acceptance Certificate Suspension & Revocation Computer Security Audit Procedures Records “Archival” Compromise & Disaster Recovery

13 Certificate Practice Statement (CPS) To Be Discussed Later Under PKI Operational and Electronic Recordkeeping Requirements

14 PKI Records

15 PKI Administrative Records

16 PKI Administrative Records Guidance Constraints PKI records are not unique PKI operational system v. PKI recordkeeping system Some PKI records are paper-based

17 PKI functions Plan/define PKI Establish, startup, install Operate Audit/monitor Reorganize/dismantle

18 PKI Functions, Activities, and EXAMPLE Records Example Records

19 Example Operate Functions and Related Records FunctionsRecords

20 PKI Requirements Overview

21 PKI Record capture Operational 1.Accurate and complete at or near the time of the event 2. Event log that tracks all activities associated with capture 3.Automatic population of record series title, disposition, and vital records status Recordkeeping 1. As database tables or as “rendered for viewing” 2. Technology neutral formats 3. Paper-based records 4. Document transfer of records to ERS 5.Confirm integrity of transferred records 6.Complete and accurate transfer of metadata

22 PKI records metadata Operational 1.Augment event log data with series title, retention period, vital record status 2. For each unique event Common name Certificate number Date of event Distinguished name 3. Restrict changes in metadata to authorized persons Recordkeeping 1.Minimum attributes specified in operational requirements 2.For CP and CPS use registered Object ID 3. View/print complete metadata 4. Computer generated unique id for each record 5. Record location of electronic and paper records 6. Human readable bar code for all paper records 7. Restrict changes to authorized persons

23 Recommendations Become knowledgeable about X.509 Get involved in PKI discussions NOW Understand the differences between operational PKI systems and PKI recordkeeping requirements Adopt/implement federal government guidance Don’t accept “we can’t do that” from IT and PKI vendors Make the risk management argument

24 Summary Topics covered Seize the opportunity

25 Questions?

26 Thank you! Charles Dollar thecdollar@cs.com (253) -6346 Tel.: (253) 853-6346

Download ppt "PKI Records Management and Archive Issues October 10, 2002 Phoenix, AZ Charles Dollar Dollar Consulting ECURE 2002."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Fedora Users’ Conference Rutgers University May 14, 2005 Researching Fedora's Ability to Serve as a Preservation System for Electronic University Records.

Fedora Users’ Conference Rutgers University May 14, 2005 Researching Fedora's Ability to Serve as a Preservation System for Electronic University Records.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft 0.010 David L.

David L. Wasley Office of the President University of California A PKI Certificate Policy for Higher Education A Work in Progress Draft David L.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Similar presentations

Ads by Google