Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Published byDarren Moore Modified over 9 years ago

Similar presentations

Presentation on theme: "Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam"— Presentation transcript:

1 Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam BienNT@mtechpro.com

2 Agenda About RSA Business Drivers Implementation Considerations Technology Considerations Project process PKI enabled applications

3 About RSA

4 RSA, The Security Division of EMC EMC is the world leading information infrastructure company enabling organizations to bring the power of their information to life RSA is the world leader in securing information infrastructure ensuring that information is always an asset and never a liability Add Intelligence Virtualize & Automate Store Protect Information

5 RSA Security Leadership Inventors of RSA algorithm 1 st year legacy 25 + organizations protected 35K + phishing attacks shut down 175K + 250M + online identities protected 1B + products shipped with RSA BSAFE ® encryption World’s Largest information security industry event year legacy 25 +

6 Business Drivers

7 Organizations leverage e-business to: Enable users to access information Improve relationships with customers, suppliers, partners… New/enhanced revenue generation opportunities Reduce costs Enhance compliancy Big question: “How can we do this securely?”

8 e-Business Transformation Unlocking the Potential of e-Business Trusted e-business require parties to know: Who they are doing business with Communications are confidential Transactions cannot be altered in transit Support for non-repudiation is available

9 Implementation Considerations

10 Setting up a PKI Long process Mainly organisational and business Establishing a PKI service Business cases Business drivers Implementing the CA Secure and highly available infrastructure Operations team to support 24*7*365 PKI-enabled applications

11 Technology Considerations

12 RSA Digital Certificate Management Products & Solutions Products RSA Certificate Manager Industry leading CA RSA Validation Solution Ensure high-levels of trust & protection for organizations RSA Root Signing Service Solutions Web Server SSL Enables cost effective trusted server authentication Secure Digital Signing Enables trusted transactions and communications for streamlining processes Secure e-Mail Enables trusted messaging for streamlining processes Secure VPN Cost effectives, easy to use strong authentication of users and devices

13 RSA Digital Certificate Management Components User RSA Certificate Manager RSA Key Recovery Manager Web Server RSA Root Signing Service RSA Validation Clients RSA Validation Manager RSA Registration Manager

14 RSA Keon Root Signing Service RSA Root Signing Service Extending the Value of Digital Certificates Company ABC End User Browser Company ABC Certificate Authority External Business Partner Actions Invisible to the End User End User Certificate Signed e-Mail / Web transaction

15 RSA Key Recovery Manager “ m of n” Collaborative Encryption Key Recovery RSA Certificate Manager RSA Key Recovery Manager Smart Cards nCipher HSM Key Recovery Mgr Key Recovery Operators Key Recovery Server

16 Other considerations Infrastructure Secure network Operating platforms (Windows/Solaris systems) System LDAP Public LDAP RA Stations Secure computer centre Systems and security monitoring

17 RSA BSAFE Cryptographic toolkits Java C / C ++

18 Project Process

19 Business Project set-up Define project organisation Business control Security Operations Administration Define RSA project organisation Define organization business cases, operational processes, etc.

20 Business Discovery and Analysis, Planning Requirements collection and analysis Business Information Security Project planning PKI operations department Processes and policies development

21 PKI project set-up Requirements collection Infrastructure/CA/RA IT Security Project planning PKI operations Processes and policies WebTrust

22 Solution design Architecture Systems Infrastructure Security

23 Physical Security

24 Development Test plan and test cases Policies and Processes Information Security CP & CPS Operations

25 Pre-Production Infrastructure Installation of test system System and integration testing according to test plan System documentation Test run

26 Production Infrastructure Installation of production system Testing according to test plan WebTrust Boot strap Root sign Pilot

27 PKI-enabled Applications

28 Using PKI with existing and new applications

29 Digital Signatures and Document Security PKI-enabled Applications

30

31 Thank you!

Download ppt "Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
WSU A Symphony in Four Movements. A Century of Controlled Flight.

WSU A Symphony in Four Movements. A Century of Controlled Flight.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Similar presentations

Ads by Google