Presentation on theme: "Secure Communication Architectures."— Presentation transcript:
Sara.Ferri@ElsagDatamat.com Secure Communication Architectures
1.The key for building a secure communication architecture is to define what security means to the specific contest. 2.Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. 3.Projects and systems can then be broken down into their components. 4.And finally, it’s important to decide whether what is proposed will conflict with specific security policies and practices.
Design and develop a new genaration of user- friendly and personalised services for citizens as well as student, businessmen and bank customers accessible anywhere and anytime with any technology in realising a mobile and trusted secure access to different services. SM-PAYSOC results
SM-PAYSOC Architecture VHE middleware performs the service adaptation process, managing user profiling issues and personalizing services on the basis on terminal type (pc, kiosk, and PDA) and user interface preferences Secure Service Centre middleware performs all the security services. VHE=Virtual Home Environment SB=Service Broker UM=User Modeller VASP=Value Added Service Providers
SM-PAYSOC: Key Security Concepts The key security concepts regarding SM-PAYSOC are the following: To protect the user’s payment sensitive data; To grant the integrity of payment data between the VASP and the terminal; To grant the integrity and non-repudiation of the transaction.
Security in JWeB communication In JWeb project, the Security Module assures strong authentication of both data flow and actors and at the same time protecting sensitive data, infrastructure resources and user terminal. The Security plays a transversal role in the JWeb architecture: It gives the credentials to a JWeb user certificating its own keys and registering him/her in the JWeb environment; It manages the authentication of the user through an authentication mechanism based on the X.509 v3 certificates; It provides network security services by VPN links inside the JWeb architecture.
PKI – Public Trusted Infrastructure Certification Authority Registration Authority; End Entity. Secure Messaging; Digital Signature; Document Integrity; Secure Access to Private Info; Non Repudiation. CARD INITIALIZATION & BIOMETRIC ENROLMENT Security in JWeB communication
Secure VPN (S-VPN) Link Protection on public network Strong Authentication of Users and devices; Seamless security that is easy to deploy and has a minimal impact to the user; Confidentiality and Privacy. Security in JWeB communication
S-VPN is strictly connected to the PKI services since it is based on X509v3 certificates use and public cryptography. JWeb end entity can be easily added and removed from the platform keeping a strong security. Usage of CRL (Certificate Revocation List) assures that removed users can’t access the system. No shared secrect will be kept by user, but the security is assured by “something that is owned” (Private Key and Fingerprint) so no-repudiation services can be guarantee. Security in JWeB communication
The key security concept regarding JWeb is the following: The security is addressed not only for protection purposes, limited to control access, bidirectional authentication between the user and the infrastructure and confidentiality of the communication, but also for strong authentication, certification and digital signature at service layer. To this extent libraries have been conceived for terminal side. The cited libraries provide support, exploiting the strong security features provided by the secure and powerful chip with biometric authentication. Only the owner of smart card will be able to use the certificates and the information stored in the smart card by using his fingerprints. JWeb: Key Security Concept
Conclusion In the last years, the strong increase of illegal migration, trafficking of drugs, weapons and human beings and overall the advent of terrorism has made necessary a strong collaboration in judicial processes of different EU member states. The importance of the use of the collaboration keeps in consideration criminal investigative purpose based on the ability to: identify, without doubt, the collegues involved in judicial affairs or in police investigation before starting exchanging “critical” information. ensure the protection of judicial document exchange both in the production phase and in the distribution phase, since it fundamental to have a secure identification of the data origin and the avoidance of unauthorized data modifications while the document is exchanged. So, a Secure Communication Architecture has to support and to guaranty critical functionality at three different levels: the authentication of the user; the security of the documents managed by the platform; the protection of the judicial infrastructure.
Sara.Ferri@ElsagDatamat.com Thank you for Your Attention