Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Published bySusanna Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003."— Presentation transcript:

1 Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003

2 Agenda Components of a Public Key Infrastructure (PKI) Roles and Responsibilities Certificate Authority Registration Authority Other Implementation Technical Activities Organizational Activities Inter-Organizational Activities

3 Components of a PKI Encryption: keys, algorithms and hash functions Secure public key infrastructure (PKI), which supports key exchange Software which supports secure messaging functionality (e.g. email-clients or plug-ins) Policies, procedures and agreements to establish and maintain trust in the system Optional: special devices e.g. a smart card and a smart card reader or an USB token

4 Components of a PKI Encryption Symmetrical keys Asymmetrical keys Encryption algorithms Digital Signatures Hash functions Optional Devices Smart Cards Biometric Devices And more….

5 Components of a PKI Certificates Certificate Policy Certification Practice Statement Relying Party Agreement

6 Components of a PKI Certificate Authority (CA) Registration Authority (RA) - or - Local Registration Authorities (LRA) Directory Service Time Stamping (as an additional service)

7 Certificate Authority Tasks A CA has to generate the certificate based on a public key. It links the certificate to a particular user. It manages published certificates. Lastly, a CA is part of cross certification with other CAs

8 Registration Authority Tasks A RA has two main functions: To verify the identity and the statements of the claimant To issue and handle the certificate for the claimant

9 Directory Services The directory service has two main functions: To publish certificates To publish a Certificate Revocation List (CRL) or to make an online certificate available via the Online Certificate Status Protocol (OCSP)

10 Notary / Time Stamping Time Stamping is a special service. Time Stamping confirms the receipt of digital data at a specific point in time. Time Stamping is used for contracts or other important documents where a receipt needs to be confirmed.

11 Implementation Successful PKI implementation requires: Technical activities Organizational activities Inter-Organizational activities

12 Technical Activities Gather the technical requirements for a PKI solution and secure messaging software Decide on whether to buy or develop Select the hardware and software for the PKI solution and secure messaging solution Install and test the system Upgrade the network infrastructure and implement the selected solutions

13 Technical Activities Compile the requirements and come up with a concept of how to operate with and utilize keys: Key generation Key management Distribution and exchange of certificate and private key Key separation Archiving of the certificate, and if necessary, the private key Change and validation of certificate and if necessary, the private key Manage the access to and representative use of the certificate and private key Freezing and destruction of certificates

14 Summary of Technical Activities

15 Organizational Activities Definition of Certification Practice Statement (CPS) Development of a security concept for the CA and security policies Actions in case of suspected or recognized compromise of the Private CA Key Responsibility, representative regulation, storage, validity of Private CA Signing Key

16 Inter-Organizational Activities Relying Party Agreements Policy Mapping Establishing Trust Relationships Exchange Root Certificates Cross Certification CA Bridging

17 Conclusion Successful PKI Implementation involves Technical Activities Organizational Activities Inter-Organizational Activities The organizational and inter-organizational activities are the larger and the more critical part.

18 Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003

Download ppt "Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
AAI and universities Roles and functions. The Smart Card Architect Objectives zBuild a secure Authentication and Authorization Infrastructure between.

AAI and universities Roles and functions. The Smart Card Architect Objectives zBuild a secure Authentication and Authorization Infrastructure between.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services

Similar presentations

Ads by Google