SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

Slides:

Advertisements

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

Advertisements

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Public Key Infrastructure (PKI)

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate revocation list

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Jimmy C. Tseng Assistant Professor of Electronic Commerce

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

Hajar Sabuur Johnson & Johnson Worldwide Information Security June 16, 2005

Using Public Key Cryptography Key management and public key infrastructures.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.

Cryptography and Network Security

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

APNIC Trial of Certification of IP Addresses and ASes

جايگاه گواهی ديجيتالی در ايران

Fed/ED December 2007 Jim Jokl University of Virginia

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

PKI (Public Key Infrastructure)

Presentation transcript:

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit

SAFE BioPharma Association CONFIDENTIAL2 Topics SAFE –What is SAFE? –History? –Framework –Architecture SAFE Bridge Authority –Architecture –Timeline Current Test environment for the SBCA –Architecture –Services –Test Package

SAFE BioPharma Association CONFIDENTIAL3 SAFE is a Bio-pharmaceutical Industry Standard that specifies technical, legal, and regulatory compliance standards SAFE delivers unique electronic identity credentials for legally enforceable & regulatory compliant digital signatures across the global biopharmaceutical environment for Business-to-Business and Business-to-Regulator transactions SAFE – Secure Access For Everyone

SAFE BioPharma Association CONFIDENTIAL4 SAFE & Bio-Pharmaceutical Community CONCEPT Trusted e-identity credentials Closed contractual system Accredited Business focus DRIVERS Regulatory compliance Business efficiency Cost savings MAY 2003 SAFE  strategic PhRMA initiative DEC 2003 Seed investment  12 bio-pharmaceuticals JUN 2004 SAFE Standard v1.0 DEC 2004 SAFE-Biopharma  8 bio-pharmaceutials JUL & AUG 2005 SAFE Bridge IOC & SAFE Standard v2.0

SAFE BioPharma Association CONFIDENTIAL5 SAFE-Biopharma Member Issuer Agreement SAFE Community Framework SAFE Standard Business/Legal Governance Specifications Services SAFE Bridge CA Directory Issuer Services for Medical Practitioners/Others Full For-Profit Entities Not-For-Profit Entities Government Orgs Associate Medical Practitioners Other Entities/Individuals designated by SAFE Services CA / RA / CSA Credentials for Members Identity Proofing

SAFE BioPharma Association CONFIDENTIAL6 Subscriber SAFE Member SAFE Issuer SAFE- Biopharma SAFE Architecture Registration and Certificate Management Systems SAFE Enabled Applications SAFE Bridge CA Central Systems End-User Systems Machine Systems SAFE Certificate OCSP Response OCSP Request SAFE Cert. Authentication C P Details contained in SAFE CP C P Details contained in associated Technical Specification SAFE Certificate Cross Certificates C P OCSP Response OCSP Request OCSP Response OCSP Request Validation Request & Response Signing & Validation Request & Response Signing & Validation Request & Response

SAFE BioPharma Association CONFIDENTIAL7 SAFE Bridge Authority (SBCA) Physical Layout

SAFE BioPharma Association CONFIDENTIAL8 SBCA Operational Authority – Cybertrust 2004 SepSAFE SBCA RFP 2005 JanCybertrust chosen as operational authority for SBCA Jan - MarContract negotiations Mar - JulDevelopment of CPS, policies & procedures, test environment, and production environment Jun 30SBCA Root Key generation ceremony Jul 26-27SBCA acceptance testing [in progress] Jul 29Acceptance for Initial SBCA operations [planned] Aug - DecInitial Cross certification with initial SAFE Issuers [planned]

SAFE BioPharma Association CONFIDENTIAL9 SBCA Test Environment Provides emulation of SBCA: –SBCA pre-production testing –SAFE Issuers cross-certifying with the SAFE Bridge CA –SAFE Application Testing –Accredited SAFE Product Certification Labs Availability: –Operational NOW –Download package at –No guaranteed service level –No support available

SAFE BioPharma Association CONFIDENTIAL10 SBCA Test Environment

SAFE BioPharma Association CONFIDENTIAL11 SBCA Test Environment Package SAFE_CROSS-CERT_TEST_PKG –Version: 1.3 –Released: 7/12/2005 –TEST Readme file Test package components: – 2 Test Issuers Emulates 2 test-only SAFE Issuers, cross-certified by test-only SBCA Valid and revoked digital signature certificates - PKCS#12 format Certificates provide all OCSP, CRL and directory URIs –Cross-Certificates are available via URL –OCSP Accepting both signed & unsigned OCSP requests –Only tested unsigned request Only URL to access OCSP Responders –CRL For each test CA Certificate is available via URL –Cross Certificate Request PKCS#10 certificate request from the test SBCA The request is provided in both Binary and Base 64 formats

SAFE BioPharma Association CONFIDENTIAL12 SAFE Bridge Certificates - Test Every CA has also issued an OCSP Responder certificate –The responder certificate is not explicitly trusted, but can be verified using the CA cert Except for the self signed roots, all certificates have the Authority Information Access (AIA) extension –OCSP entry points to an internet accessible OCSP server –caIssuers entry points to an internet accessible URL for the issuing CA’s certificate(s) contained in PKCS#7 files Except for the self signed roots, all certificates have the CRL Distribution Point (CRLDP) extension –HTTP URL points to an internet accessible location The above properties allow certificate paths to be built and validated from any user certificate to either trusted root certificate –Even without prior “knowledge” of the existence of the bridge!

SAFE BioPharma Association CONFIDENTIAL13 SAFE Bridge CA Test Structure MagiCure Water TEST CA SAFE Bridge CA TEST Cybertrust SAFE Issuer TEST Root CA Cybertrust From Bridge MagiCure Water From Bridge Cybertrust SAFE Issuer Test Sub CA End Entities

SAFE BioPharma Association CONFIDENTIAL14 SAFE Bridge CA - Test MagiCure Water SBCA Test Cybertrust Sub CA OCSP

SAFE BioPharma Association CONFIDENTIAL15 Questions Contact information: Russel F Weiser PKI SME Cybertrust Inc. Cell SAFE contact information: Terry Zagar SAFE Core Team SAFE-BioPharma Association Phone