The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
PGP Overview 2004/11/30 Information-Center meeting peterkim.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Public Key Infrastructure from the Most Trusted Name in e-Security.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Making the Internet a Better Place for Business NIST PKI Steering Committee March 14, 2002.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.
© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Digital Signatures and Digital Certificates Monil Adhikari.
Introduction to Active Directory
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
SFS-HTTP: Securing the Web with Self-Certifying URLs
Comparison June 2017.
Goals Introduce the Windows Server 2003 family of operating systems
Public Key Infrastructure from the Most Trusted Name in e-Security
Install AD Certificate Services
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.
National Trust Platform
Presentation transcript:

The Hierarchical Trust Model

PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending” area for unverified keys –Server database replication –PGPtls connection between client and server Database replication provides corporate branch offices with fast access to public keys –via Replication Engine Solaris, Windows NT

PGP Certificate Server Allows large-scale deployment of public keys for use in intranets and the Internet Allows centralized storage & management of digital certificates Efficient LDAP/HTTP certificate distribution and searches Support for client synchronization of keys Scalable from small groups to multi-national corporations Customizable policy management rules Host of features: remote access, administration, logging, replication engine to synchronize multiple servers Seamless integration with PGP client programs Windows NT 4.0 or Solaris 2.51 or above

PGP Certificate Server for NT ControlMonitorEvent Log

Certifying Authority Encrypted Text Encrypt Decrypt Private Key Certifying Authority Public Key

Process for Validating Keys User generates key, sends to server automatically Key is held in ‘pending area’, not added to main server database Administrator periodically checks pending area and manually verifies keys contained within to ensure authenticity Admin reconstitutes shared signing key and validates keys Keys are then added to server and made available

Key splitting and PGPtls High-risk keys can be split and shared –“N of M” shares required to reconstitute key for use ADKs, Corporate Signing Keys are good candidates for splitting Share holders don’t have to be present! –Secure connections between clients with PGPtls allow shareholders to be anywhere in the world and still reconstitute a split key

PGP Certificate Server for central certificate storage LDAP-based, both x509 and PGP spt Scaleable: certserver.nai.com vends over 500,000 certificates alone Extensible searching mechanism PGP Certificate Server for central certificate storage – Provides scalability to PGP applications – Supports hundreds of thousands of certificates – certserver.nai.com vends over 500,000 certificates – LDAP-based

PGP Certificate Server Large-Scale Deployment of Public Keys –Efficient LDAP & HTTP Certificate Distribution –Scalable to Very Large Enterprises Customizable Policy Management Rules PKI Features: Remote Access, Administration, Logging, Replication Engine, Multiple Trust Models, Validity Checking, Data Recovery Seamless Integration with PGP Clients

1. Alice creates message for Bob 2. Alice searches for Bob’s public key on her local key ring 3. Bob’s key not found, auto-import key from CertServer 5. Alice’s Client stores Bob’s key locally 4. CertServer returns Bob’s valid key 6. Alice encrypts to Bob’s key & sends... Alice 6 4 CertServer Bob 1,2,5 3 PGP Certificate Server Operations

Need: Scalable and manageable PKI Solution: PGP Certificate Server Scalable and replicated storage of public keys Integrated policy management Seamless integration with client PGP Enterprise Security Products

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.