Presentation is loading. Please wait.

Presentation is loading. Please wait.

KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.

Published byKevin Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "KEK GRID CA updates Takashi Sasaki Computing Research Center KEK."— Presentation transcript:

1 KEK GRID CA updates Takashi Sasaki Computing Research Center KEK

2 Operation statistics Issued certificates –User: Valid: 90 Invalid: 304 –Host: Valid; 220 Invalid 591 Total number of users: 169 –Disabled: 15 –Inactive: 64 userhost

3 Hardware replacement and operation changes We have upgraded the CA hardware as reported earlier Operation procedure and role assignments are also going to be changed –We soon update our CP/CPS according to this change

4 RA Server CA Server User Administrator CA Operator Security Officer Help Desk Certificate User Host Administrator Old CA System - administrates all tasks on the CA system including the CA private key -maintains the CA system -creates users ids and distribute them - accepts user enrollment - examines user information and approve the use -a user using a certificate issued by KEK GRID CA -an administrator of a host using a certificate issued by KEK GRID CA

5 Organization Diagram from CP/CPS Private Key Management Accept CSR, revocation, registration and user registration Host Administrator Certificate User

6 RA Server CA Server User Administrator CA Operator Security Officer Help Desk Certificate User Host Administrator RA Operator New delegate the operation to create users ids and distribute them, from CA Operator to RA Operator CA System

7 CA Operation Role Assignment Before March –Security Officer Yoshimi Iida Kohki Ishikawa –User Administrator Takashi Sasaki –CA Operator Yukinori Yokoshima Minoru Nakaya After April –Security Officer Yoshimi Iida Manabu Matsui –User Administrator Takashi Sasaki –CA Operator Yukinori Yokoshima Minoru Nakaya –RA Operator Katsumi Kikuchi Masato Wada

8 Operation Diagram

9 RA ServerCA Server User Administrator CA Operator Security Officer Certificate User Host Administrator RA Operator New User Registration CA System 2. Interview 1.. Application with Photo ID 1.. Application with Photo ID 5. Return User ID and Initial Password 5. Return User ID and Initial Password 6. Return User ID and Initial Password to End User 6. Return User ID and Initial Password to End User 3. Register User 4. Get Initial Password 7. Change Password Reject, If needed

10 RA ServerCA Server User Administrator CA Operator Security Officer Certificate User Host Administrator RA Operator After User Registration CA System 1. Request Operation 2. System Response Once registered, Certificate User and Host Administrator can access directly RA to request CA services. They can perform following activities: -User Profile Self Management -Password Chang -Request User Certificate -Request Host Certificate -Request Certificate Revocation Once registered, Certificate User and Host Administrator can access directly RA to request CA services. They can perform following activities: -User Profile Self Management -Password Chang -Request User Certificate -Request Host Certificate -Request Certificate Revocation

11 RA CA Client HSM Internet F/W DMZ 1.All users should download NAREGI-CA package from RA Web, and install into their machines. 2.Users can create private key and certificates signing request (CSR) on their client machine using client toolkit or Web browser extension (Internet Explorer only ) 3.Users send CSR to RA server 4.RA server identify and verify users, and then accept users’ CSR. 5.RA forward CSR to CA 6.CA signs and publish new certificate with its private key, protected by HSM 7.CA return signed certificate to RA. 8.RA returns published signed certificate to user. KEK GRID CA System Certificate Request Procedure * KEK GRID CA bases on NAREGI-CA software * *All network connection encrypted with SSL 1 2 3 57 4 6 8 (Informational) Not Changed

12 RA ServerCA Server User Administrator CA Operator Security Officer Certificate User Host Administrator RA Operator User Support and How to handle irregular Request CA System Help Desk 1. Request or Question 3. Sharing Information 2. Forward Question 4. Perform Response

13 External audit Hopefully, end of May or June Volunteers needed –Anyone, please!

Download ppt "KEK GRID CA updates Takashi Sasaki Computing Research Center KEK."

Similar presentations

Digital Certificate Installation & User Guide For Class-3 Certificates.

Digital Certificate Installation & User Guide For Class-3 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Digital Certificate Installation & User Guide For Class - 2 Certificates.

Digital Certificate Installation & User Guide For Class - 2 Certificates.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Similar presentations

Ads by Google