Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Published byEdwin Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”"— Presentation transcript:

1 The Hierarchical Trust Model

2 PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending” area for unverified keys –Server database replication –PGPtls connection between client and server Database replication provides corporate branch offices with fast access to public keys –via Replication Engine Solaris, Windows NT

3 PGP Certificate Server Allows large-scale deployment of public keys for use in intranets and the Internet Allows centralized storage & management of digital certificates Efficient LDAP/HTTP certificate distribution and searches Support for client synchronization of keys Scalable from small groups to multi-national corporations Customizable policy management rules Host of features: remote access, administration, logging, replication engine to synchronize multiple servers Seamless integration with PGP client programs Windows NT 4.0 or Solaris 2.51 or above

4 PGP Certificate Server for NT ControlMonitorEvent Log

5 Certifying Authority Encrypted Text Encrypt Decrypt Private Key Certifying Authority Public Key

6 Process for Validating Keys User generates key, sends to server automatically Key is held in ‘pending area’, not added to main server database Administrator periodically checks pending area and manually verifies keys contained within to ensure authenticity Admin reconstitutes shared signing key and validates keys Keys are then added to server and made available

7 Key splitting and PGPtls High-risk keys can be split and shared –“N of M” shares required to reconstitute key for use ADKs, Corporate Signing Keys are good candidates for splitting Share holders don’t have to be present! –Secure connections between clients with PGPtls allow shareholders to be anywhere in the world and still reconstitute a split key

8 PGP Certificate Server for central certificate storage LDAP-based, both x509 and PGP spt Scaleable: certserver.nai.com vends over 500,000 certificates alone Extensible searching mechanism PGP Certificate Server for central certificate storage – Provides scalability to PGP applications – Supports hundreds of thousands of certificates – certserver.nai.com vends over 500,000 certificates – LDAP-based

9 PGP Certificate Server Large-Scale Deployment of Public Keys –Efficient LDAP & HTTP Certificate Distribution –Scalable to Very Large Enterprises Customizable Policy Management Rules PKI Features: Remote Access, Administration, Logging, Replication Engine, Multiple Trust Models, Validity Checking, Data Recovery Seamless Integration with PGP Clients

10 1. Alice creates message for Bob 2. Alice searches for Bob’s public key on her local key ring 3. Bob’s key not found, auto-import key from CertServer 5. Alice’s Client stores Bob’s key locally 4. CertServer returns Bob’s valid key 6. Alice encrypts to Bob’s key & sends... Alice 6 4 CertServer Bob 1,2,5 3 PGP Certificate Server Operations

11 Need: Scalable and manageable PKI Solution: PGP Certificate Server Scalable and replicated storage of public keys Integrated policy management Seamless integration with client PGP Enterprise Security Products

Download ppt "The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”"

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Security Management.

Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google