1 / 29

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI). 1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN. Outline. Part I: Introduction Part II: Public key infrastructure Part III: PKI status in IRAN. 2. Introduction. E-Commerce.

eyal
Télécharger la présentation

Public Key Infrastructure (PKI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PublicKeyInfrastructure (PKI) 1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN

  2. Outline • Part I: Introduction • Part II: Public key infrastructure • Part III:PKI status in IRAN 2

  3. Introduction

  4. E-Commerce Intranet Extranet Internet Merchant Customer Security?! Confidence?! Trust?! Merchant and Customer perform a transaction on digital world 4

  5. E-Trust …?! Digital report Paper report Trust? 5

  6. Solution ...? Digital Signature Ensuring Authenticity and Report Integrity in Electronic Transactions 6

  7. Digital Certificate There is still a problem linked to the “Real Identity” of the Signer. Why should I trust what the Sender claims to be? Digital Certificate Moving towards PKI … 7

  8. Digital Certificate CERTIFICATE Issuer Subject Subject Public Key Issuer Digital Signature 8

  9. Digital Certificate Challenges: • How are Digital Certificates Issued? • Who is issuing them? • Why should I Trust the Certificate Issuer? • How can I check if a Certificate is valid? • How can I revoke a Certificate? • Who is revoking Certificates? Public key Infrastructure Moving towards PKI … 9

  10. Public Key Infrastructure (PKI)

  11. Public Key Infrastructure (PKI) PKI is an Infrastructure to support and manage Digital Certificates PKI 11

  12. PKI – Technical View • Basic Components: • Certificate Authority (CA) • Registration Authority (RA) • Certificate Distribution System • PKI enabled applications “Provider” Side “Consumer” Side 12

  13. PKI – Simple Model Certification Entity CA Cert. Request RA Certificate chain and status Certs, CRLs Signed Certificate End Entity Certificate chain and status query Application / Relying party Directory 13

  14. PKI Status In IRAN

  15. IRAN Related Regulations E-Commerce Law Article 32 of e-commerce executive regulation Certificate Policy 15

  16. Certificate Usages in IRAN Sign (i.e. Document Signing) CA operations (i.e. CA,RA, OCSP,TSA,…) Organization Stamp Certificate Usages E-mail (S/MIME) Code Signing Authentication (Login) Server (SSL/TLS/DC) 17

  17. IRAN PKI Architecture … … … 18

  18. IRAN Root CA Certificate Policies Platinum Gold Silver Bronze Assurance Level 19

  19. IRAN PKI Standards

  20. PKI Laboratories of IRAN • HSM Laboratory: fortesting and evaluation of Hardware Security Modules • Smart Card • USB Token • HSM (internal/External) • CA Laboratory: for testing and evaluation of digital certificates issuing and managing products • CA, RA, OCSP, TSA, … • PKE Laboratory: for testing and evaluation of PK-enabled applications • Web based Applications • Stand alone Applications • Cryptology Laboratory: fortesting and evaluation of Cryptographic Algorithms • cryptographic algorithms (Symmetric, Asymmetric , …) 21

  21. General Intermediate CA Certificate Issuance statistics 22

  22. General Intermediate CA Certificate Issuance statistics PKI Interoperability Experiences 23

  23. Necessity of PKI Interoperation Usability of legal digital signature in different PKI domains ensuring that the certificates meet assurance requirements and have legal effect as required activate global e-commerce exchanging PKI related information between the different domains And finally: Establish trust in cross border transactions 24

  24. Recommended Accreditation Scheme Model Advisory Commitee 26

  25. IRAN Root CA Scheme for PKI Interoperation Cross Recognition + CTL 32 25

  26. Recommended PKI Mutual Recognition ECO Certificate Policy ECO Policy Authority Applicant CA Certificate Practices Statement (CPS) Evaluator Advisory Commitee Evaluate CPS and operations Against Certificate Policy Competent Authority Evaluation Report Confirm CA’s Operation Is In accordance With CPS and Advisory Commitee can work on behalf of Evaluator and give advice to Competent Authority CTL will publish only after approval by ECO Policy Authority List of Accredited CA’s (CTL) 27

  27. AdvisoryCommittee Tasks • Consulting services for Design and establishing of Interoperation Scheme in ECO PKI Domains • Provide advice and services to establishing PKI domain for ECO members • Consulting services for integrating of PKI Domains • Provide Auditing and Evaluation services to Competent Authority • Act as an evaluator if there is no auditor in a country • Give advice to Competent Authority for policy compliance Auditing, evaluation guidance, criteria and standards. According to I.R.IRAN Root CA recent efforts, it can opraete as Advisory Committee to facilitate Cross-Recognition procedure between ECO countries. 28

  28. IRAN Root CA Related Measures • Established of Hierarchical PKI Domain withfour levels policy • Established of PKI Laboratories for Auditing purposes • Providing of Internal PKI Standards in order to create of Interoperation • Design an optimal scheme for interoperabilityin PKI • Preparation of CP Guidelinesin order to providing of a template and guidance for ECO Certificate Policy Edition • Preparation of CR Policy in order topropose the Architecture and mechanisms of cross-recognition IRAN Root CA has prepared Guidelines and CR Policy already to facilitate Cross-Recognition among ECO countries. 29

  29. Thanks for your attention

More Related