Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Individual Certificates and PKI - Cyberspace Law and Policy Centre

advertisement 
Individual Digital Certificates
and PKI
Chris Connolly
Peter van Dijk
Galexia Consulting
http://www.galexia.com.au
1
1.
Slide 2
Introduction

Galexia Consulting

Federal Privacy Commissioner’s
Discussion Paper on Digital Certificates –
forthcoming

Importance of authentication technologies
– why PKI?

Scope of this presentation – focus on ‘trust’
issues
2. Why Public Key Technology?

Public Key Technology involves the use of
digital signatures. These signature are
used for:
– Authentication - confirm who you are
– Integrity - what you sent
– Non-repudiation - you can’t deny it

Additionally
– Confidentiality - what you can see - enables
the encryption and decryption of information
sent between two parties
Slide 3
2. What is PKI?
 Public Key Infrastructure (PKI) is the combination of
software, encryption technologies (PKT), and
services that enables organisations to protect the
security of their communications and business
transactions on the Internet
 PKIs integrate digital certificates, public-key
cryptography, and certificate authorities into a
shared network security architecture, including:
–
–
–
–
Slide 4
issuance of digital certificates to individual users
end-user enrolment software
integration with corporate certificate directories
tools for managing, renewing, and revoking certificates
2. Components of a PKI
http://www.baltimore.com
Slide 5
2. Components of a PKI
A PKI comprises the following components:
 Certificate Authorities (CAs): These are responsible for issuing
and revoking certificates.
 Registration Authorities (RAs): These verify the binding between
public keys and the identities of their holders. They conduct the initial
verification of a potential subscriber’s identity and/or attributes; .
 Subscribers/Digital Certificate holders: People, machines or
software agents that have been issued with certificates and can use
them to sign digital documents.
 Clients: These validate digital signatures and their certification paths
from a trusted CA's public key.
 Relying parties: Rely on the contents of a digital certificate in
communicating with subscribers.
 Repositories/Directories: These store and make available
certificates and certificate revocation lists.
 Security policy: This sets out and defines the organization's toplevel direction on information security, as well as the processes and
principles for the us of cryptography.
Slide 6
2. What is a Digital Certificate?
 A digital form of identification
– Similar to a passport or driver’s licence
– Binds subject’s public key (a mathematical value)
to one or more attributes relating to their identity
 A certificate is valid for a period of time, (often
one, three or ten years)
 Certificates can do different things. For
example:
–
–
–
–
Slide 7
Encrypt a document
Sign a document – for non-repudiation
Secure a WWW server
Provide authentication - Enable the holder to
access a corporate new work
2. Example Certificate (1)
 Certificate Summary
Slide 8
2. Example Certificate (2)

Slide 9
Certificate Attribute details : Key Usage
2. Example Certificate (3)

Slide 10
Certificate Attribute details : Subject
3. PKI Models

There are a number of factors that
differentiate PKI applications:
– The level of identification (ranging from
anonymous to fully identified);
– The use of attributes;
– The potential for multi-purpose/multi-use
certificates; and
– The use of online services, tokens and mobile
devices.
Slide 11
3. Case Studies
Slide 12

Case study 1 – Australian State
government agency applications

Case study 2 – Multi agency application

Case study 3 – Health smart card

Case study 4 – Patent application

Case study 5 – Banking application
3. Case Studies - Commonwealth

Australian Federal Agency applications
– Centrelink
– Australian Electoral Commission
– Health Insurance Commission
– Customs
– Electronic Tenders
– Jobsearch

Slide 13
Case study 6 – The Australian Business
Number – Digital Signature Certificate
(ABN-DSC)
4. Overview of privacy implications

1. Collection, use, and disclosure of
personal information
– By Certification Authorities and Registration
Authorities:
– By Relying Parties:
Slide 14

2. Storage and destruction

3. Certificate Revocation Lists (CRLs)
4. Privacy (continued)
Slide 15

4. Logging of CRL lookups

5. Revocation of a certificate

6. Cooperation with law enforcement
agencies

7. Access and correction rights

8. Security
4. Privacy (Continued)
Slide 16

9. Identification requirements

10. Unique identifiers

11. Potential for additional use of data
(“function creep”)

12. Risk management practices

13. Limits on user choice
5. Conclusion
Slide 17

Tools to build ‘trust’ in digital certificates

Future trends/issues in PKI

Ongoing discussion and consultation
Related documents
Curriculum Review Checklist for Department Chairs
Curriculum Review Checklist for Department Chairs
cheddar medical centre private fees
cheddar medical centre private fees
SCHOOL BOARD RECOGNITION
SCHOOL BOARD RECOGNITION
Child Protection study day 12th June 2007
Child Protection study day 12th June 2007
Ten Risks of PKI : What You're not Being Told about Public Key
Ten Risks of PKI : What You're not Being Told about Public Key
This is a GIAC Gold Template
This is a GIAC Gold Template
Analyzing Enterprise PKI Deployments
Analyzing Enterprise PKI Deployments
Trust Models Evaluation
Trust Models Evaluation
Download
advertisement