Mindshare 2018 The Nine Steps to Your Company ID:
|
|
- Theodora Montgomery
- 5 years ago
- Views:
Transcription
1 Mindshare 2018 : An IT Hero s Quest to Get Smart Adam Ross cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com 1
2 Hooray! Your company has won a lucrative contract! Your company had been awarded a contract to supply widgets to a NATO member defense organization. Only a few tender requirements are standing between your company and a dragon s hoard of treasure. And so our journey begins 2
3 On our journey we use an IT project as an allegorical quest Your Company ID Project We don t tell the whole epic saga We just pick out some typical challenges, pitfalls, traps, and other surprises that are encountered during different project phases 3
4 And so our journey begins... Digital transformation More and more business processes are transferred from the analog world to the digital world In the digital world spying, counterfeiting, tampering is easy security is crucial Analog identities need to be transferred to digital identities 4
5 We will need to exchange restricted info with widget using Army We use this secure project as our quest for digital identities Requirements: security must be NATO-restricted compliant (comparable to VS-NfD in Germany) Administrator smart token use is extended to a full Company ID Card Strong authentication extended (including smart tokens, middleware, PKI, encryption) 5
6 We will need to exchange restricted info with widget using Army We use this secure project as our quest for digital identities Other important challenges: Connection to a 3rd party CA Lean CA management Compliance (e.g. separation of duties) Upgrade to company card possible Maybe add physical access 6
7 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 7
8 Analysis: Our first discovery... Some infrastructure is already existing. Is the existing environment NATO-restricted compliant? How much does my company already use security tokens? Do we already have a security token middleware that we can reuse? At least we already use some PKI (Microsoft) Analysis is made to find out whether customer could continue to use existing PKI 8
9 Analysis uncovers: GAPS! Analysis Certificates used not sufficient for NATO-restricted (Separation of ENC & SIGN Certs is needed) Algorithms used not sufficient for NATO-restricted Smart cards use pseudorandom generation and not sufficient for NATOrestricted (true random number generation on card required) smart card middleware not sufficient for NATOrestricted 9
10 Analysis uncovers: GAPS! Analysis results Certificates used not sufficient for NATO-restricted (Separation of ENC & SIGN Certs is needed) Algorithms used not sufficient for NATO-restricted Smart cards use pseudorandom generation and not sufficient for NATOrestricted (true random number generation on card required) smart card middleware not sufficient for NATOrestricted 10
11 Analysis: Propose applications that can close these gaps 11
12 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going live 9. Extension 12
13 Design: How can we address this new challenge? Analysis shows: Beside software, we have to modify processes which is the next challenge. Company identifies that different groups of people will require different certificate types and business processes. How can we effectively build processes that support this information security model? 13
14 Design: The answer to our prayers... More managers! Different Enrolment processes required Machine certificates Person Typical User People Organizational Groups Person Priviliged Account Router, Gateways Employees Working groups Management Automated Enrolment via SCEP Approved by one just one additional employee External certificates (V-PKI) Reviewed and vetted before Approved by two managers It has been declared that different workflows are necessary... 14
15 Design: Build your own certificate processes Powerful Workflow engine: cryptovision s CAmelot Shalott Graphical Editor based on BPMN Workflow designer Editable form designer Simple to use 15
16 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 16
17 Implementation: Let s put this together and see if it works Now, let s get the infrastructure set up. Analysis shown: Need to migrate to different tokens NATO-restricted requirements are mandatory Need to implement PKI workflow (as already seen) 17
18 Implementation: How to effectively use what we ve got? Having support for old and new cards means we now support our company wide target. Start producing new certificates Migrate to new token Evaluate different authenticators: Mobile phones, TPM, or even Remote Token rather than smart tokens 18
19 Implementation: We need a token middleware that PKI-Applications Signature Browser SSO-Client Admin Tool User Tool Register Tool supports all major OS and token form factors ACTK Apple Crypto Token Driver PKCS#11 CSP Mini Driver Secure Token Interface Operating Systems Security Token 19
20 Implementation: We need sc/interface that supports multiple Card OS and a huge range of applications Cards ATOS CardOS: M4.01a / V4.2 / V4.2B / V4.2C / V4.3 / V4.3B / V4.4 / V5.0 / V5.3 AustriaCard JCOP: 21 V2.2 / 21 V2.3.1 / 31 V2.2 / 31 V2.2 contactless / 31 V2.3.1 / 31 V2.3.1 contactless / 31/72 V2.3.1 / 31 / 72 V2.3.1 contactless / 41 V2.2.1 / 41 V2.2.1 contactless / 41 V2.3.1 / 41 V2.3.1 contactless / 41 V2.4 / 41 V2.4 contactless Bundesdruckerei: GoID card v1, v2 D-Trust: D-Trust Card 3.0, 3.1, 3.2 epasslet-suite 1.1/1.2: on JCOP V2.4.1R3, on JCOP V2.4.1R3 with PACE Profile epasslet-suite 2.0: on JCOP V2.4.2R3, on JCOP V2.4.2R3 with PACE Profile Gemalto: TOP IM GX4 G&D Sm@rtCafé Expert: 3.1 / 3.1 contactless / 3.2 / 4.0 / 5.0 / 6.0 / 6.0 SCP 03 / 7 G&D STARCOS: 3.0 / 3.2 / 3.4 (Swiss Health Card egk) / 3.5 HID Crescendo: C700 / C700 contactless Infineon: JCLX80 jtop / JCLX80 jtop contactless NXP JCOP: V 2.1 / V2.2 / V2.2 Contactless / V2.2 / V2.3.1 / V2.4 / V2.4.1 / V2.4.2 / V2.4.2 R3 / V2.4.2 R3 SCP03 SwissSign: suisseid (CardOS M4.3B / M4.4) TCOS: Signature Card 2.0 Tokens Certgate microsd (NXP JCOP) G&D Sm@rtCafé Expert 3.2 USB token NXP JCOP: V2.2.1 IDptoken 200 SwissSign SwissID (CardOS M4.3B) Swissbit (SCT3512) Windows, OS X, Linux, edirectory IE, Firefox, Safari, Chrome Secure SAP R/3, SSH Windows, NCP, OpenVPN CryptWare, Secude, WinMagic s/mail, Outlook, Notes, PGP, GroupWise, Secude Novell, Secude, IBM Tivoli Access Manager Adobe Reader, suisseid Citrix, IGEL 20
21 Implementation: Choose your own adventure (or credential) Smartcard Reader Device Reader Driver (PCSC) Smartcard Middleware Applications TPM Smartcard Simulation Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications Intel SGX Remote Server (HSM) Token Enclave Service Remote Connection Service Virtual Reader Driver (PCSC) Virtual Reader Driver (PCSC) Smartcard Middleware Smartcard Middleware Applications Applications Security Level Mobile Phone (ios, Android) Mobile Connection Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications PFX-Datei PFX File Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications lets tokens play a minor role 21
22 Implementation: Focus on our main quest for secure Implement the key to project: BSI approved solution Sign and encrypt s transparent using Microsoft Outlook and IBM Notes Free from backdoors Use it also without a PKI (with manual key exchange) 22
23 Implementation: We implement the solution cryptovision s GreenShield Mail Supports current crypto algorithms S/MIME capabilities Interoperable S/MIME solution Supports many tokens / profiles Usability functions (message recovery, group mailboxes) Optimized workflows Smart user concepts Supports Military Messaging Label 23
24 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 24
25 Test: How can this mail to a shared inbox be read by all? During the test phase, we check that the implementation will run as designed. Group mailboxes are tested and we learn Certain mails shall be answered from any member of a certain working group This requirement means that new group processes shall be supported 25
26 Test: Add KeyServer with remote keys and HSM Group mailboxes with CAmelot Keyp personal authentication based on users auth cert private working group key Sender Mail encrypted for working group Working Group symmetric key CAmelot Keyp decrypt mail with symmetric key Private key does not leave the securitycritical environment 26
27 Test: An effective solution Benefits of cryptovision s CAmelot Keyp Audit-compliant logging function Key generation on Key Server Keys can be stored on an HSM CAmelot Keyp can act as a key server routing access to group keys CAmelot Keyp can act as a key box providing keys for access to security critical components CAmelot Keyp can provide keys for remote authentication 27
28 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Productive 9. More 28
29 Pilot: POC was great for expert users, but what about Bob? User-friendliness is essential. We discovered that in particular, simple enrollment necessary. Otherwise users won't accept the system. Can normal users handle things like selfenrollment? This can be achieved with a little bit of magic and PKI client 29
30 Pilot: A wizard is never late, nor is he early, he arrives precisely when he means to. cryptovision s Pendragon PKI Client Administrators can pre-configure clients for certificate generation PKI Client reminds user to renew or to get new certificates User authenticates with his PIN against the PKI Client Process will run magically 30
31 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 31
32 Modification: Oops, we forgot about QES (eidas) Because of European vendors who require qualified signatures, the pilot has to be changed to implement QES. Some (but not all) users need qualified certificates Qualified signatures (legally binding) require the use of an additional CA (operated by a third party) Third party CA needs to be integrated 32
33 Modification: We are getting very meta... As in a Meta PKI Integrating a Third Party CA for qualified signatures User Local RA CAmelot Shalott Workflow Meta-PKI Certification Authority (CAmelot) CMP protocol (supported by many V-PKI CA) will be used Internal PKI workflow can be used for enrollment of 3rd party certificates For administrators choice of CA (internal or external) is transparent PKI Client Pendragon Remote Key Key Key Recovery Server HSM Company PKI serves as Meta-PKI connecting external PKI(s) Customer has complete control over certificates 33
34 Modification: Camelot RA and external CMS are the heart Local Registration Authority (RA) Meta-PKI to easily control and manage all certificates of your company whether internal certificate or routed to a 3rd party Local Registration Authority with Interface to a resource directory to get access to user data, user roles, user rights, and user certificates 34
35 Modification: Camelot RA and external CMS are the heart Card Management System (CMS) CMS integration to easily control and manage all security tokens Security Token Middleware supports virtually all available CMS with universal modules (CSP, Minidriver, PKCS#11 and Apple CTDK) 35
36 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 36
37 Acceptance: Getting everyone on board Acceptence is the most important challenge. Do we fulfil the requirements? NATO-restricted compliant solution installed Certified smart token Connection to V-PKI Manageable Meta-PKI Automated PKI workflows Satisfaction for the allpower auditors Universal smart token for strong authentication introduced First steps towards a full Company ID Card Introduced employee badge for logical access 37
38 Acceptance: Getting everyone on board Acceptence is the most important challenge. Did we face the other important challenges? V-PKI is connected via Meta-PKI Lean CA management is implemented using automated workflows Compliance is established using auditing together with central key services Used smart token can be upgraded to Company ID Card Physical access can also be added to token 38
39 Acceptance: Did putting it all together cover everything? Important concepts Separation of Duties Key Recovery Message Recovery Information protection Remote Key Usage User Self Service Automated processing 39
40 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Modification 7. Acceptance 8. Going Live 9. Extension 40
41 Going live After a successful acceptance test, we roll it out to everyone. What has been tested in the pilot now needs to work for a much larger amount of users. Some users are reluctant to embrace the system as it means a lot of repetitive PIN entry. 41
42 Going live: Adding extra value via improved user experience cryptovision s sc/interface cache sc/interface cache Single-Sign-On for 2-factor authentication Supports any application using a PIN Cross-platform capable of using multiple cryptointerfaces simultaneously Universal Windows Plattform (UWP) support Support for VDI environments Future-proof validated by Microsoft Caching configurable per process Interprocess exchange of PIN (e.g. PKCS11, Minidriver) Using your token as a key: lock and unlock your computer with it and use cached credentials by entering your PIN only once. Magic! 42
43 Going live: Adding sc/interface cache Within a company with 50,000 users (5 uses -> 5 times a day -> 5 sec per PIN entry) Pure working hours per day: 1,389 hrs Pure working time per day: 174 days Costs at 200 gross wage per day: 34,722.- Costs per month: 694,
44 1. Analysis 2. Design 3. Implementation 4. Test 5. Pilot 6. Extension 7. Acceptance 8. Going Live 9. Extension 44
45 Extension: Great success!!! Our Smart Token used for encryption becomes a multi-function Company ID card Employees love their company card and want to use it for things like: IT authentication, file encryption, signature Time recording Payment Physical access 45
46 Extension: File encryption to add protection for your assets Extend protection by using GreenShield File: Protect your assets Sign and encrypt files using Windows Explorer Also free from backdoors Use it also without a PKI (with manual key exchange) 46
47 Extension: File encryption to add protection for your assets cryptovision s GreenShield File Supports current crypto algorithms Interoperable S/MIME solution JAVA Technology, ready-to-use also on mobile platform Secure information exchange with non S/MIME mail clients and vice versa 47
48 Extension: Add more goodies, +ROI The infrastructure deployed can do even more. Additional concepts that can be realized with card deployed: Physical access Payment 48
49 Extension: One Card to do it All Physical access Different technologies are used for IT login and physical access PKI-based authentication Symmetric authentication Both can be implemented on the same card 49
50 Extension: It s all about the treasure (or money) Payment epasslet Suite 3.0 Virtually any kind of card payment scheme is possbile with cryptovision's epasslet Suite
51 Summary: One big picture PKI Smart card User Client Login directory 51
52 Summary: One big picture CAmelot Smart card HSM User Client Login directory 52
53 Summary: One big picture Card Management CAmelot Smart card sc/interface HSM User Client Login directory Web application 53
54 Summary: One big picture Card Management CAmelot epasslet Suite Smart card sc/interface HSM User Client Login directory Web application 54
55 Summary: One big picture Card Management CAmelot epasslet Suite Smart card sc/interface Shalott workflow HSM scep/responder Router User Client Login directory Router Web application 55
56 Summary: One big picture Card Management CAmelot epasslet Suite Smart card sc/interface Shalott workflow HSM scep/responder Router Green Shield Mail User Client Login directory Router Web application 56
57 Summary: One big picture Card Management CAmelot epasslet Suite Smart card sc/interface Shalott workflow CAmelot Keyp Key Recovery Remote Key HSM scep/responder Router Green Shield Mail User Client Login directory Router Web application 57
58 Summary: One big picture Card Management CAmelot External CA epasslet Suite Smart card sc/interface Local RA Shalott workflow CAmelot Keyp Key Recovery Remote Key HSM scep/responder Router Green Shield Mail User Client Login directory Router PKI Client: Pendragon Web application 58
59 Summary: One big picture Card Management CAmelot External CA epasslet Suite Smart card sc/interface Local RA Shalott workflow CAmelot Keyp Key Recovery Remote Key HSM scep/responder Router Green Shield Mail User Client sc/interface cache Login directory Router PKI Client: Pendragon Web application 59
60 Summary: One big picture Card Management CAmelot External CA epasslet Suite Smart card sc/interface Local RA Shalott workflow CAmelot Keyp Key Recovery Remote Key HSM scep/responder Router Green Shield Mail User Client sc/interface cache Login directory Router Green Shield File PKI Client: Pendragon Physical access Payment Web application 60
61 Summary: What a long strange quest it s been All projects have lots of unintended discoveries and may lead the need for changes of products and also business processes. During the project, additional challenges will also present themselves. Having a flexible strategy enables companies to deal with these unexpected new hurdles And it never hurts to have a bit of magic on your side 61
62 Thanks! cv cryptovision GmbH Munscheidstr Gelsenkirchen Germany Tel: +49 (0) 2 09 / Fax: +49 (0) 2 09 / info(at)cryptovision.com 62
cryptovision Enterprise product line Use Smart Cards, the smart way
cryptovision Enterprise product line Use Smart Cards, the smart way cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 Mindshare 2016 - Enterprise 2 cryptovision
More informationcryptovision s Enterprise Solutions Brian Kowal, Guido Ringel cryptovision Mindshare 2017
cryptovision s Enterprise Solutions Brian Kowal, Guido Ringel cryptovision Mindshare 2017 cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision
More informationOverview of cryptovision's eid Product Offering. Presentation & Demo
Presentation & Demo Benjamin Drisch, Adam Ross cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 General Requirements Government of Utopia Utopia Electronic
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationThe Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017
The Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017 cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 2 The Smart Card Evolution
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationCertificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between
Certificate Enrollment- and Signing Services for the Cloud A behind-the-scenes presentation of a successful cooperation between Introduction Based on our experience and the request from the market we would
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationThis version of the IDGo 800 middleware contains the following components: IDGo 800 Credential Provider build 01
What s New? Now Supported Doc Ref: D1379783A Date: October 16, 2015 This document presents information about the IDGo 800 V1.2.4-01 for Windows middleware. It shows what has changed since IDGo 800 V1.2.3-04.
More informationThe SafeNet Security System Version 3 Overview
The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products
More informationIdentity and Authentication PKI Portfolio
Identity and Authentication PKI Portfolio Gemalto offers comprehensive public key infrastructure (PKI) authentication solutions that provide optimal levels of security. Supporting a wide portfolio of IDPrime
More informationCLIQ Remote - System description and requirements
CLIQ Remote - System description and requirements 1. Introduction CLIQ Remote - Access at a distance CLIQ Remote is an electromechanical lock system with an additional level of security and flexibility,
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationOperating Systems and Profiles. Product Marketing Group Munich, Germany September 2010
Overview of CSSI supported Operating Systems and Profiles Product Marketing Group Munich, Germany CSSI 4.8.1 compliance matrix for native smart card OS types 2 native smart card OS and profile matrix (1)
More informationDesigning and Managing a Windows Public Key Infrastructure
Designing and Managing a Windows Public Key Infrastructure Key Data Course #: 2821A Number of Days: 4 Format: Instructor-Led Certification Track: Exam 70-214: Implementing and Managing Security in a Windows
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationProduct Documentation
(/en-us.html) Product Documentation Browse Browse StoreFront 3.1 Technology Preview Search Download full document PDF DOCX PRINT EMAIL System requirements Nov. 12, 2015 When planning your installation,
More informationCRESCENDO SERIES Smart Cards. Smart Card Solutions
CRESCENDO SERIES Smart Cards Smart Card Solutions Crescendo offers the lowest total cost of ownership (TCO) for a combined logical and physical access control solution. Crescendo smart cards allow me to
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationPRODUCT OVERVIEW. SecurePIM. Components
SecurePIM SecurePIM provides secure communication and access to corporate data from ios and Android smartphones or tablets. It enables employees to work remotely, access business-critical data and connect
More informationPower LogOn s Features - Check List
s s - Check List Versions The software is available in two versions, to meet the needs of all types and sizes of organizations. The list below indicates the features that are included in each version.
More informationeauthentication and Cross Boarder etransaction
eauthentication and Cross Boarder etransaction James Wu / jrsys CEO 1 1 Taiwan s e-gov Journey Efficiency & Effectiveness Infrastructure Development & Penetration Online Service Development Integrated,
More informationPRICE LIST TRUST SERVICE PRODUCTS. Price List Version 5.9 Berlin, April Copyright 2018, Bundesdruckerei GmbH. Seite 1/9
PRICE LIST TRUST SERVICE PRODUCTS Price List Version 5.9 Berlin, April 2018 Copyright 2018, Bundesdruckerei GmbH Seite 1/9 Qualified Single Signature Cards D-TRUST Card 3.0 EU Signature card according
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LANL s Multi-Factor Authentication (MFA) Initiatives NLIT Summit 2018 Glen Lee Network and Infrastructure Engineering
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationIndeed Card Management Smart card lifecycle management system
Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationSymantec Managed PKI. Integration Guide for AirWatch MDM Solution
Symantec Managed PKI Integration Guide for AirWatch MDM Solution ii Symantec Managed PKI Integration Guide for AirWatch MDM Solution The software described in this book is furnished under a license agreement
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationBYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips
Table of Contents Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips 2 Current State of BYOD in the Enterprise Defining BYOD Bring-Your-Own-Device (BYOD): a business practice
More informationVMware AirWatch Integration with OpenTrust CMS Mobile 2.0
VMware AirWatch Integration with OpenTrust CMS Mobile 2.0 For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationOwner of the content within this article is Written by Marc Grote
Owner of the content within this article is www.msexchange.org Written by Marc Grote www.it-training-grote.de Securing E-Mails with S/MIME and Smartcards in Exchange 2003 Written by Marc Grote - mailto:grotem@it-training-grote.de
More informationSC-1 Smart Card Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved
SC-1 Smart Card Token QUICK Reference Copyright 2007 CRYPTOCard Corporation All Rights Reserved 091807 http://www.cryptocard.com Table of Contents OVERVIEW...1 OPERATING MODES & OPTIONS...2 USING THE SC-1...6
More informationElectronic and digital signatures in Adobe Sign for government.
Electronic and digital signatures in Adobe Sign for government. Adobe Sign lets you comply with local and international regulations using one scalable signature solution. A White Paper September 2017 TABLE
More informationSecureDoc: Making BitLocker simple, smart and secure for you. Your guide to encryption success
SecureDoc: Making BitLocker simple, smart and secure for you Your guide to encryption success 1 It s time to unlock unbelievable new BitLocker advantages There is an encryption management solution out
More informationBP115 Best Practices for Secure Messaging with S/MIME Marc Luescher IBM Technical Support Switzerland Daniel Nashed Nash!
BP115 Best Practices for Secure Messaging with S/MIME Marc Luescher IBM Technical Support Switzerland Daniel Nashed Nash!Com Germany Please come meet and talk with us in the labs. Performance and TCO lab
More informationEncrypted containers for secure file transport
Encrypted containers for secure file transport Use Zed! encrypted containers to protect your file transports regardless of the method used (email attachment, USB stick, removable device, file transfer,
More informationopen.org Case study of XML based PKI management protocols. Tomas Gustavsson PrimeKey Solutions AB
www.oasis open.org Case study of XML based PKI management protocols. Tomas Gustavsson PrimeKey Solutions AB www.primekey.se www.ejbca.org www.oasis open.org Background Data loss and key management issues
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationSignCloud. Remote Digital Signature System
SignCloud Remote Digital Signature System All the information in this document is CONFIDENTIAL and can t be used entirely or in part without a written permission from Bit4id SRL. Contents 1. Executive
More informationAugust, Actividentity CTO Office
The Open Protocol for Access Control Identification and Ticketing with PrivacY For the Secure Enablement of converged Access and Contactless Transactions August, 2010 Actividentity CTO Office 2 What is
More informationMobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013
Mobile Devices as Identity Carriers Pre Conference Workshop October 14 th 2013 Mobile Market Worldwide Smartphones Market by OS (in thousands of units) 1,400,000 1,200,000 1,000,000 800,000 600,000 400,000
More informationSSH Communications Tectia SSH
Secured by RSA Implementation Guide for 3rd Party PKI Applications Last Modified: December 8, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product
More informationBioPassport TM Enterprise Server
BioPassport TM Enterprise Server The BioPassport Enterprise AD Server is the intelligence behind all of IdentAlink s biometric modules. Password management for a network or application can cost hundreds
More informationOverview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
More informationCryptomathic Signer. Guillaume Forget. All rights reserved. Copyright Cryptomathic 2013
Cryptomathic Signer Guillaume Forget All rights reserved. Copyright Cryptomathic 2013 What signature should I trust most? VERSUS Why the walrus? He thinks he is safe but is he really? How does the architecture
More informationmidentity midentity Basic KOBIL midentity Basic Mobile, Secure and Flexible
KOBIL Mobile, Secure and Flexible KOBIL is the ideal product for the mobile, yet safe transportation of your data and the protection of your digital identity. The perfectly integrated smartcard technology
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationeidas compliant Trust Services with Utimaco HSMs
eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationWorkspace ONE UEM Integration with OpenTrust CMS Mobile 2. VMware Workspace ONE UEM 1811
Workspace ONE UEM Integration with OpenTrust CMS Mobile 2 VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationThe Device Has Left the Building
The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use
More informationArcot Universal Client SAFE-Compliant Digital Signatures
Arcot Universal Client SAFE-Compliant Digital Signatures Scott Kern Solutions Architect Arcot, Inc. Company logo here Arcot Overview Authentication & Digital Signing Company Authentication 2-party and
More informationSándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary
Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary Introduction Private Hungarian IT company since 1984 Custom specific IT system
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT ESCB-PKI REGISTRATION AUTHORITY APPLICATION MOST COMMON ERRORS VERSION 1.2 ECB-PUBLIC 15-November-2012 ESCB-PKI - Common errors v.1.2.docx Page 2 of 20
More informationIntegration Guide. SafeNet Authentication Client. Using SAC CBA with BitLocker
SafeNet Authentication Client Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information Document
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationKeyOne. Certification Authority
Certification Description KeyOne public key infrastructure (PKI) solution component that provides certification authority (CA) functions. KeyOne CA provides: Public key infrastructure deployment for governments,
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationBusting the top 5 myths of cloud-based authentication
Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date Overview Cloud benefits Agility
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationSafeSign Identity Client Standard
This document contains information of a proprietary nature. No part of this manual may be reproduced or transmitted in any form or by any means electronic, mechanical or otherwise, including photocopying
More informationG/On. G/On is available for Windows, MacOS and Linux (selected distributions).
G/On Soliton G/On is a remote access solution which establishes connections between a remote device and application servers inside an organisations network. A secure gateway is used to separate the remote
More informationWhite Paper. Deploying CKMS Within a Business
White Paper Deploying CKMS Within a Business 1 Introduction The Cryptomathic Crypto Key Management System (CKMS) is a market-leading lifecycle key management product that can manage cryptographic keys
More informationSafeSign Identity Client Standard
This document contains information of a proprietary nature. No part of this manual may be reproduced or transmitted in any form or by any means electronic, mechanical or otherwise, including photocopying
More informationSafeNet Authentication Client
SafeNet Authentication Client All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right to
More informationArchitecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions
SecureToken Architecture 1 3 2 32-bit microprocessor smart chip Support onboard RSA key pair generation Built-in advanced cryptographic functions 4 5 6 7 8 9 10 Support onboard digital signing Supports
More informationGoogle Sync Integration Guide. VMware Workspace ONE UEM 1902
Google Sync Integration Guide VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationVSP18 Venafi Security Professional
VSP18 Venafi Security Professional 13 April 2018 2018 Venafi. All Rights Reserved. 1 VSP18 Prerequisites Course intended for: IT Professionals who interact with Digital Certificates Also appropriate for:
More informationPulse Workspace Appliance. Administration Guide
Pulse Workspace Appliance Administration Guide Product Release 2.0, 1743.1 Document Revisions 1.0 Published Date January 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 The Pulse
More informationThe Password Authentication Paradigm In today s business world, security in general - and user authentication in particular - are critical components
YOUR ULTIMATE AUTHENTICATION SOLUTION A l a d d i n. c o m / e T o k e n The Password Authentication Paradigm In today s business world, security in general - and user authentication in particular - are
More informationA Quick Guide to EPCS. What You Need to Know to Implement Electronic Prescriptions for Controlled Substances
A Quick Guide to EPCS What You Need to Know to Implement Electronic Prescriptions for Controlled Substances Many healthcare providers have delayed implementing electronic prescriptions for controlled substances
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationIDGo Middleware and SDK for Mobile Devices
Smartjac Industries Inc. - Kanalvägen 1A 2nd floor SE-194 61 Upplands Väsby Sweden www.smartjac.com / www.smartjac.biz Phone: +46(8)41071230 - Email: order@smartjac.com IDGo 800 - Middleware and SDK for
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationGuide Installation and User Guide - Mac
Guide Installation and User Guide - Mac With Fujitsu mpollux DigiSign Client, you can use your smart card for secure access to electronic services or organization networks, as well as to digitally sign
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationMaximize your move to Microsoft in the cloud
Citrix and Microsoft 365: Maximize your move to Microsoft in the cloud 3 reasons to manage Office 365 with Citrix Workspace Pg. 2 Pg. 4 Citrix.com e-book Maximize your Citrix Workspace 1 Content Introduction...3
More informationSafeNet MobilePKI for BlackBerry V1.2. Administration Guide
SafeNet MobilePKI for BlackBerry V1.2 Administration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV and/or its subsidiaries who shall have
More informationMU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationIBM KeyWorks Accelerate Development of your Secure e-business Solutions Sekar Chandersekaran IBM
IBM KeyWorks Accelerate Development of your Secure e-business Solutions Sekar Chandersekaran IBM chanders@us.ibm.com IBM KeyWorks Market Needs History KeyWorks KeyWorks KeyWorks KeyWorks KeyWorks Suite
More informationQuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen
QuoVadis The Swiss solution for digital certificates with worldwide distribution QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen Overview!! Check list for Root signing or managed PKI!!
More informationCertificate Enrollment for the Atlas Platform
Certificate Enrollment for the Atlas Platform Certificate Distribution Challenges Digital certificates can provide a secure second factor for authenticating connections from MAP-wrapped enterprise apps
More informationGuide Installation and User Guide - Windows
Guide Installation and User Guide - Windows With Fujitsu mpollux DigiSign Client, you can use your smart card for secure access to electronic services or organization networks, as well as to digitally
More informationINSTRUCTION FOR OPERATION WITH DESKTOP SIGNER
INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER Version 1.50, February 2017 B-Trust Instruction Page 1 TABLE OF CONTENTS I. About the Program... 3 II. System requirements... 3 III. Installation... 4 IV.
More informationSxS Authentication solution. - SXS
SxS Authentication solution. - SXS www.asseco.com/see SxS Single Point of Authentication Solution Asseco Authentication Server (SxS) is a two-factor authentication solution specifically designed to meet
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationSymantec Managed PKI Overview. v8.15
Symantec Managed PKI Overview v8.15 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
More informationSWITCHpki Service Launch The SWITCHpki Team
SWITCHpki Service Launch The SWITCHpki Team pki@switch.ch http://www.switch.ch/pki/ 2004 SWITCH Overview Introduction CA Structure Roles, Entities Service Options Example SwissSign Introduction Outlook:
More informationThe Gemalto offer for PKI market in Russia
The Gemalto offer for PKI market in Russia Miroslaw TOCICKI, Technical Consultant September 18th, 2014 Agenda Introduction Gemalto IdA portfolio Java PKI cards for developers GOST certified solution IDPrime
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationQUICK SET-UP VERIFICATION...3
TABLE OF CONTENTS 1 QUICK SET-UP VERIFICATION...3 2 INSTALLING CERTIFICATES...3 3 IF YOU USE MS INTERNET EXPLORER...3 3.1 INSTALLING THE CERTIFICATE...3 3.2 SSL3 ACTIVATION:...3 3.3 JAVASCRIPT ACTIVATION...3
More informationIntegrating Password Management with Enterprise Single Sign-On
Integrating Password Management with Enterprise Single Sign-On 2016 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: one problem, two solutions 2 2.1 The Problem.............................................
More information