The Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017

Transcription

1 The Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017 cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com 1

2 2

3 The Smart Card Evolution chip implant smart token contactless TPM built-in SGX contact card software smart card emulation mobile Remote CSP Security level is different SIM microsd mobile key store 3

4 PC, Smartphone, and Tablet Sales 200 millions 100 billions More and more young people discover the internet via smart phones and tablets tablets smart phones PCs Source: Business Insider 4

5 PC, Laptop, and Tablet Sales Source: Statista

6 The mobile smart card dilemma Many organisations want to use conventional smart cards on mobile devices contact card readers are not practical RFID access is not standardised ios and Android have only rudimentary smart card handling But, using ordinary smart cards on a mobile device doesn't work very well 6

7 Paradigm Shift smart card conventional smart cards, mobiles and other alternatives More and more organisations accept alternatives such as mobile smart cards, though they have to restructured their security requirements 7

8 cryptovision unifies credential stores 8

9 Documents Terminal Clients Server epasslet SCalibur sc/interface s/mail PKIntegrated CAmelot Trend 1 9

10 10

11 Internet in 2000 Internet in 2017 Internet in 2030 Internet of PCs Internet of PCs, tablets, smart phones Internet of things Every component needs keys Key management gets more and more important 11

12 Typical answer: Implement PKI Infrastructure cares about public keys and certificates 12

13 1 How to import a trust anchor 2 How to import a certificate What a PKI user needs to know 3 How to protect your private keys 4 How to apply for a certificate 5 Why you shouldn't ignore PKI warnings 10 How to export a certificate 6 How to interpret PKI error messages 11 Risks of changing encryption keys 7 How to turn on digital signing 12 Difference between signature and.signature file 8 How to install someone's public key 13 How to turn on encryption 9 How to get someone's public key 14 How to interpret security icons 15 What happens if a key is revoked 16 What does the padlock really mean 17 Why check the three boxes in Netscape/ Mozilla 18 What does "untrusted CA' mean 19 How to move and install certificates and private keys Source: Prof. Angela Sasse cryptovision 13

14 Next generation Key Management Manage both public and secret (private) keys Manage all public keys with the same means Maximize flexibility when handling secret keys Simplify secret key enrolment and key roll-over Consider virtualized scenarios and mobile devices 14

15 CAmelot: Public key AND secret key management Database CAmelot Smart Card LDAP HSM File TPM 15

16 CAmelot key objectives Transparent and automated end-2- end key and certificate management Workflow-based processes designer Simultaneous multivendor CA integration Remote key handling for backup, group-application or deputy users sc/interface 16

17 1 How to import a trust anchor 2 How to import a certificate What a PKI user needs to know 3 How to protect your private keys 4 How to apply for a certificate 5 Why you shouldn't ignore PKI warnings 10 How to export a certificate 6 How to interpret PKI error messages 11 Risks of changing encryption keys 7 How to turn on digital signing 12 Difference between signature and.signature file 8 How to install someone's public key 13 How to turn on encryption 9 How to get someone's public key 14 How to interpret security icons 15 What happens if a key is revoked 16 What does the padlock really mean 17 Why check the three boxes in Netscape/ Mozilla 18 What does "untrusted CA' mean 19 How to move and install certificates and private keys Source: Prof. Angela Sasse cryptovision 17

18 Documents Terminal Clients Server epasslet SCalibur sc/interface s/mail PKIntegrated CAmelot Trend 1 Trend 2 18

19 19

20 NSA: Has the best IT security expertise in the world Edward Snowden: Easily beat all NSA IT security measures 20

21 Paradigm Shift Protecting infrastructures Protecting assets 21

22 What hasn t changed so far 4% Why are only 4% of all s encrypted? s Too complicated Not enough pressure to use it Source: Hochschule Westfalen cryptovision 22

23 What has changed: 23

24 encryption is complex, but ecryption is necessary, the pressure to use it is increasing 2. There are possibilities to improve this situation, if addressed properly 3. Organizations start to assign significant budgets to secure assets cryptovision 24

25 Our ongoing and most current secure initiatives cryptovision s s/mail product receives first unlimited NATO-wide approval German Armed Forces continuously rely on End-to-End encryption with s/mail cryptovision announces new secure suite replacing previous s/mail product line German federal ministry starts initiative to design and implement an exemplary secure strategy with cryptovision European large-scale cooperation starts sustainable secure project leveraging cryptovision encryption technology cryptovision 25

26 cryptovision's Goal Everybody... private persons corporate employees users in high security environments shall have the possibility to encrypt in a simple, user-friendly way. If required, even spontaneously 26

27 27

28 STAY SMART AND RESPONSIBLY 28

29 Documents Terminal Clients Server epasslet SCalibur sc/interface s/mail PKIntegrated CAmelot Trend 1 Trend 3 Trend 2 29

30 30

31 There are many smart cards around... Electronic ID Card Driving Licence Health Insurance Card Company card Payment Card BF Access Card Loyalty card Signature Card 31

32 Convergence Electronic ID Card Health Insurance Card German npa Driving Licence Company card Payment Card BF Access Card Loyalty card Signature Card 32

33 Convergence Electronic ID Card Health Insurance Card Nigerian eid Driving Licence Company card Payment Card BF Access Card Loyalty card Signature Card 33

34 IoT Convergence Derived ID Wearable Electronic ID Card Health Insurance Card Future Project Driving Licence Company card Payment Card BF Access Card Loyalty card Signature Card 34

35 What we need: A generic, flexible card technology Convergence, multi-application, post-issuance extendibility epasslet Suite 35

36 Documents Terminal Clients Server epasslet SCalibur sc/interface s/mail PKIntegrated CAmelot Trend 4 Trend 1 Trend 3 Trend 2 36

37 More Trends to discover during the upcoming sessions! And at Mindshare 201x cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com 37