Individual Digital Certificates and PKI - PowerPoint PPT Presentation

About This Presentation
Title:

Individual Digital Certificates and PKI

Description:

Importance of authentication ... security, as well as the processes and principles for the us of cryptography. ... Similar to a passport or driver's licence ... – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 18
Provided by: peterv48
Category:

less

Transcript and Presenter's Notes

Title: Individual Digital Certificates and PKI


1
Individual Digital Certificates and PKI
  • Chris Connolly
  • Peter van Dijk
  • Galexia Consultinghttp//www.galexia.com.au

2
1. Introduction
  • Galexia Consulting
  • Federal Privacy Commissioners Discussion Paper
    on Digital Certificates forthcoming
  • Importance of authentication technologies why
    PKI?
  • Scope of this presentation focus on trust
    issues

3
2. Why Public Key Technology?
  • Public Key Technology involves the use of digital
    signatures. These signature are used for
  • Authentication - confirm who you are
  • Integrity - what you sent
  • Non-repudiation - you cant deny it
  • Additionally
  • Confidentiality - what you can see - enables the
    encryption and decryption of information sent
    between two parties

4
2. What is PKI?
  • Public Key Infrastructure (PKI) is the
    combination of software, encryption technologies
    (PKT), and services that enables organisations to
    protect the security of their communications and
    business transactions on the Internet
  • PKIs integrate digital certificates, public-key
    cryptography, and certificate authorities into a
    shared network security architecture, including
  • issuance of digital certificates to individual
    users
  • end-user enrolment software
  • integration with corporate certificate
    directories
  • tools for managing, renewing, and revoking
    certificates

5
2. Components of a PKI
  • http//www.baltimore.com

6
2. Components of a PKI
  • A PKI comprises the following components
  • Certificate Authorities (CAs) These are
    responsible for issuing and revoking
    certificates.
  • Registration Authorities (RAs) These verify the
    binding between public keys and the identities of
    their holders. They conduct the initial
    verification of a potential subscribers identity
    and/or attributes .
  • Subscribers/Digital Certificate holders People,
    machines or software agents that have been issued
    with certificates and can use them to sign
    digital documents.
  • Clients These validate digital signatures and
    their certification paths from a trusted CA's
    public key.
  • Relying parties Rely on the contents of a
    digital certificate in communicating with
    subscribers.
  • Repositories/Directories These store and make
    available certificates and certificate revocation
    lists.
  • Security policy This sets out and defines the
    organization's top-level direction on information
    security, as well as the processes and principles
    for the us of cryptography.

7
2. What is a Digital Certificate?
  • A digital form of identification
  • Similar to a passport or drivers licence
  • Binds subjects public key (a mathematical value)
    to one or more attributes relating to their
    identity
  • A certificate is valid for a period of time,
    (often one, three or ten years)
  • Certificates can do different things. For
    example
  • Encrypt a document
  • Sign a document for non-repudiation
  • Secure a WWW server
  • Provide authentication - Enable the holder to
    access a corporate new work

8
2. Example Certificate (1)
  • Certificate Summary

9
2. Example Certificate (2)
  • Certificate Attribute details Key Usage

10
2. Example Certificate (3)
  • Certificate Attribute details Subject

11
3. PKI Models
  • There are a number of factors that differentiate
    PKI applications
  • The level of identification (ranging from
    anonymous to fully identified)
  • The use of attributes
  • The potential for multi-purpose/multi-use
    certificates and
  • The use of online services, tokens and mobile
    devices.

12
3. Case Studies
  • Case study 1 Australian State government agency
    applications
  • Case study 2 Multi agency application
  • Case study 3 Health smart card
  • Case study 4 Patent application
  • Case study 5 Banking application

13
3. Case Studies - Commonwealth
  • Australian Federal Agency applications
  • Centrelink
  • Australian Electoral Commission
  • Health Insurance Commission
  • Customs
  • Electronic Tenders
  • Jobsearch
  • Case study 6 The Australian Business Number
    Digital Signature Certificate (ABN-DSC)

14
4. Overview of privacy implications
  • 1. Collection, use, and disclosure of personal
    information
  • By Certification Authorities and Registration
    Authorities
  • By Relying Parties
  • 2. Storage and destruction
  • 3. Certificate Revocation Lists (CRLs)

15
4. Privacy (continued)
  • 4. Logging of CRL lookups
  • 5. Revocation of a certificate
  • 6. Cooperation with law enforcement agencies
  • 7. Access and correction rights
  • 8. Security

16
4. Privacy (Continued)
  • 9. Identification requirements
  • 10. Unique identifiers
  • 11. Potential for additional use of data
    (function creep)
  • 12. Risk management practices
  • 13. Limits on user choice

17
5. Conclusion
  • Tools to build trust in digital certificates
  • Future trends/issues in PKI
  • Ongoing discussion and consultation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Individual Digital Certificates and PKI" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!