PKI Interoperability in ASIA - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

PKI Interoperability in ASIA

Description:

CA-CA (Cross-Cert req. format, etc) CA-EE (Cert response format, etc) ... Choice of CA-CA bilateral connection methodology. Cross Certificate model ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 24
Provided by: ank88
Category:

less

Transcript and Presenter's Notes

Title: PKI Interoperability in ASIA


1
PKI Interoperability in ASIA
June 2, 2005.
Jeun, In Kyung (ikjeun_at_kisa.or.kr)
2
Contents
  • Introduction to Asia PKI Forum
  • Asia PKI Interoperability Guideline v2.0
  • PKI Interoperability in Korea
  • Conclusion

3
Introduction to Asia PKI Forum
4
About the Asia PKI Forum(APKIF)
  • Objective and Mission
  • Pursue the Best Interoperable e-Commerce
    Environment
  • Joint work to Secure Interoperability among Asian
    Countries International Cooperation to establish
    Global PKI Framework
  • Organization Information
  • APKIF is an international, non-profit-organization
  • Established in June 13, 2001
  • Members
  • China PKI Forum(http//www.Chinapkiforum.org.cn)
  • Japan PKI Forum(http//www.japanpkiforum.jp/E/inde
    x.htm)
  • Korea PKI Forum(http//www.pki.or.kr)
  • Chinese Taipei PKI Forum(http//www.pki.org.tw)
  • PKI Forum Singapore(http//www.pkiforumsingapore.o
    rg.sg)
  • Hone Kong PKI Forum(http//www.hkpkiforum.org.hk/i
    ndex.htm
  • Macao Post(http//www.esigntrust.com/eng/html/pki.
    html)
  • Thailand PKI Forum(http//www.thailand-pkiforum.or
    g)

5
Structure of Asia PKI Forum
General Meeting
China, Japan, Korea, Singapore, Chinese
Taipei, Hong Kong China, Macao China, Taniland
China, Japan, Korea, Singapore, Chinese Taipei
Steering Committee
Chairperson Dr. Hong-Sub Lee (Korea PKI Forum)
2 Vice Chairperson Mr. Lian Du (China PKI
Forum) Mr.
Naoyuki Akikusa (Japan PKI Forum)
Secretaiat (Korea)
Treasurer (Korea)
Business Working Group Business Case/application
WG Legal Infrastructure WG
Technical Working Group Interoperability WG World
Wide Collaboration WG
Legal Infrastructure Working Group
Business Case /Application Working Group
World Wide Collaboration Working Group
Interoperability Working Group
6
Asia PKI Interoperability Guideline v2.0
7
What can we do with Asia PKI interoperability
guideline?
Asia
Asia PKI
PKI available in all of Asian Pacific area
PKI Public Key Infrastructure
Verification of digital signature
  • issuance of
  • certificate

Interoperation between existing CAs is possible!!
e-Transaction
8
Objectives of APKIF Interoperability Guideline
A designing of PKI profiles for the multi domain
PKI interoperability in Asia
What is to be decided ?
9
Main Contents of Asia PKI interoperability
Guideline
10
Contents(1)-Trust Model
  • CA to CA interoperability architecture
  • Choice of CA-CA bilateral connection methodology
  • Cross Certificate model
  • Cross Recognition model
  • Definition of each method
  • There are two kinds of Cross Certification

Cross Certificate model
Cross Recognition model
Reverse Cross certificate
CA
CA
CA
CA
Cross certificate
Forward Cross certificate
Unilateral Cross Certificate
Multi Cross Certificate
11
Contents(2)-PKI component interfaces
12
Contents(3)-Certificate and CRL Profiles
  • Policy of designing Certificate and CRL profiles
  • Based on X.509 v3 and RFC3280
  • Character set PrintableString (future work
    Multi-byte code)
  • Constraints extensions (future work)
  • Limitations from the present implementation may
    exist
  • Definition of profiles
  • CA Certificate Profile
  • Root CA Certificate / Certificate for
    Cross-Certificate / SubCA Certificate
  • Certificate Basic field / Certificate Extension
    field
  • EE Certificate, Identification Certificate,
    Secure E-Mail Certificate
  • Certificate Basic field / Certificate Extension
    field
  • CRL/ARL Profile
  • Basic field / Entry Extensions / Extensions
  • Interoperability consideration
  • Encoding rules of DirectoryName
  • basicConstraints in EE certificate
  • An escape method for the description of , in
    LDAPURI

13
Contents(4)-Common API
  • Common API for PKI Application(PKCS11)
  • Define the scope and assumptions, Mechanisms and
    algorithms
  • Template Requirements and Key issues

14
Contents(5)-Certificate Validation
  • Certificate Path Processing Implementation
    Guideline
  • Certificate path validation algorithm (Based on
    RFC3280)
  • CRL Validation algorithm
  • Restricted Certificate path construction
    algorithm
  • Considerations (using VA)
  • Path Processing Test

Interconnection Model
Service Model
Revocation/Validation Model
Test Criterial
PKI Model
Test Cases
X.509
RFC3280
Any Standards
15
Contents(6)-Certificate Policy
  • For the PKI Policy Interoperability, we designed
  • CA Management Guideline
  • CP mapping Guideline

CA Mapping Guideline
CA Management Guideline
CA License and Mapping Scheme for PKI
Interoperability
Physical Control
Technical Control
Operation Control
Identification
Certificate management
Key management
Certificate Verification
Country 1
Country 1
Physical Control
Technical Control
Operation Control
Identification
Certificate management
Key management
Certificate Verification
Country 2
Country 2
???
???
???
???
Physical Control
Technical Control
Operation Control
Identification
Certificate management
Key management
Certificate Verification
Country n
Country n
CP
CPS
Law
Accreditation Criteria
16
PKI Interoperability in Korea
17
PKI Scheme in Korea
Interoperability between GPKI and NPKI
Interoperability among CAs
18
Interoperability among Accredited CAs
Subscriber use most electronic services (Bank,
Stock, etc)
with his/her accredited certificate issued by any
accredited CAs
issue cert. for ACA
issue cert. for ACA
Root CA
Accredited CA A
Accredited CA B
request the status of the cert.
?
provide toolkit for interoperability
19
Technical Issues for Interoperability
  • User Interfaces
  • How to fine and use certificate stored in various
    media such as H/W, Floppy, USB and Smartcard
  • Standardization of Naming Rule Storage location
    of Certificate and CRL
  • Supporting mobility of private key for digital
    signature and certificate
  • Common user interface of PKI client S/W

20
Interoperability Between NPKI and GPKI
  • Mechanism of Interoperability
  • Make use of CTL(Certificate Trust List)
  • National Root CA(KISA) issued CTL for its
    subscribers
  • Government Root CA(GCC) issues CTL for its civil
    application services

CTL
Certificate
Certificate
Issue CTL
21
Effects of PKI Interoperability in Korea
  • Increase User Benefit and Application Areas
  • Users can make use of various e-transactions with
    just one certificate for their convenience
  • Widen application areas such as Internet banking,
    Cyber stock exchange, e-procurements
  • 6 Accredited CAs issued accredited certificates
    to user around 10 million in total

22
Conclusion
23
Conclusion
  • Asia PKI Forum achieved the baseline for PKI
    interoperability among Asia countries
  • Subscribers are able to use their digital
    certificate in other areas when the member areas
    achieve mutual recognition of electronic
    signature by complying with the guideline
  • Korea achieved the PKI Interoperability already
  • Subscriber who has an accredited certificate can
    do all kinds of electronic transaction at
    Internet
  • The technology and policy for PKI
    interoperability was reflected in Asia PKI
    Interoperability Guideline
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "PKI Interoperability in ASIA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!