Product Presentation - PowerPoint PPT Presentation

Loading...

PPT – Product Presentation PowerPoint presentation | free to download - id: 38833-Y2IxN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Product Presentation

Description:

They fit into your wallet, and they scrape frost off car windows nicely! ... Netscape Navigator, Messenger. Other 'CSP' Applications ... – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 29
Provided by: andre59
Learn more at: http://csrc.nist.gov
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Product Presentation


1

Mobile Credentials
Ennio J. Carboni Product Manager, Keon
PKI 781-301-5323 ecarboni_at_rsasecurity
2
RSA Keon
  • Robust, flexible Certification Authority
  • Enhanced PKI Services
  • Interoperable across multiple certificate
    authorities, directory servers and applications
  • Powerful desktop with common credential store,
    two-factor authentication and file encryption
  • Security server providing policy management,
    trust management and credential mobility
  • Application Integration
  • RSA BSAFE Cert tools natively PKI-enabling
    applications
  • RSA Keon Agent toolkit for integrating
    existing non-PKI applications (SSO)

3
RSA Keon Enhanced Services
Web App
RSA Keon Advanced PKI
Applicationserver(e.g.SAP)
E-mail
4
RSA Keon Security Server
Extend the use of digital certificates across
organizations and applications
  • Keon Credential Store management and delivery for
    mobile users
  • Focal point for CA interoperability within Keon
  • Automated certificate validation
  • Centralized management for private key access
    policy
  • Centralized logging depot for Keon components
  • Replication for scalability
  • Simplified Administration

5
RSA Keon Desktop
Providing the critical requirements for desktop
e-Security
  • File Encryption
  • Protection of Credentials
  • PKI Credential Interoperability
  • Smart Card Support
  • Reduced Logon
  • Ease of Deployment

6
SecurityNon-repudiation requires trust in
certificates
  • Certificates Cryptography bind digital
    identities to the data and transactions they
    manipulate

Authenticators bind people to their digital
identities
7
How Secure is the Private Key?
Password
Where is it stored?
How user authenticatesto the store?
Crypto Operation
PIN
8
Local PKI Credential Storage
Password
Password
PKCS 12 export
9
PKCS 12 Issues
  • PKCS 12 implementations hard to use
  • Requires manual intervention
  • No life cycle support
  • Inconsistent update of credentials
  • Limited security for private key
  • Password based
  • Allows replication of identity

10
Smart Cards and Authentication
  • Smart Cards are ideal for PPK Authentication
  • The Private Key lives in secure tamper resistant
    storage
  • 2 factor authentication is re-introduced since
    you need both the Smart Card and a PIN to unlock
    it
  • The crypto happens on the Smart Card with the
    help of a crypto accelerator
  • They fit into your wallet, and they scrape frost
    off car windows nicely!

11
The Benefits of Smart Cards
  • They are secure
  • They are portable
  • They can perform operations other than
    authentication
  • signatures, encryption
  • They can support other applications
  • E-cash, Loyalty, ...
  • They can be used as Employee badges

12
RSA SecurID 3100 Smart Card
  • Highest security
  • On-card digital signatures
  • Supports latest application features
  • Dual keys and certificates
  • Mobility
  • Credential store on-card with keys, certificates,
    login information and RSA SecurID seed
  • Versatile
  • Supports RSA Keon Desktop for PKI applications
    and classic RSA SecurID-protected systems

13
RSA SecurID 3100 Smart Card
  • Smart Card Readers
  • PC/SC
  • Setec SetCad 203N
  • Philips PE112/PE122
  • Smart Cards
  • Philips DX
  • Setec 8k
  • Setec 16k
  • GemPlus GPK8000

14
Smart Card-Reader Interface
  • There are actually two standardization issues to
    be dealt with
  • The electrical interface between the reader
    hardware and the PC
  • Fortunately standards exist here RS232 and USB
  • More problematic is the interface between the
    reader hardware and the smart card
  • Two classes of interface were needed here
  • Electrical Interface Standards
  • Command Interface Standards
  • ISO 7816 addresses these issues

15
Smart Card Reader Interface
  • The next level of problem is the API between the
    smart card reader, and the host PC software
  • Until recently, each reader manufacturer had a
    proprietary API which was used to talk to the
    reader driver
  • This was an effort by the smart card reader
    manufacturers to lock applications into a
    particular reader
  • Several years ago a consortia headed by Microsoft
    defined the PC/SC interface
  • It was intended to be use by systems other than
    Windows (Unix, PDAs, )
  • In reality, it is primarily a Microsoft Windows
    standard

16
Smart Card Formatting
  • There are two major ways of dealing with this
    formatting problem
  • One solution is to develop a standardized way to
    layout the card directory, and name the files
  • PKCS15 developed by RSA Labs is an example
  • The other solution is to abstract the interface
    to the card so that you no longer deal with
    directories and files
  • JavaCard is an example

17
PKI Credential InteroperabilitySharing
credentials across multiple applications
Netscape Communicator
Microsoft apps
18
The Barriers to Smart Cards
  • They need a reader
  • This will be an issue until these become embedded
    in keyboards and notebooks
  • They cost money
  • But prices are getting pretty reasonable
  • Not all applications support PPK and Smart Cards
  • But many of todays applications are Web based,
    and the browsers do support them
  • Industry compatibility
  • PC/SC Readers now available
  • PKCS 15 from RSA Labs

19
PKCS15
  • What is it?
  • It is a specification for organizing
    cryptographic data onto an authentication objects
    (e.g. card, other devices)
  • Allows multiple PKCS15 applications to live on
    same card
  • People frequently confuse PKCS11 and PKCS15
  • PKCS11 is a standard which defines how to plug
    cryptographic tokens into a crypto solution
  • These tokens could be smart cards or crypto
    accelerators for example
  • PKSC15 is a standard which defines the layout of
    a smart card format, and the naming standard for
    common files
  • The application developers who use smart cards
    are focusing on PKCS15

20
RSA Keon Advanced PKICredential Store Format
Virtual Smart Physical Smart Card
21
Unique PKI Issues forB2B Extended Enterprises
  • Partners wishing to use PKI to protect
    transactions over the Internet.
  • Must support the Big 2 web browsers and mail
    clients
  • Must be secure over a public network
  • Must be unobtrusive to partners PCs
  • Must be easy to use
  • Solution must be secure, scalable, and manageable
  • Users credentials must be mobile

22
Unique PKI Issues forB2B Extended Enterprises
  • Large enterprise deployments wanting to use PKI
    for a variety of functions
  • Browser, S/MIME, IPSec
  • The enterprise requires unobtrusive software
  • Must be easy to use
  • The solution must be secure and be run over a
    public network

23
RSA Keon Advanced PKI Ease of Use Credential
Mobility
RSA Keon Security Server
24
Downloadable Desktop Architecture
PKCS 11 Browsers and Mail Clients
Microsoft Browsers and Mail Clients
IPSec and Other Applications
PKCS 11
PKCS 11 or CSP
CSP
RSA Security Cryptographic Services
COM server
Logoff Service
Local Security Service
25
Downloadable Desktop
  • Credential mobility
  • Multiple user credentials
  • Certificate auto-enrollment
  • Keon Certificate Server Support
  • Optional SecurID authentication
  • Standards-based repository

26
Downloadable Desktop
  • Unobtrusive software
  • Small footprint
  • No device drivers
  • Installed by a normal user
  • No reboot
  • Reduced sign-on/web SSO
  • Interoperability with client PKI applications
  • Microsoft Internet Explorer, Outlook Express,
    Outlook 2000
  • Netscape Navigator, Messenger
  • Other CSP Applications
  • Compatibility with authorization products
  • Public APIs and CLIs for integration and
    customization

27
Authentication Options
  • Physical Smart Card
  • Virtual Smart Card
  • PKCS 5 Password Enhancement
  • SecurID

28
The Most Trusted Name in e-Security
WWW.RSASECURITY.COM
About PowerShow.com