Скачать презентацию Do D Public Key-Enabling PK-E of Applications 1 Скачать презентацию Do D Public Key-Enabling PK-E of Applications 1

a3a597ad6ca49b83fcde6dc46f682151.ppt

  • Количество слайдов: 11

Do. D Public Key-Enabling (PK-E) of Applications 1 st Annual PKI Research Workshop NIST Do. D Public Key-Enabling (PK-E) of Applications 1 st Annual PKI Research Workshop NIST 4/25/02 1

Overview • • • PK-E distinct from PKI Definition of “PK-E” Interoperability with Do. Overview • • • PK-E distinct from PKI Definition of “PK-E” Interoperability with Do. D PKI “Security Goodness” Protection Profile, Technical Instruction, Proof of Concept (POC) 2

PK-E Distinct from PKI • PK Infrastructure - CAs and RAs and LRAs, Revocation PK-E Distinct from PKI • PK Infrastructure - CAs and RAs and LRAs, Revocation Information Repositories, Certificate Policies, Certification Practice Statements, etc • PK-Enabling - builds or modifies applications to use the security services supported by the PKI 3

Definition of PK-E • An application is PK-Enabled if it – Can accept and Definition of PK-E • An application is PK-Enabled if it – Can accept and process a Do. D PKI X. 509 digital certificate in order to use one or more of the security services supported by the Do. D PKI (confidentiality, authenticity, integrity, non-repudiation) – Contains an interface to the Common Access Card (CAC) or other Do. D approved hard token – Collects, stores and maintains any data required to support digital signature and data encryption – Maintains accurate time to a sufficient degree of precision 4

Interoperability with Do. D PKI • Determined by the Joint Interoperability Test Command (JITC) Interoperability with Do. D PKI • Determined by the Joint Interoperability Test Command (JITC) by means of “Do. D PKI Interoperability Master Test Plan”. 5

“Security Goodness” • Application could pass JITC functional test for “interoperability” with Do. D “Security Goodness” • Application could pass JITC functional test for “interoperability” with Do. D PKI but still be deficient in “security” • National Security Telecommunications and Information Systems Security Policy (NSTISSP), Number 11 - requires U. S. Govn. IT systems to be evaluated and validated by Common Criteria after 1 July 2002 6

Protection Profile (PP) • Public Key-Enabled Protection Profile – generic, system level PP, for Protection Profile (PP) • Public Key-Enabled Protection Profile – generic, system level PP, for PK-Enabled applications – In draft, soon to be presented for NIAP evaluation 7

PK-E Technical Instruction • One-stop document (theory, policy, technical, procurement) for an application owner/manager PK-E Technical Instruction • One-stop document (theory, policy, technical, procurement) for an application owner/manager (contract to be awarded in 5/02) 8

PK-E TI Proof of Concept • Contractor who wrote TI uses it to PK-E PK-E TI Proof of Concept • Contractor who wrote TI uses it to PK-E an application selected by USMC (part of TI contract to be awarded in 5/02) 9

Further Study • How much is all this going to cost? • Role of Further Study • How much is all this going to cost? • Role of PKI/PK-E in a tactical environment (some of the standard assumptions don’t apply) • Can an application be “partially PKEnabled”? 10

PK-Enabled ? Web Server Database User SSL Tier 1 Server ID/PW Tier 2 Tier PK-Enabled ? Web Server Database User SSL Tier 1 Server ID/PW Tier 2 Tier 3 11