89dae6acfbecf23a61897407e0af610f.ppt
- Количество слайдов: 19
Guaranteeing Electronic Trust at all times www. certiver. com Assuring e-Trust always 1
Today's Agenda ¨Who is Certi. Ve. R ¨Solutions from Certi. Ve. R ¨Certi. Ve. R – TACAR proposal ¨Questions www. certiver. com Assuring e-Trust always 2
Certi. Ve. R Services Validation ¨ OCSP Validation via CRL or OCSP database connection in real time. – Provision of enhanced OCSP responder – High Availability – Back up – Load Sharing – Automated Revocation www. certiver. com Assuring e-Trust always 5
Certi. Ve. R Services Enhanced Validation information ¨ Certificate Status – Active, Revoked or Suspended Invalid – Multiple CA integration Certificate ¨ Purpose of Certificate – Use of OCSP response extensions to disclose attributes of the user certificate or the Certification Authority policy. – Used for authorisation by applications to carry out specific functions or transactions www. certiver. com Assuring e-Trust always 6
Certi. Ve. R Services: Load Sharing, Backup & High Availability ¨ Backup of your certificates database: – Backup in case of failure with security guarantee – Lower cost than if you were to do it yourself ¨ High Availability: – Hot standby backup in case of failure – Load sharing or balancing – Ensure high availability and reliability – Guarantee performance levels www. certiver. com Assuring e-Trust always 7
Certi. Ve. R Services Automated Revocation ¨ Automated certificate revocation module or application via voice and speaker recognition. – High Security, Liability and Reliability • Biometrics user registration • Speaker and Voice recognition integrated with revocation – High Availability, 24 x 7 – Outsourcing of service to Certi. Ve. R www. certiver. com Assuring e-Trust always 8
Certi. Ve. R Services Optional Manual Revocation ¨ Common Call Center for all CAs – Economies of Scale – Lower shared costs – More user friendly – High Availability, 24 x 7 • Automated system may transfer problematic calls – Security provided through Secret questions • A similar security level could also be provided via Web www. certiver. com Assuring e-Trust always 9
Certi. Ve. R Services - Outsourcing Certificate Status Database Management ¨ Offload management ¨ Reduce costs ¨ Improve service ¨ Enhance reliability ¨ Increase accuracy ¨ Raise level of trust and confidence www. certiver. com Assuring e-Trust always 10
Certi. Ve. R Services CA Certification ¨ Creation of or assistance with CPS ¨ Audit of CA in accordance with international and national norms – Legal requirements – Required by customers – Facilitates trust chains ¨ Certi. Ve. R Proof of Trustworthiness www. certiver. com Assuring e-Trust always 11
Certi. Ve. R Cross-Trust How do you trust other CAs? ¨ Chaining Trust – Cross-certification – Cross-validation ¨ No more PKI Islands – Degree of Trust – Validity Time of Trust – Validity Period of Trust www. certiver. com Assuring e-Trust always 14
Certi. Ve. R Services Ready applications for digital signature ¨ Provide tools and services to make applications PKI ready: – Already integrating GTK 3. 9. 4 ¨ Single validation access point for several CA, s ¨ Provision of access APIs ¨ Quality Control and post development support ¨ Facilitate the rise of applications using digital signatures – Needing more than one certificate – Needing more than just certificate validation www. certiver. com Assuring e-Trust always 15
Certi. Ve. R – TACAR 1 st Proposal Revocation Administration done by CA Certi. Ve. R Sites CRL for User Certs Cert Status Database CAs Revoke Root Certs OCSP synch Responder Revocation Module OCSP Validation Request for TACAR’s Repository and hierarchies Revoke User Certs Publish Root Certs TACAR CA’s Root List CA Users, Grid Users, etc. www. certiver. com Assuring e-Trust always 16
Certi. Ve. R – TACAR 2 nd Proposal Revocation Administration done by Certi. Ve. R Sites Cert Status Database CAs Revoke Root Certs OCSP synch Responder Revocation Module OCSP Validation Request for TACAR’s Repository and hierarchies Publish Root Certs Revoke User Certs TACAR CA’s Root List CA Users, Grid Users, etc. www. certiver. com Assuring e-Trust always 17
OCSP Signature Validation We offer two options: 1. Sign OCSP responses with a certificate trusted by all parties. 2. Sign OCSP responses with a certificate issued by the same CA hierarchy as the certificates whose status is being asked for. www. certiver. com Assuring e-Trust always 18
The Business case for Certi. Ve. R Annual cost assumptions included Service Description Done by Status Checking Yourself 15, 000 € 40, 000 Back up Yourself 2, 000 € 10, 000 High Availability Yourself 18, 000 € 100, 000 (Automated) Revocation Yourself 40, 000 € 50, 000 CA Certification 3 rd Party 15, 000 € 15, 000 Trust Chain TACAR 5, 000 € 20, 000 PKI Enablement/Appl. Yourself 15, 000 € 20, 000 Cost cover up to 10. 000 users www. certiver. com Total Cost Univ Cost SME € 110, 000| € 275, 000 Assuring e-Trust always 19
The Business case for Certi. Ve. R Annual cost assumptions included depending on degree of Administration Service Description Done by Cost Enhanced Status Checking (1) Certi. Ve. R € 20, 000 Back up Certi. Ve. R € 5, 000 High Availability Certi. Ve. R € 20, 000 Automated Revocation Certi. Ve. R € 30, 000 CA Certification Certi. Ve. R € 15, 000 Trust Chain (included in (1)) TACAR PKI Enablement/Appl. Certi. Ve. R Total € 10, 000 € 100, 000 Discount Univ. 50% = 50, 000€ € 0 Cost cover up to 10. 000 users (1) Status Checking + Trust chain integration Savings of € 60, 000 or 120% each site!!! www. certiver. com Assuring e-Trust always 20
The Basic services by Certi. Ve. R ¨ The most cost-effective services offered Service Description By Certi. Ve. R(50%) By Univers. Saving Enhanced status checking 10, 000 € 20, 000 € 10, 000€ User Revocations 15, 000 € 40, 000 € 25, 000€ High Availability 10, 000 € 18, 000 € 8, 000€ TOTAL 35, 000 € 78, 000 € 43, 000 € TOTAL saving 43. 000 €/year/site 123% over Certi. Ve. R cost 55% over University cost www. certiver. com Assuring e-Trust always 21
Try now our demo at: http: //www. certiver. com Assuring e-Trust always 23
Any Questions ? www. certiver. com Assuring e-Trust always 24