Public Key Infrastructure (PKI) 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23 -25 May 2012, Kish Island, I. R. IRAN
Outline Part I: Introduction Part II: Public key infrastructure Part III: PKI status in IRAN 2 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Introduction 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
E-Commerce ! ? Tru rity ust? Confidence? ! Merchant c ! e S Intranet Extranet Internet Customer Merchant and Customer perform a transaction on digital world 4 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
E-Trust …? ! Digital report Tr us t? Paper report 5 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Solution. . . ? Digital Signature Ensuring Authenticity and Report Integrity in Electronic Transactions 6 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Digital Certificate e t ato the There is still a problem linked ic if Signer. “Real Identity” of t the r e C l a it ig D Why should I trust what the Sender claims to be? Moving towards PKI … 7 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Digital Certificate CERTIFICATE Issuer Subject Public Key Issuer Digital Signature 8 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Digital Certificate re tu • How are Digital Certificates Issued? c ru • Who is issuing them? st Issuer? • Why should I Trust the Certificate ra f is valid? • How can I check if a Certificate In y. Certificate? • How can I revoke a e k Certificates? • Who is revoking ic l b u P Challenges: Moving towards PKI … 9 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Public Key Infrastructure (PKI) 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Public Key Infrastructure (PKI) PKI is an Infrastructure to support and manage Digital Certificates PKI 11 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
PKI – Technical View Basic Components: • Certificate Authority (CA) • Registration Authority (RA) “Provider” Side • Certificate Distribution System • PKI enabled applications 12 “Consumer” Side 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
PKI – Simple Model CA Cert. Request End Entity 13 Signed Certificate Certification Entity RA Certs, CRLs Directory Certificate chain and status query Application / Relying party 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
PKI Status In IRAN 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN Related Regulations E-Commerce Law Article 32 of e-commerce executive regulation Certificate Policy 15 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Certificate Usages in IRAN Sign (i. e. Document Signing) CA operations (i. e. CA, RA, OCSP, TSA, …) Organization Stamp Code Signing Server (SSL/TLS/DC) 17 Certificate Usages E-mail (S/MIME) Authentication (Login) 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN PKI Architecture I. R. IRAN Digital Certificate Policy Council I. R. IRAN Governmental Root Certification Authority Governmental General Intermediate CA Registration Authority Governmental /Private Intermediate CA Registration Authority … … Governmental/ Private Intermediate CA Registration Authority … 18 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN Root CA Certificate Policies Gold Level 3 Silver Level 2 Bronze 19 Level 4 Level 1 Assurance Level Platinum 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN PKI Standards Profile DN Profile Algorithm Acceptable Algorithms Protocol CMP CMC/CSR/ CRMF Certificate Profile Local Algorithms LDAP/OCSP /TSP CRL Profile Two Factor Authentica tion Certificate Path Validation Cryptographic Module PKEnabling Etc. Key Encryption (PKCS#5 & PKCS#8) Security Token Requireme nts CMS Security Token Validation Program (PKCS#7) Requirements PFX (PKCS#12) Acceptable Interfaces CP/CPS 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
PKI Laboratories of IRAN • HSM Laboratory: for testing and evaluation of Hardware Security Modules Smart Card USB Token HSM (internal/External) • CA Laboratory: for testing and evaluation of digital certificates issuing and managing products CA, RA, OCSP, TSA, … • PKE Laboratory: for testing and evaluation of PK-enabled applications Web based Applications Stand alone Applications • Cryptology Laboratory: for testing and evaluation of Cryptographic Algorithms cryptographic algorithms (Symmetric, Asymmetric , …) 21 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
General Intermediate CA Certificate Issuance statistics 22 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
General Intermediate CA Certificate Issuance statistics PKI Interoperability Experiences 23 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Necessity of PKI Interoperation Usability of legal digital signature in different PKI domains ensuring that the certificates meet assurance requirements and have legal effect as required activate global e-commerce exchanging PKI related information between the different domains 24 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Recommended Accreditation Scheme Model ECO Policy Authority Competent Authority Evaluator Group A 26 CA-A Evaluator Group B Advisory Commitee Evaluator Group C CA-B 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN Root CA Scheme for PKI Interoperation Cross Recognition + CTL 32 25 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Recommended PKI Mutual Recognition ECO Certificate Policy ECO Policy Authority Evaluator Advisory Commitee Competent Authority Advisory Commitee can work on behalf of Evaluator and give advice to Competent Authority 27 Applicant CA Certificate Practices Statement (CPS) Evaluate CPS and operations Against Certificate Policy Confirm CA’s Operation Is In accordance With CPS and List of Accredited CA’s (CTL) Evaluation Report CTL will publish only after approval by ECO Policy Authority 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Advisory Committee Tasks • Consulting services for Design and establishing of Interoperation Scheme in ECO PKI Domains • Provide advice and services to establishing PKI domain for ECO members • Consulting services for integrating of PKI Domains • Provide Auditing and Evaluation services to Competent Authority • Act as an evaluator if there is no auditor in a country • Give advice to Competent Authority for policy compliance Auditing, evaluation guidance, criteria and standards. According to I. R. IRAN Root CA recent efforts, it can opraete as Advisory Committee to facilitate Cross-Recognition procedure between ECO countries. 28 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
IRAN Root CA Related Measures • Established of Hierarchical PKI Domain with four levels policy • Established of PKI Laboratories for Auditing purposes • Providing of Internal PKI Standards in order to create of Interoperation • Design an optimal scheme for interoperability in PKI • Preparation of CP Guidelines in order to providing of a template and guidance for ECO Certificate Policy Edition • Preparation of CR Policy in order to propose the Architecture and mechanisms of cross-recognition IRAN Root CA has prepared Guidelines and CR Policy already to facilitate Cross-Recognition among ECO countries. 29 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Thanks for your attention 1 st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation
Скачать презентацию Public Key Infrastructure PKI 1 st Expert Group
1d3276145b8f22dee4b1b90e6ce09078.ppt