SETECS Copyright© SETECS Corporation Sead Muftic Sead Muftic SETECS Corporation SETECS Corporation SETECS SETECS OnePKI OnePKI March 14, 2002 March 14, 2002
SETECS
Copyright© SETECS Corporation
Sead MufticSead MufticSETECS CorporationSETECS Corporation
SETECS SETECS OnePKIOnePKI
March 14, 2002March 14, 2002
SETECS
Copyright© SETECS Corporation
1. 1. OnePKIOnePKI – full CA infrastructure – full CA infrastructure (CA servers, clients, and APIs)(CA servers, clients, and APIs)2. 2. OneDirectory OneDirectory – X.500/LDAP system – X.500/LDAP system (X.500/LDAP servers, LDAP client, security extensions)(X.500/LDAP servers, LDAP client, security extensions)3. 3. OneCARDOneCARD – System for file/Java smart cards – System for file/Java smart cards (SC administration, SC applications, PC applications, SC APIs)(SC administration, SC applications, PC applications, SC APIs)4. 4. OneNETOneNET – Network security system – Network security system (Secure E–mail, Secure WWW – SSL and forms)(Secure E–mail, Secure WWW – SSL and forms)5. 5. OneJAVAOneJAVA – Security system for Java applications – Security system for Java applications (Security client, server and secure Java objects/methods) (Security client, server and secure Java objects/methods) 6. 6. OnePlatform OnePlatform – Security development platform – Security development platform (C/C++, Java, smart card APIs, protocols and components)(C/C++, Java, smart card APIs, protocols and components)
SETECS Security Products :SETECS Security Products :
SETECS
Copyright© SETECS Corporation
1.1. Collection of CA ServersCollection of CA Servers – – alternative PKIs alternative PKIs2.2. Several PKI clients – native client, thinSeveral PKI clients – native client, thin––, thick, thick––client, Java clientclient, Java client3.3. Full RFC 2459 certificate and CRL profiles (all extensions)Full RFC 2459 certificate and CRL profiles (all extensions)4.4. All certificates and CRL functions (CMS – RFC 2510)All certificates and CRL functions (CMS – RFC 2510)5.5. Creation and verification of certificate paths Creation and verification of certificate paths 6.6. Multiple policies (high, medium, basic) – compliant with Multiple policies (high, medium, basic) – compliant with FBCA Medium/High and DoD Class3 / Class 4 policies 7. Private cert profiles (VISA/MasterCard) and financial PKIs 8.8. Combined with directories and smart cardsCombined with directories and smart cards9.9. Some additional features . . .Some additional features . . .
OnePKIOnePKI
– Characteristics :– Characteristics :
SETECS
Copyright© SETECS Corporation
OnePKIOnePKI – Full CA Infrastructure – Full CA InfrastructureOnePKIOnePKI – Full CA Infrastructure – Full CA Infrastructure
Top CATop CA
PolicyPolicyCACA
Local CALocal CA
HierarchyHierarchyCACA
Bridge Bridge
CACA
Web and OtherWeb and Other
ServersServers
PolicyPolicyCACA
Local CALocal CA
UserUserUserUser
Single CASingle CA
UserUser UserUser
Top CATop CA
PolicyPolicyCACA
HierarchyHierarchyCACA
Local CALocal CA
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
OtherRootCertificate.der
ForwardCertificate.der
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
OtherRootCertificate.der
ForwardCertificate.der
OtherRootCertificate.der
BackwardCertificate.der
ForwardCertificate.der
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
OtherRootCertificate.der
ForwardCertificate.der
OtherRootCertificate.der
BackwardCertificate.der
ForwardCertificate.der
CrossCertificatePair.der
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
OtherRootCertificate.der
ForwardCertificate.der
OtherRootCertificate.der
BackwardCertificate.der
ForwardCertificate.der
CrossCertificatePair.der
BackwardCertificate.der
SETECS
Copyright© SETECS Corporation
Top CATop CA Bridge CABridge CA
RootCertificate.der RootCertificate.der
OtherRootCertificate.der
ForwardCertificate.der
OtherRootCertificate.der
BackwardCertificate.der
ForwardCertificate.der
CrossCertificatePair.der
BackwardCertificate.der
CrossCertificatePair.der
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
OnePKIOnePKI – Full CA Infrastructure – Full CA InfrastructureOnePKIOnePKI – Full CA Infrastructure – Full CA Infrastructure
Top CATop CA
PolicyPolicyCACA
Local CALocal CA
HierarchyHierarchyCACA
Bridge Bridge
CACA
Web and OtherWeb and Other
ServersServers
PolicyPolicyCACA
Local CALocal CA
UserUserUserUser
Single CASingle CA
UserUser UserUser
Top CATop CA
PolicyPolicyCACA
HierarchyHierarchyCACA
Local CALocal CA
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
TopCATopCA
OneDirectory OneDirectory – X.500 / LDAP System– X.500 / LDAP SystemOneDirectory OneDirectory – X.500 / LDAP System– X.500 / LDAP System
PolCAPolCA
LocalCALocalCA
HierCAHierCA
PolCAPolCA
LocalCALocalCA
HierCAHierCA
Servers /Servers /AdministratorsAdministratorsUsersUsers
BorderBorderInternalInternal
CRLCRLCertsCerts
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
SETECS
Copyright© SETECS Corporation
1.1. Simple and easy installation Simple and easy installation 2.2. Simple and easy customizationSimple and easy customization3.3. Encrypted classes – fully resistant against viruses/wormsEncrypted classes – fully resistant against viruses/worms4.4. Verification of completeness before activation Verification of completeness before activation 5.5. Invalid incoming messages/requests rejected Invalid incoming messages/requests rejected 6.6. All FBCA “membrane” test requirements All FBCA “membrane” test requirements 7. FBCA Medium/High and DoD Class3 / Class 4 policies 8.8. Combined with directories and smart cardsCombined with directories and smart cards
OnePKIOnePKI
– Additional Features :– Additional Features :
SETECS
Copyright© SETECS Corporation
1.1. Full demo Full demo 2.2. Download, install and test (SETECS Test CP) Download, install and test (SETECS Test CP) 3.3. Adopt SETECS CP and CPS (Basic CP)Adopt SETECS CP and CPS (Basic CP)4.4. Run as a small pilot (Secure E–mail, Secure Web)Run as a small pilot (Secure E–mail, Secure Web)5.5. Cross–certify with FBCA and run full scope Cross–certify with FBCA and run full scope 6.6. Extend other applications with PKIExtend other applications with PKI7. Move to Medium/High CP (SC and Directory functions)SC and Directory functions) 8.8. Scale (users), extend (applications), expand (functionality) Scale (users), extend (applications), expand (functionality)
OnePKIOnePKI
– Suggestions / Phases :– Suggestions / Phases :
SETECS
Copyright© SETECS Corporation
Sead MufticSead MufticSETECS CorporationSETECS Corporation
SETECS SETECS OnePKIOnePKI
E-mail: sead @ dsv.su.seE-mail: sead @ dsv.su.seCell: (301) 648-8599Cell: (301) 648-8599
Phone: (202) 994-5506Phone: (202) 994-5506
http://www.setecs.com/DL/Download.htmhttp://www.setecs.com/DL/Download.htm
March 14, 2002March 14, 2002