Présentation PowerPoint

Document Sample
Présentation PowerPoint Powered By Docstoc
					 The World Internet Security Company




                            Practical Experiences of
                   PKI-enabled Applications and
Implications for Mass Deployment of e-ID’s

                                                   Conference on
                                       Cryptology and digital Content Security
                   An activity of MATHESS, a NEST coordination activity of the EC
                                          CRM, Bellaterra, 15 de mayo 2007




                            Victor Canivell, CEO, Wisekey ELA
                                      Agenda
The World Internet Security Company




• On Wisekey
• PKI today:
  - challenges
  - PKI & PKO
  - DNI-e
• Mass deployments tools:
  - Wisekey CertfyID Blackbox
• Wisekey references
• Conclusions
                                                          Wisekey’s development
 The World Internet Security Company



                                                                                                                      Technology
1999                    Developing                                                                                     Platform
                         Countries                                                                                         Unicert
                                                                                                                      Gold CA Platform
                    Deploying infrastructures with                                                                          (HP)
                               the ITU

2001                                                  e-Voting
                                                                                                                         Bronze Box
                                                     first ever binding                                                 (RA System)
                                                        Internet Vote

                                                     Biometric enabled                                                eVoting Solutions
                                                      PKI evoting for
2003               Digital TV Apps                         Blind
                     Protection                                                                                         Customised
                                                                            Intelligent                                  Identity &
                    Securing the Digital Video                                                                        Secuity Solutions
                          Broadcasting
                                                                              cities
                         Infrastructure                                                               NIS             Birth of CertifyID
                                                                                                                          Platform
2005                                                                          DestiNY USA
                                                                                                  partnership
                                                                          Biometrics, PKI, DRM,                          Trust Service
                        Device &                     Object eIDs            Physical & Logical     Microsoft, HP,
                                                                                Secuirty             WISeKey
                        Content                                                                                          Blackbox for
                                                                                                                          Enterprise
                       Protection                    Securing objects                             ID cards, drivers
                                                      (silicon, luxury                                permits,        Validation Solutions
2007                Secure Video Processor
                                                     goods, materials)                              passports...
                                                                                                                       Signing Solutions
                           Alliance

                                                                                                                       TrustEcoSystem
                                      Wisekey SA
The World Internet Security Company




• Geneva, Switzerland, 1999
• e-ID specialization
• Our vision is to enable the volume deployment of e-
  ID’s in a way that is cost effective and easy to
  integrate with existing IT backbones
• From supplier of digital certificates to supplier of
  certificate-enabled solutions and services
• On site, hosted, managed and/or ASP models
• Signs a strategic e-ID partnership with Microsoft
  (Brussels, June 2006)
• M.DeSmedt ex SrVP MSFT EMEA becomes an
  investor and Board Member in 2007
                                       Wisekey ELA
 The World Internet Security Company




• Joint venture of Wisekey SA and Veliba-Sectec
  for the development of the business model in
  Spain and LatinAmerica
• Initiates operations as of 2007 in Madrid,
  Barcelona, Bilbao
• Secure facility under construction in Bilbao
  2008
• Initiates operations in LatinAmerica for local
  joint ventures
                                      Agenda
The World Internet Security Company




• On Wisekey
• PKI today:
  - challenges
  - PKI & PKO
  - DNI-e
• Mass deployments tools:
  - Wisekey CertfyID Blackbox
• Wisekey references
• Conclusions
                                                       Internet:
                                        (great) success with (some) challenges
  The World Internet Security Company




• Internet has scaled over four decades
      - showing exponential growth
      - and becoming “mission critical”
• Internet continues to augment its bandwidth
      - Internet2
      - IPv6
• But Internet suffers from architecture constraints
  related to some of its founding assumptions:
      - principle of trust
      - computers always in fixed locations
        and always connected
                                              An old problem
The World Internet Security Company


                            On the Internet,
                        nobody knows you’re a dog!




                                      The New Yorker,1993
                                         Exponential growth in e-ID’s
The World Internet Security Company


                     No. of e-ID’s

                                                                        Business Partners
                                                                       Automation (B2B)
                                                             Company
                                                              (B2E)


                                                                                        Customers
                                                                                          (B2C)

                                                                            Mobility


                                                      Internet                … plus all devices
                                                                                  to be tracked!!
                                      Client Server
                                                                                           Time
                    Mainframe
                    Pre 1980’s              1980’s       1990’s          2000’s
                                                 Supply chain openness
                                                     = more e-ID’s
The World Internet Security Company



                                      Customer satisfaction & customer intimacy
                                               Cost competitiveness
                                              Reach, personalization




    Customers                                                                                 Suppliers
                                                                                  Collaboration
                                                                                  Outsourcing
                                                                                  Faster business cycles;
                                                                                  process automation
                                                                                  Value chain
                                               Employees

                                             M&A
                                             Mobile/global workforce
                                             Flexible/temp workforce


 Remote employees                                                                          Partners
                                      Demand vectors
The World Internet Security Company




                                           27.000 phishing sites (RSA Jan. 07)
                                           Malware in 40% of systems (Panda)
                                      The best antidote
The World Internet Security Company
                                      Note to “The best antidote”
The World Internet Security Company




                                        Yes, PKI…
       but we must not forget* that security
                                      (1) is a chain;
       it’s only as secure as its weakest link
                    (2) is a process, not a product

                                         * Bruce Schneier
                                         Applicability
          Usage
The World Internet Security Company




                                                             Email encryption
                                            Access Control    And signature



                              User
                           management                                     Mobile Data Encryption




     Digital Signature

                                                             Data Encryption




                     Digital Identity    Intranet/Extranet
                                        Access Management
                                      The PKI components
The World Internet Security Company




   • Technology platform
   • Policies and procedures
   • Trust model
                                      The perception of PKI success
The World Internet Security Company



• No and/or limited volume PKI deployments
    …but

• In fact they now exist (DNI-e et al.)
• The above refers to authenticating individuals – in the
  meantime there is an explosion of authentication
  requirements for servers, devices, digital content, etc
• And, in fact, PKI-enabled solutions for addressing
  individuals are now becoming economically attractive
• The first issue to recognize is that we are dealing with an
  infrastructure element, and its attractiveness is a
  function of the ROI for the first solution it supports (e-
  invoicing, email encryption, SSO, etc)
                                      The classical barriers to PKI
The World Internet Security Company




   • Complexity
   • Cost
   • Lack of applications
     Lack of integration
                                        PKI technology acceptance
  The World Internet Security Company




• PKI’s ROI
     - Tangible & intangible
     - Current and future (perceptions)
     - Comparative to alternatives
       (incl. do-nothing)
     - Direct economic returns
     - Legislative drivers related to traceability
• McKinsey-Gartner’s new technology acceptance
  curve:
     - PKI is emerging embedded in many apps
                                      PKI & PKO
The World Internet Security Company




  • Open PKI (Public Key Infrastructure)
    Integrated use of certificates to authenticate
    individuals across disparate public- and private-
    sector applications

  • Closed PKI (Public Key Infrastructure)
    Use of broader PKI services but limited to use by
    one enterprise or a closed community of business
    partners, users or devices

  • PKO (Public Key Operations)
    Integrated use of certificates within one application
    or service for limited key management uses
                                         Uses of PKI technologies today
   The World Internet Security Company




                            DRIVERS         SCOPE        SIZE         NO.         EXAMPLES
                                                                     IN EU

OPEN PKI                    e-GOVERMENT     RECOGNIZED    Millions     Tens         DNI-e
                            G2C



CLOSED PKI                  B2B, B2C        ADVANCED     Thousands Thousands        SSO




PKO                         INTERNAL        STANDARD      Tens        Millions   em encryption
OPERATIONS
                                        A case in point: DNI-e
  The World Internet Security Company



• Political agenda
     - EC Lisbon 2010
     - e-government goals
     - EC Digital Signature Directive
     - Application to Spanish law
     - DNI-e project (across different party majorities)
• Volume deployment of certificates
     - 500k since March 2006
     - Authentication and signature certs
     - New law in Parliament for
       “Electronic Administration 2007”
       forces all public transactions via internet 2010
                                        DNI-e impact
  The World Internet Security Company




• Infrastructures (keyboards et al.), public
  transactions and both individual and private
  sector awareness
• DNI-e as the registration facilitator for the
  obtention of other credentials
• Immediate complementary needs to surface:
  - other CA’s
  - signature platforms
  - identity management across systems
                                        What is now required
  The World Internet Security Company




• Solutions to emit and manage certificate lifecycles
      - in an economic manner
      - and easily integrateable (SOA)
• Value added services
      - time stamping
      - OCSP
      - secure vault
      - etc
• International interoperability schemes
                                      Agenda
The World Internet Security Company




• On Wisekey
• PKI today:
  - challenges
  - PKI & PKO
  - DNI-e
• Mass deployments tools:
  - Wisekey CertfyID Blackbox
• Wisekey references
• Conclusions
The World Internet Security Company
                                        Vision: Mass Deployment
 The World Internet Security Company




                                                   WISeKey :
Microsoft Platform provides:                        - Trust model – international, neutral, commercially
- Commercially widespread platform                 acceptable, policy and governance structure
- Globally available support andDelivery through:
                                  training          - Full technology stack with tested and certified
- Certifications and accreditationsLocalEAL4)      components
                                 - (CC partners
- Widespread knowledgeable &-technical resources - Secure infrastructure hosting, and operations
                                   Affiliates
- Strong security program & update/patch cycle      - Affiliate and partner network support
- Certificate support in base engineering specs
- Common interface and usage across product families
                                                               CertifyID Platform
The World Internet Security Company
                                                                 Trust Service          Universal RA (URA)

                                                           MS CA Web Svc API                  OCSP
       Exchange




                                                                                                               3rd Party
                                                                   Guardian                 Timestamp




                                     ISA, AD




                                                     CS2002




                                                                                                                Product
                                                     BizTalk




                                                                                         Mobile
                                      MMS,




                                                                                         Server
                                                                               Office
                                                                               2003
         SPS




                                                                                          Info
                                                           CRL | Directory Svcs               ARM



                                           Exchange, SPS, BizTalk, MMS, ISA…
                                                         SQL Server
                                                      Windows Server




                                                                                                                   Visual Studio .NET
                                    .Net Framework
       SMS 2003, MOM




                                                           Active Dicrectory               WMI
    Microsoft Platform provides:
                               MSMQ                        RAS                           Kerberos
    - CC EAL4 certification
    - Industrial class – millions Services
                     Windows Media
                                    of certificates Transaction Service                 SmartCard
    - Strong security program & update/patch cycle
                      Distributed usage across product families
    - Common interface andFile Service                      IIS                            PKI
    - Long term platform base
                                        RMS                     APS .NET                   VPN


                                                     Windows Kernel

                       Common                                  Consistent                             Single
                       Mgmt Infra                              Interfaces                            Sign-On
                                                           OISTE Trust Service
The World Internet Security Company
                                                                Trust Service      Universal RA (URA)

                                                            MS CA Web Svc API            OCSP

                                                                 Guardian              Timestamp

                                                            CRL | Directory Svcs         ARM



      Trust Service :                    Exchange, SPS, BizTalk, MMS, ISA…
                                                           SQL Server
      WISeKey verifies and certifies your organisation’s identity so that your users
      and devices electronic identities can be trusted and recognised globally.
                                                         Windows Server




                                                                                                          Visual Studio .NET
      - Self or 3rd party.Net Framework
                          audit depending on Trust Class
       SMS 2003, MOM




                                                Active Dicrectory                     WMI
      - Global multilateral and commercial acceptability of eIDs
                              MSMQ
      - Microsoft Root Certificate Progam             RAS                           Kerberos

                               X 10.5
      - Apple Leopard OS Media Services
                     Windows                   Transaction Service                 SmartCard
      - Mozilla, Nokia, etc. pending
                             Distributed File Service             IIS                 PKI

                                      RMS                     APS .NET                VPN


                                                        Windows Kernel

                       Common                                Consistent                          Single
                       Mgmt Infra                            Interfaces                         Sign-On
                                                           CA Web Service – SOA
The World Internet Security Company
                                                                     Trust Service         Universal RA (URA)

                                                                 MS CA Web Svc API               OCSP

                                                                       Guardian                Timestamp

                                                                 CRL | Directory Svcs            ARM



                          Exchange, SPS, :
      CerifyID MS CA Web Services API (C#,C++) BizTalk,                              MMS, ISA…

      - SOAP/XML Layer
                                                               SQL Server
      - Enterprise SOA integration
                                          Windows
      - Default interface for URA, ARM etc.                                  Server




                                                                                                                  Visual Studio .NET
                                    .Net Framework
       SMS 2003, MOM




                                                                Active Dicrectory             WMI

                                       MSMQ                           RAS                   Kerberos

                             Windows Media Services Other Apps Transaction Service         SmartCard

                             Distributed File Service                  IIS                    PKI

                          ESB - SOA
                                RMS                                 APS .NET                  VPN


                                                        Windows Kernel
                                          CA

                       Common                                     Consistent                             Single
                       Mgmt Infra                                 Interfaces                            Sign-On
                                                               Guardian
                                                        CA Disaster Recovery /BC
The World Internet Security Company
                                                               Trust Service        Universal RA (URA)

                                                            MS CA Web Svc API             OCSP

                                                                 Guardian               Timestamp

                                                           CRL | Directory Svcs           ARM



      Guardian (C++) :                     Exchange, SPS, BizTalk, MMS, ISA…
                                                           SQL Server
      Guardian XM provides professional grade database redundancy and data
      persistency services for Certification Authorities on the Microsoft Windows
      Server platform.                      Windows Server




                                                                                                           Visual Studio .NET
                                    .Net Framework
       SMS 2003, MOM




                                                           Active Dicrectory           WMI
      - Certificate Service Exit Module
                            MSMQ                       RAS
      - Saves all certificates, status, history to MS SQL DB                         Kerberos

                                                   MS SQL DB
      - Disaster recovery from MS SQL DB to Transaction Service
                     Windows Media Services                                         SmartCard

                             Distributed File Service             IIS                  PKI

                                        RMS                   APS .NET                 VPN
                       Recovery
                        console
                                                        Windows Kernel

                       Common                 CA             Consistent MS SQL DB                 Single
                       Mgmt Infra                            Interfaces                          Sign-On
                                                                           CRL Manager
The World Internet Security Company
                                                                       Trust Service               Universal RA (URA)

                                                                   MS CA Web Svc API                      OCSP

                                                                        Guardian                        Timestamp

                                                                  CRL | Directory Svcs                    ARM



      CRL Manager (C#) :                  Exchange, SPS, BizTalk, MMS, ISA…

      Reliably publish and monitor certficate revocation lists.
                                                                 SQL Server
                                            Windows Server
      - Monitor and replicate revocation information




                                                                                                                           Visual Studio .NET
      - Detect fault conditions and alert operators Dicrectory
                        .Net Framework
       SMS 2003, MOM




                                                 Active                                                 WMI

                                      MSMQ                              RAS                         Kerberos

                             Windows Media Services              Transaction Service               SmartCard
                                                                                       CRL Manager
                              Distributed File Service                   IIS           (Ext. Monitor)   PKI

                                       RMS                           APS .NET                           VPN


                                                            Windows Kernel
                         CA                                    Public Web
                       Common                                CRL Manager
                                                                    Consistent                                    Single
                       Mgmt Infra                                   Interfaces
                                                         (Replicate/Int. Monitor)                                Sign-On
                                                          OCSP Server
The World Internet Security Company
                                                     Trust Service           Universal RA (URA)

                                                 MS CA Web Svc API                 OCSP

                                                      Guardian                   Timestamp

                                                 CRL | Directory Svcs               ARM



      OCSP Server (C/C++):

      Provides real time validation of certificates. Can interface directly with the Certificate Services
      DB, or via Guardian SQL DB for more efficient performance. Supports pre-built responses and
      distributed OCSP for large scale scenarios.

       - IETF RFC 2560 compliant
       - use CRLs, or provides real time responses
       - Pre-built responses for distributed OCSP, using
         SQL 2005 DB replication
       - Integrated with IIS – ISAPI extension                            Clients




                                      CA          OCSP                               OCSP DB
                                                     Directory Service / Publishing
The World Internet Security Company
                                                                 Trust Service              Universal RA (URA)

                                                             MS CA Web Svc API                    OCSP

                                                                   Guardian                     Timestamp

                                                             CRL | Directory Svcs                 ARM



                           Exchange, SPS, BizTalk, MMS,
      Directory Server (ADAM) / Certificate Publisher (C++/C# ) :                        ISA…
                                                          SQL Server
      Provides a highly available and reliable directory service (LDAP), with flexible certificate
      publishing whose schema can conform to be compliant the ISIS-MTT PKI management
      specification, and other government Windows Server
                                           specifications.




                                                                                                                   Visual Studio .NET
                                    .Net Framework
       SMS 2003, MOM




                                                             Active Dicrectory                 WMI
       - Publish to WISeKey Global Directory Service (GDS) for universal accessibility
                              MSMQ                          RAS                 Kerberos
       - Reliably publish certificates to local and/or external Directory instances
                                       and directory scaling Service
       - Multi-master replicationServices
                     Windows Media                   Transaction               SmartCard
       - Optionally remove revoked and/or expired certificates                           Directory Srv
       - Schema conformance to ISI-MTT, Federal Govt,
                     Distributed File Service                IIS                  PKI       (ADAM)
         and others on demand
                                        RMS                     APS .NET                       VPN


                                                       Windows Kernel
                                                        CA                            CID Services
                       Common                                  Consistent           Publisher Module      Single
                       Mgmt Infra                              Interfaces                                Sign-On
                                                                        URA
The World Internet Security Company
                                                     Trust Service           Universal RA (URA)

                                                 MS CA Web Svc API                 OCSP

                                                      Guardian                    Timestamp

                                                 CRL | Directory Svcs               ARM



      Universal Registration Authority (C++/C# ) :

      Provides a registration authority interface and certificate lifecycle manager that interfaces with
      multiple load balanced CAs in the backend, designed for scalability to millions of users and
      certificates. ASP .Net application that is network load balanced across several servers using
      MS SQL 2005 as data store. Configuration data, user account, authentication, templates,
      certificates, requests etc. are stored in SQL 2005 database.
      Authentication can be done against LDAP.

      Used in CertifyID Trust Center Managed PKI services,              Clients
      and with Stand-alone CAs at customer sites.




                               CA             URA Web                             URA DB
                                      CertifyID Black Box
                                      Enterprise Offering
The World Internet Security Company




The CertifyID Blackbox™ offers a complete and
affordable out-of-the-box solution for establishing a
Trusted Identity Infrastructure dedicated to your
organization.




35
                                      Partners
The World Internet Security Company



 •     Athena SCS
 •     Aladdin
 •     Gemalto
 •     HP
 •     IBM
 •     idQuantique
 •     MCI
 •     Microsoft
 •     NCP
 •     NDS
 •     Novell
 •     OASIS
 •     Omnikey
 •     Precise Biometrics
 •     SafeNet
 •     Secure Video
       Processor Alliance
                                      Agenda
The World Internet Security Company




• On Wisekey
• PKI today:
  - challenges
  - PKI & PKO
  - DNI-e
• Mass deployments tools:
  - Wisekey CertfyID Blackbox
• Wisekey references
• Conclusions
                                                           References
 The World Internet Security Company



                                               Executive                        Business                            Value
                                               Summary                          Challenge                    Delivered & Benefit
                                                                                                                for the client
                                       • To move to a secure,          • Customization of CPS and          • Delivered a neutral Swiss
                                       interoperable web based         policy sets, lightly to meet        Trust Root PKI system, specific
                                       system that enforces            client needs.                       custom development,
                                       mandatory strong                                                    application and PKI hosting, for
                                                                       • Reviewing the entire
                                       authentication access control                                       the certificate issuance and
                                                                       certificate lifecycle, system
                                       and encryption of information                                       management of certificates that
                                                                       design, auditability, security in
                                       and data.                                                           protect the client’s information
                                                                       conjunction with KPMG as a
                                                                                                           systems end-to-end, which
                                                                       trusted neutral party.
                                                                                                           include sensitive financial and
        Finance                                                        •Hosting of a custom portal         consumer data.
                                                                       solution based on the WISeKey
                                                                                                           • Support of a Swiss based
Organisation of cooperating                                            Universal Registration
                                                                                                           company compliant with strict
   Financial Institutions.                                             Authority.
                                                                                                           the Swiss Banking regulation
            Switzerland                                                                                    on outsourcing.

                                                                                                           •The client was able to
                                                                                                           incorporate a highly secure
                                                                                                           logical access control system
                                                                                                           protecting sensitive business
                                                                                                           information on time and on
                                                                                                           budget.
                                                                  References
  The World Internet Security Company



                                                 Executive                       Business                            Value
                                                 Summary                         Challenge                    Delivered & Benefit
                                                                                                                 for the client
                                        • The financial sector of this   • Implementation of a dedicated    • Dedicated CA managed by
                                        retail company needed to use     CA for our client, for the usage   WISeKey staff and client
                                        digital certificates for their   of certificates within their       certificates issued by WISeKey
                                        internal financial system and    financial system, defined the      staff
                                        for email exchange.              type of certificates to be
                                                                                                            •Customization of CPS and
                                                                         issued.
                                                                                                            policy sets, lightly to meet
                                                                                                            client needs.


            Retail                                                                                          • Reviewing the entire
                                                                                                            certificate lifecycle, system
                                                                                                            design.
Privately-held, international,
                                                                                                            •Hosting of the CA
  low-cost home products
           retailer                                                                                         Benefit

 Switzerland, Sweden and Belgium                                                                            •Greater data confidentiality

                                                                                                            •No technical knowledge for the
                                                                                                            client

                                                                                                            •No cost for technical
                                                                                                            maintenance

                                                                                                            •Low cost
                                                          References
  The World Internet Security Company



                                                Executive                         Business                         Value
                                                Summary                           Challenge                 Delivered & Benefit
                                                                                                               for the client
                                        • The Client PKI is designed to   • Implementation of the core     • Project Management.
                                        ensure secure                     infrastructure used to protect
                                                                                                           • Implementation of Client PKI,
                                        communications and system         the Client’s systems and data.
                                                                                                           legal, technical, security and
                                        access to protect confidential
                                                                          • This core infrastructure is    operational infrastructure.
                                        information between
                                                                          based on WISeKey’s CertifyID
                                        departments within the                                             • Legal consulting including
  International                         organizations and most
                                                                          Solution and Trust
                                                                          Infrastructure.
                                                                                                           organization structure,
                                        importantly from external                                          production certificate practice
  Organization                          parties.                          • Customization of operational
                                                                          procedures; technical design,
                                                                                                           statement, certificate policies,
                                                                                                           and end user agreements.
                                        • The Client chose WISeKey’s
                                                                          implementation; legal
                                        CertifyID Solution as the basis                                    • The customer can safely rely
                                                                          documents and agreements;
  IO dedicated to pursuing              of their PKI, because of its
                                                                          and service operation.
                                                                                                           on WISeKey expertise and
                                        Trust Framework, its tight
   justice and prosecuting                                                                                 experience to provide the
                                        integration with the Microsoft                                     delivery of a world class
international crimes that fall          Windows Platform and the                                           certification service that
     within their mandate,              essential enhancing elements                                       ensures the security, and
    namely genocide, war                that it adds to Windows                                            availability of its core PKI
                                        Certificate Services.                                              infrastructure that is essential
 crimes, and crimes against
                                                                                                           to the safety and security of its
           humanity.                                                                                       internal community and
                                                                                                           collaborators.
                                                                References
The World Internet Security Company

                                               Executive                            Business                              Value
                                               Summary                              Challenge                    Delivered & Benefit for
                                                                                                                        the client
                                      • The DVB Multimedia Home           • Multimedia Home Platform is          • WISeKey implemented the core
                                      Platform (MHP) is the software      the open standard platform for         infrastructure that is used to
                                      interface between interactive       interactive TV and multimedia          protect the MHP security
                                      digital TV applications and the     services. MHP is based on              mechanism and thus implement
                                      terminals on which those            Internet and web standards, so it      the security for the consumer,
                                      applications execute. Such          offers compatibility and               the service provider and the
                                      terminals are typically set-top-    convergence between TV and the         broadcaster. This core
          DVB                         boxes or integrated digital TVs,    Internet.                              infrastructure is the DVB MHP
                                      both of which are also known as                                            Public Key Infrastructure,
                                                                          • DVB thus needed to implement
                                      MHP receivers, platforms, hosts                                            including the operational
                                                                          a MHP security mechanism that
   The Digital Video                  or clients.                                                                procedures; technical design,
                                                                          defines the security requirements
                                                                                                                 implementation; legal documents
 Broadcasting - DVB                   • The DVB Project Office chose      for the consumer, the service
                                                                                                                 and agreements; and service
                                      WISeKey to design, implement,       provider and the broadcaster,
 Industry consortium                  host and manage the Public Key      using a security mechanism that
                                                                                                                 operation.

dedicated to authoring                Infrastructure that is used to      provides confidentiality, integrity,   • Project Management.
  international DTV                   secure MHP applications.            availability, privacy and non-
                                                                                                                 •Implementation of DVB MHP
                                      WISeKey is the designated           reputability.
      standards.                                                                                                 PKI, legal, technical, security and
                                      Certificate Services Provider and
                                                                                                                 operational infrastructure.
                                      Operator for the DVB MHP PKI.
          Switzerland                                                                                            • Provide DVB MHP Operator
                                                                                                                 functions and services.

                                                                                                                 • Legal consulting including
                                                                                                                 organization structure,
                                                                                                                 production certificate practice
                                                                                                                 statement, certificate policies,
                                                                                                                 and end user agreements.

                                                                                                                 • Outsourced service operation.
                                                         References
  The World Internet Security Company

                                                Executive                         Business                           Value
                                                Summary                           Challenge                   Delivered & Benefit
                                                                                                                 for the client
                                        • SVP is an open technology       • The SVP Alliance Licensing       • Solution delivers an
                                        specification for protecting      Authority chose WISeKey            extremely low total cost of
                                        digital video content. Applying   securely host Trusted SVP          ownership for the client, and
                                        the SVP specification to any      Roots that are at the heart of     also provides extremely
                                        standard video processor turns    the SVP Security Infrastructure,   increased security via the
                                        it into an SVP-compliant video    based on a WISeKey designed        Hardware Security Module, and
                                        processor that can protect        secure SVP Root software and       use of key shares for role
                                        digital content end-to-end.       hardware security platform.        segregation.

                SVP                     • To move to a secure,
                                        interoperable web based
                                                                                                             •The advantages of using
                                                                                                             WISeKey professional services:
 The Secure Video Processor             system that enforces                                                 Leverage on expertise of PKI
                                        mandatory strong                                                     leaders
  Alliance is a group of media          authentication access control                                        Lower total cost of ownership
     and technology leaders             and encryption of information                                        Less effort for planning and
promoting the broad adoption of         and data.                                                            design

     SVP content protection                                                                                  Much more cost effective for
                                                                                                             a small enterprise; the
                                                                                                             business with the external
   technology in digital home                                                                                partner can be extended as
                                                                                                             need for crypto-enabled
networks and portable devices.                                                                               applications grows
                                                                                                             Requires less in-house
                  USA                                                                                        expertise
                                                                                                             Leverage liability rules,
                                                                                                             policies and procedures of
                                                                                                             WISeKey
                                                                                                             Can be operational in a short
                                                                                                             period of time using the
                                                                                                             WISeKey Key Step deployment
                                                                                                             approach
                                                            References
The World Internet Security Company



                                                                                                       Value
                                            Executive                    Business                    Delivered &
                                            Summary                      Challenge                  Benefit for the
                                                                                                        client
                                      • The Client wanted to       • Because of the sensitive    • As part of the project
                                      implement an extranet        nature of the information     WISeKey delivered a
                                      portal communication         stored on the portal, the     turnkey system for the
                                      system, featuring            client needed to implement    certificate issuance and
                                      knowledge bases,             a highly secure access        management, integrating
                                      electronic mail and          solution, and after           custom CA development

           Industry                   correspondence tools to
                                      provide better service and
                                                                   extensive analysis decided
                                                                   to use Digital Certificates
                                                                                                 with the Client’s backend
                                                                                                 systems.
                                      support to their partners,   and secure devices
     Leading Swiss Watch                                                                         • Exists a Development,
                                      including their very         provided by a highly
                                                                                                 Quality and Production
           Maker.                     important dealer             trusted provider.
                                                                                                 environment. WISeKey
                                      community.
               Switzerland                                         • The Client chose WISeKey    maintains a Quality MPKI
                                                                   to provide and host a         CA for testing and the
                                                                   managed dedicated Public      Production MPKI CA.
                                                                   Key Infrastructure to
                                                                                                 • Access is controlled via
                                                                   provide digital identity
                                                                                                 two-factor authentication
                                                                   services for their extranet
                                                                                                 control; (certificate based
                                                                   portal, with strict
                                                                                                 SSL client authentication
                                                                   confidentiality and quality
                                                                                                 and a password).
                                                                   of service requirements.
                                                         References
The World Internet Security Company




                                               Executive                           Business                           Value
                                               Summary                             Challenge                   Delivered & Benefit
                                                                                                                  for the client
                                      • The canton of Geneva was           • WISeKey has taken part in the   • The system was developed
                                      chosen by the Confederation          concept drafting. WISeKey has     and subjected to thorough
                                      for a pilot experiment of vote by    taken care of the of the system   testing and ‘controlled hacking’
                                      Internet, from the point of view     security, the server side         by the University of Geneva
                                      of its introduction at the           development, the physical         and CERN. It underwent
                                      national level, by way of            architecture, the installation    significant load testing, and
                                      additional possibility to vote, to   and of the solution               was utilized by over 20,000
 State of Geneva                      current methods, votes by            presentation and promotion.       voters over the course of
                                      correspondence and polling                                             several alpha an beta tests.
 “e-VOTING” INITIATIVE                station. During its official                                           Since its outset the e-Voting
                                      introduction, voting by Internet                                       system has been subjected to
                                      will have to guarantee a similar                                       various tests and security
            Switzerland
                                      safety even higher than these                                          reviews, to collect the
                                      two modes of poll.                                                     observations of the users
                                                                                                             under the angle of user-
                                                                                                             friendliness, the facility and the
                                                                                                             safety of the system.

                                                                                                             •Various trials were run
                                                                                                             throughout the pilot project,
                                                                                                             including a test involving over
                                                                                                             20,000 students across the
                                                                                                             SWISS educational system,
                                                                                                             generating enthusiasm and
                                                                                                             constructive feedback from the
                                                                                                             voters of tomorrow.
                                                      References
  The World Internet Security Company




                                                Executive                         Business                            Value
                                                Summary                           Challenge                    Delivered & Benefit
                                                                                                                  for the client
                                        • Gemini Observatory needed to    • Assisting the Gemini technical   • Fast PKI implementation
                                        increase their network, systems   administrator to implement the
                                                                                                             • Greater data confidentiality
                                        and communication security.       BB and configuring the PKI
                                                                          infrastructure.                    • Ease of use




 Gemini Observatory
   Gemini is an international
  partnership managed by the
 Association of Universities for
Research in Astronomy under a
cooperative agreement with the
 National Science Foundation.

             USA - Hawaii
                                      Agenda
The World Internet Security Company




• On Wisekey
• PKI today:
  - challenges
  - PKI & PKO
  - DNI-e
• Mass deployments tools:
  - Wisekey CertfyID Blackbox
• Wisekey references
• Conclusions
                                      Conclusions
The World Internet Security Company




• Both PKO and classical PKI solutions will
  become prevalent in our communications and
  computing infrastructures
• Tools such as Wisekey CertifyID Blackbox will
  contribute to this deployment by offering
  economical and easy-to-integrate PKI based
  solutions
• What’s next?
  Watch out for quantum computing schemes!

• And very interested in learning from advances at
  forums such as this Conference!!
The World Internet Security Company




                                                    WISeKey S.A.
    WISeKey S.A - World Trade Center II - 29, route de Pré-Bois CP 885 1215 Geneva, Switzerland
                                                 Tel: +41 22 594 30 00


                                                  WISeKey ELA S.L.
                          Avda. Txorierri,9, 48160 Derio & Pº Castellana 135, 28046 Madrid
                                        Tel: +34 944 545 071 & +34 917 906 868
                                      e-mail: info@wisekey.com - www.wisekey.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:2/10/2012
language:English
pages:48