VeriSign Security Solutions Authentication and Encryption by yco10525


									       VeriSign Security Solutions
    Authentication and Encryption

                             May 2004

    MPKI Security Solutions

    Levels of Authentication



    VeriSign Overview
        Provide the critical infrastructure services that
        make the Internet and telecommunications
        networks more reliable, intelligent and secure

          Naming &
          Directory             Security                Payment                 Telecom


       Presence in 45+ countries                     15 data centers and NOCs
       5,000 enterprises and carriers                Largest ind. SS7 network - 2B
       400,000 e-commerce sites
                                                      Exclusive registry for .com, .net – 10B
       100,000 merchants                              resolutions
       2,500 employees                               28% of N. America e-commerce

         MPKI Security Solutions
       Government Security Solutions
             MPKI for Email/eForms
             MPKI for SSL (servers)
             Secure VPN for
             Secure Web Applications
         – Security Consulting Services                          E-mail     SSL
       Value to Customers:
         – Comply with Security Regulation
           requirements (ex: HIPAA)
         – Highest level of authentication,                   VeriSign
           plus cryptography                      VPN
         – Full control over issuance and                                         Authentication
           management of certificates
         – 40-60% lower cost than in-house
         – Easy to manage large deployments
         – Easy integration with enterprise
           and partner applications (e.g, smart
       Levels of Authentication
    Various levels of customer authentication – Certificate Class
    Rudimentary         Class 1:
                          – Based on email address with no cross-reference to any
                            external databases
                          – Retail only – not business or government
                        Class 2 :
                          – Authenticates identify based on third party database
                          – For commercial business and government
                          – Certificates are issued only to persons identified by
                            Registration Authority (RA) – ex: known employee of
                          – Optional: Name, Email, Department, Phone number
    High Assurance        – Password or better authentication required
                        Class 3:
                          – Personal presence or rigorous manual authentication
                          – For Defense and high-security customers
         MPKI – Digital Certificates
         Public or Private Hierarchies
        VeriSign’s Public Model is compliant with Federal Bridge – allows States
        to do business with Federal Gov’t securely online.

        Public Model                                                VeriSign
                                                                   Public Class 2
          – Open community
          – Secure Email                                             Company
                                                                    Public Root
          – VeriSign root keys embedded in
            applications                             Company         Company         Company
                                                    Public CA A     Public CA B     Public CA C
          – Must meet minimal VeriSign CPS/CP
        Private Model                                               Company
          – Self-Signed CA                                          Private Root

          – Closed community                         Company         Company         Company
                                                    Private CA A    Private CA B    Private CA C
          – Network Access/VPN
          – Not dependant on VeriSign CPS/CP

         State of California PKI Structure

       Public Structure – use                                          VeriSign
        VeriSign’s FBCA                                               Public Class 2
        compliant Certificate                                           Root CA
        Policy & Practice
        Statement (CP/CPS)                                          State of California
       Leverages Enterprise                                         Intermediate CA
        pricing for all customers
        of state
       MSA is with State of CA       State Agency   County of LA   County of Ventura     Business Partners
                                       Public RA      Public RA        Public RA              Public RA
       Each customer
        (counties, cities and state
        agencies) sign a sales
        order with State Data               Dept of Health                   Company 1         Company 2
        Center and provide PO#               Public LRA                      Public LRA        Public LRA
        to buy certificates
       Business Partners
        (Accenture, IBM, Kaiser,
        etc.) of state or counties
        can also buy certificates
        at same Enterprise price
        through State Data

    MPKI – Digital Certificates
    Secure Email

                            Signs and Encrypts
                            Validates Signature and Encryption
    Encrypt   Sign          Encrypts email message and
                            Key Management and Storage
                            NO SCARY WARNINGS!

    Secure Forms – using Digital Certificate


            Today’s Demonstration Architecture -
            Smartcard & Email

                                                         Nevada CA
                           Registration Pages
                         Key Management Service
                           Auto Administrator

End User registers for
   Smartcard and                        OCSP/CRL Check

                           Application Server
                         w/client auth and email
     MPKI for SSL
     Nevada is currently a VeriSign SSL customer
        MPKI for SSL – provides customers with the ability to manage the
         lifecycle of SSL digital certificates. This includes issue, revoke,
         renew and audit certificates.
        Proof of Identity — IDs enable web site authentication
         ( or
        Strong Security — allow communications to be encrypted
        Compatibility — Recognized by all major browsers, and
         supported by all SSL-capable server software
        Customers control the speed of issuing new SSL certificates,
         renewing and billing.
        Significant discount versus buying retail certificates.

     MPKI – Digital Certificates
     Secure VPN

        Provides customers with the ability managed digital
         certificates to enable strong VPN authentication.
        Supports Checkpoint, Nortel and Cisco VPN.
         (*supports all VPNs)
        Requires the customer has PKI enabled version of their
         VPN client.
        VeriSign offers VPN Architecture and Design
        Recommend: Online Certificate Status Protocol

   Today’s Demonstration Architecture –
   VPN, Authentication

        Nevada CA

                OCSP/CRL Check

                                 Checkpoint Firewall         Nevada
                                 Cisco Concentrator    Internal Resources

  VPN User
     MPKI – Digital Certificates
     Secure Web Transactions
        Secure Web Transactions – provides customers with the ability
         managed digital certificates to enable strong authentication or
         digital signing of HTML, plain text and XML.
        The following tools are offered for Secure Web Transactions:
          –   Personal Trust Agent (client and server components)
          –   Digital Signature Platform
          –   Certificate Parsing Module
          –   Certificate Validation Module
          –   File Encryption Tool
          –   PKI Toolkits
        Customers who deploy Secure Web solutions are not required to
         implement all above components.
        Recommend: Online Certificate Status Protocol (OCSP)
        Optional: Roaming

     MPKI - Digital Certificates
     Web Services/Access

                              Common user interface for both
                               Netscape Navigator and
                               Microsoft IE
                              Brand-able & uses membership
                               card metaphor; can be localized
                              PTA operations are scriptable
                               from web pages
                              Easy Select: Automatically search
                               through certs for
                               application/company identifiers
                              Configure a certificate for an
                               application (select only once)
                              Supports mandatory password
                               criteria and can integrate with
                               other forms of authenticaiton

     Web Access – using Digital Certificate


     Network Security – MSS
     Service Offerings and Key Features
        Managed Security Services
          – Managed/monitored Firewall, Intrusion Detection Systems, Vulnerability
        Network Security Consulting services
        24x7 Security Operations Centers staffed with security experts
        Early warning system leveraging VeriSign’s Internet security intelligence
        Vendor-neutral support for all best-of-breed security platforms
     Value to Customers
          Minimize security intrusions/breaches through proactive, 24x7 management
          Cost reduction of up to 60% by leveraging VeriSign’s infrastructure
          Reallocate resources to higher value-added activities and business priorities
          Achieve compliance with government regulations and audit requirements

     Security Consulting Services

        All VeriSign Core MPKI and complimenting solutions
         include Security Consulting Service during install.
         –   PKI Design and Analysis
         –   CPS and CP Development Services
         –   PKI Enablement Services
         –   Archival Services
         –   Disaster Recovery
         –   Network Optimization
         –   Security Assessments
         –   Vulnerability Testing
         –   Audit Services

     Sample Public Sector Customers

        Veterans Affairs                State of PA – J-Net
        Center for Disease Control      State of PA – Education
        US Dept. of Labor               State of New Jersey
        Securities Exchange Comm.       Kern County, CA
        US Dept. of Interior            Federal Home Loan Banks of
                                           – Pittsburg, Dallas, Chicago
        US Office of the Courts
                                         Exostar (DoD Exchange)
        Department of Energy
        Multi-State Tax Comm.           State of Kansas
                                         County of Los Angeles, CA
        Department of Defense -
         SERVE                           County of San Mateo, CA
                                         State of California

        Government: Scaling to Millions of Users

                                              “We chose VeriSign managed security services
                                              because of reliability and capacity to scale to
                                              millions of users.”

         Business Challenge
      Establish a secure Authentication Infrastructure for key e-commerce initiative

                   VeriSign Solution
             Identity Management and Consulting Services
             Sate of Kansas and standardized on VeriSign solutions

               First application is “e-Lien” – electronic filing of lien information to financial
                community for automotive financing
               Increasing efficiency and reducing costs traditionally associated with
                government transactions
               Enabling 55 higher education institutions to digitally sign documents

        Creating a Connected, Secure Government
                                  “We wouldn't be able to put a service like this online and have the
                                  levels of security necessary without VeriSign. It is extremely
                                  important to us that our digital certificates have the inherent trust
                                  that comes with using the VeriSign solutions”

        Business Challenge
      Turn a sprawling government bureaucracy into a safe, secure technology innovator using the
       Internet, migrating government services for businesses and residents online.

                  VeriSign Solution
             VeriSign PKI services for digital certificate registration and issuance, including
               65,000 certificates.

               Expanding its online services to conduct secure online transactions with the
               Securing the state's computer systems during a time of increased vigilance
               Keeping the state on the cutting edge with technology
       Government Efficiency at Department of Interior

                               “VeriSign delivered a performance-based implementation – we
                               couldn‟t have afforded it without that kind of approach. A VeriSign
                               solution is kind of like a „Piece of a Rock‟ scenario.”

        Business Challenge
      Secure Access and Identification Management for both physical and network access

                  VeriSign Solution
             Managed Authentication Services and smart card solution
             10,000 user potential

              Single authentication process for both physical and logical (network) security
              Reduced overall management costs and increased security

     State of Pennsylvania

          Business Challenge
       Law enforcement officials reluctant to share sensitive criminal information with entities
        outside their agency

              VeriSign Solution
         Identity Management Solution and Linking State and City Police Officers,
          Correction Officials and Federal Law Enforcement Entities.
         20,000 User Potential

          Sensitive criminal information now shared across agencies - Cost Savings
          Homeland Security network in place and operating in Pennsylvania


To top