Get documents about "VeriSign Security Solutions Authentication and Encryption
Document Sample
VeriSign Security Solutions
Authentication and Encryption
May 2004
1
MPKI Security Solutions
Levels of Authentication
Demonstration
Q&A
2
VeriSign Overview
Provide the critical infrastructure services that
make the Internet and telecommunications
networks more reliable, intelligent and secure
Naming &
Directory Security Payment Telecom
Atlas
Presence in 45+ countries 15 data centers and NOCs
5,000 enterprises and carriers Largest ind. SS7 network - 2B
messages
400,000 e-commerce sites
Exclusive registry for .com, .net – 10B
100,000 merchants resolutions
2,500 employees 28% of N. America e-commerce
3
MPKI Security Solutions
Government Security Solutions
MPKI for Email/eForms
MPKI for SSL (servers)
Secure VPN for
Checkpoint/Nortel/Cisco
Secure Web Applications
– Security Consulting Services E-mail SSL
Web
Value to Customers:
– Comply with Security Regulation
requirements (ex: HIPAA)
– Highest level of authentication, VeriSign
plus cryptography VPN
– Full control over issuance and Authentication
management of certificates
– 40-60% lower cost than in-house
implementation
Consultants
– Easy to manage large deployments
– Easy integration with enterprise
and partner applications (e.g, smart
cards)
4
Levels of Authentication
Various levels of customer authentication – Certificate Class
Structure
Rudimentary Class 1:
– Based on email address with no cross-reference to any
external databases
– Retail only – not business or government
Class 2 :
– Authenticates identify based on third party database
information
– For commercial business and government
– Certificates are issued only to persons identified by
Registration Authority (RA) – ex: known employee of
company
– Optional: Name, Email, Department, Phone number
High Assurance – Password or better authentication required
Class 3:
– Personal presence or rigorous manual authentication
– For Defense and high-security customers
5
MPKI – Digital Certificates
Public or Private Hierarchies
VeriSign’s Public Model is compliant with Federal Bridge – allows States
to do business with Federal Gov’t securely online.
Public Model VeriSign
Public Class 2
– Open community
– Secure Email Company
Public Root
– VeriSign root keys embedded in
applications Company Company Company
Public CA A Public CA B Public CA C
– Must meet minimal VeriSign CPS/CP
Private Model Company
– Self-Signed CA Private Root
– Closed community Company Company Company
Private CA A Private CA B Private CA C
– Network Access/VPN
– Not dependant on VeriSign CPS/CP
6
State of California PKI Structure
Public Structure – use VeriSign
VeriSign’s FBCA Public Class 2
compliant Certificate Root CA
Policy & Practice
Statement (CP/CPS) State of California
Leverages Enterprise Intermediate CA
pricing for all customers
of state
MSA is with State of CA State Agency County of LA County of Ventura Business Partners
Public RA Public RA Public RA Public RA
Each customer
(counties, cities and state
agencies) sign a sales
order with State Data Dept of Health Company 1 Company 2
Center and provide PO# Public LRA Public LRA Public LRA
to buy certificates
Business Partners
(Accenture, IBM, Kaiser,
etc.) of state or counties
can also buy certificates
at same Enterprise price
through State Data
Center
7
MPKI – Digital Certificates
Secure Email
Signs and Encrypts
Validates Signature and Encryption
Encrypt Sign Encrypts email message and
attachments
Key Management and Storage
NO SCARY WARNINGS!
8
Secure Forms – using Digital Certificate
DEMO
9
Today’s Demonstration Architecture -
Smartcard & Email
Nevada CA
Registration Pages
Key Management Service
Auto Administrator
End User registers for
Smartcard and OCSP/CRL Check
Certificates
Application Server
w/client auth and email
MPKI for SSL
Nevada is currently a VeriSign SSL customer
MPKI for SSL – provides customers with the ability to manage the
lifecycle of SSL digital certificates. This includes issue, revoke,
renew and audit certificates.
Proof of Identity — IDs enable web site authentication
(Amazon.com or Amazan.com?)
Strong Security — allow communications to be encrypted
Compatibility — Recognized by all major browsers, and
supported by all SSL-capable server software
Customers control the speed of issuing new SSL certificates,
renewing and billing.
Significant discount versus buying retail certificates.
11
MPKI – Digital Certificates
Secure VPN
Provides customers with the ability managed digital
certificates to enable strong VPN authentication.
Supports Checkpoint, Nortel and Cisco VPN.
(*supports all VPNs)
Requires the customer has PKI enabled version of their
VPN client.
VeriSign offers VPN Architecture and Design
Recommend: Online Certificate Status Protocol
12
Today’s Demonstration Architecture –
VPN, Authentication
Nevada CA
OCSP/CRL Check
Checkpoint Firewall Nevada
Cisco Concentrator Internal Resources
VPN User
Authenticates
MPKI – Digital Certificates
Secure Web Transactions
Secure Web Transactions – provides customers with the ability
managed digital certificates to enable strong authentication or
digital signing of HTML, plain text and XML.
The following tools are offered for Secure Web Transactions:
– Personal Trust Agent (client and server components)
– Digital Signature Platform
– Certificate Parsing Module
– Certificate Validation Module
– File Encryption Tool
– PKI Toolkits
Customers who deploy Secure Web solutions are not required to
implement all above components.
Recommend: Online Certificate Status Protocol (OCSP)
Optional: Roaming
14
MPKI - Digital Certificates
Web Services/Access
Common user interface for both
Netscape Navigator and
Microsoft IE
Brand-able & uses membership
card metaphor; can be localized
PTA operations are scriptable
from web pages
Easy Select: Automatically search
through certs for
application/company identifiers
Configure a certificate for an
application (select only once)
Supports mandatory password
criteria and can integrate with
other forms of authenticaiton
15
Web Access – using Digital Certificate
DEMO
16
Network Security – MSS
Service Offerings and Key Features
Managed Security Services
– Managed/monitored Firewall, Intrusion Detection Systems, Vulnerability
Management
Network Security Consulting services
24x7 Security Operations Centers staffed with security experts
Early warning system leveraging VeriSign’s Internet security intelligence
Vendor-neutral support for all best-of-breed security platforms
Value to Customers
Minimize security intrusions/breaches through proactive, 24x7 management
Cost reduction of up to 60% by leveraging VeriSign’s infrastructure
Reallocate resources to higher value-added activities and business priorities
Achieve compliance with government regulations and audit requirements
17
Security Consulting Services
All VeriSign Core MPKI and complimenting solutions
include Security Consulting Service during install.
– PKI Design and Analysis
– CPS and CP Development Services
– PKI Enablement Services
– Archival Services
– Disaster Recovery
– Network Optimization
– Security Assessments
– Vulnerability Testing
– Audit Services
18
Sample Public Sector Customers
Veterans Affairs State of PA – J-Net
Center for Disease Control State of PA – Education
US Dept. of Labor State of New Jersey
Securities Exchange Comm. Kern County, CA
US Dept. of Interior Federal Home Loan Banks of
– Pittsburg, Dallas, Chicago
US Office of the Courts
Exostar (DoD Exchange)
Department of Energy
Multi-State Tax Comm. State of Kansas
County of Los Angeles, CA
Department of Defense -
SERVE County of San Mateo, CA
State of California
19
Government: Scaling to Millions of Users
“We chose VeriSign managed security services
because of reliability and capacity to scale to
millions of users.”
Business Challenge
Establish a secure Authentication Infrastructure for key e-commerce initiative
VeriSign Solution
Identity Management and Consulting Services
Sate of Kansas and standardized on VeriSign solutions
Results
First application is “e-Lien” – electronic filing of lien information to financial
community for automotive financing
Increasing efficiency and reducing costs traditionally associated with
government transactions
Enabling 55 higher education institutions to digitally sign documents
20
Creating a Connected, Secure Government
“We wouldn't be able to put a service like this online and have the
levels of security necessary without VeriSign. It is extremely
important to us that our digital certificates have the inherent trust
that comes with using the VeriSign solutions”
Business Challenge
Turn a sprawling government bureaucracy into a safe, secure technology innovator using the
Internet, migrating government services for businesses and residents online.
VeriSign Solution
VeriSign PKI services for digital certificate registration and issuance, including
65,000 certificates.
Results
Expanding its online services to conduct secure online transactions with the
government.
Securing the state's computer systems during a time of increased vigilance
Keeping the state on the cutting edge with technology
21
Government Efficiency at Department of Interior
“VeriSign delivered a performance-based implementation – we
couldn‟t have afforded it without that kind of approach. A VeriSign
solution is kind of like a „Piece of a Rock‟ scenario.”
Business Challenge
Secure Access and Identification Management for both physical and network access
VeriSign Solution
Managed Authentication Services and smart card solution
10,000 user potential
Results
Single authentication process for both physical and logical (network) security
Reduced overall management costs and increased security
22
State of Pennsylvania
Business Challenge
Law enforcement officials reluctant to share sensitive criminal information with entities
outside their agency
VeriSign Solution
Identity Management Solution and Linking State and City Police Officers,
Correction Officials and Federal Law Enforcement Entities.
20,000 User Potential
Results
Sensitive criminal information now shared across agencies - Cost Savings
Homeland Security network in place and operating in Pennsylvania
23
Related docs
