Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
-
date post
15-Jan-2016 -
Category
Documents
-
view
214 -
download
0
Transcript of Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
1Assuring e-Trust alwayswww.certiver.com
Guaranteeing Electronic Trust at all times
2Assuring e-Trust alwayswww.certiver.com
Today's AgendaWho is CertiVeRSolutions from CertiVeRCertiVeR – TACAR proposalQuestions
5Assuring e-Trust alwayswww.certiver.com
CertiVeR ServicesValidation
OCSP Validation via CRL or OCSP database connection in real time.– Provision of enhanced OCSP responder– High Availability– Back up – Load Sharing– Automated Revocation
6Assuring e-Trust alwayswww.certiver.com
CertiVeR ServicesEnhanced Validation information
Certificate Status– Active, Revoked or Suspended– Multiple CA integration
Purpose of Certificate– Use of OCSP response extensions to
disclose attributes of the user certificate or the Certification Authority policy.
– Used for authorisation by applications to carry out specific functions or transactions
Invalid Certificate
7Assuring e-Trust alwayswww.certiver.com
CertiVeR Services: Load Sharing, Backup & High Availability Backup of your certificates database:
– Backup in case of failure with security guarantee
– Lower cost than if you were to do it yourself
High Availability:– Hot standby backup in case of failure– Load sharing or balancing– Ensure high availability and reliability– Guarantee performance levels
8Assuring e-Trust alwayswww.certiver.com
CertiVeR ServicesAutomated Revocation
Automated certificate revocation module or application via voice and speaker recognition.– High Security, Liability and Reliability
• Biometrics user registration
• Speaker and Voice recognition integrated with revocation
– High Availability, 24x7– Outsourcing of service to CertiVeR
9Assuring e-Trust alwayswww.certiver.com
CertiVeR ServicesOptional Manual Revocation
Common Call Center for all CAs– Economies of Scale– Lower shared costs– More user friendly– High Availability, 24x7
• Automated system may transfer problematic calls
– Security provided through Secret questions• A similar security level could also be provided via Web
10Assuring e-Trust alwayswww.certiver.com
CertiVeR Services - Outsourcing Certificate Status Database Management
Offload management Reduce costs Improve service Enhance reliability Increase accuracy Raise level of trust and confidence
11Assuring e-Trust alwayswww.certiver.com
CertiVeR ServicesCA Certification
Creation of or assistance with CPS
Audit of CA in accordance with international and national norms– Legal requirements– Required by customers– Facilitates trust chains
CertiVeR Proof of Trustworthiness
14Assuring e-Trust alwayswww.certiver.com
CertiVeR Cross-TrustHow do you trust other CAs?
Chaining Trust– Cross-certification– Cross-validation
No more PKI Islands– Degree of Trust– Validity Time of Trust– Validity Period of Trust
15Assuring e-Trust alwayswww.certiver.com
CertiVeR Services Ready applications for digital signature
Provide tools and services to make applications PKI ready:– Already integrating GTK 3.9.4
Single validation access point for several CA,s Provision of access APIs Quality Control and post development support Facilitate the rise of applications using digital
signatures– Needing more than one certificate
– Needing more than just certificate validation
16Assuring e-Trust alwayswww.certiver.com
CertiVeR – TACAR 1st Proposal Revocation Administration done by CA
CRL for User Certs
synch
CA Users,Grid Users, etc.
CAs
TACAR CA’s Root List
CertiVeR Sites
OCSPResponder
Cert Status Database
RevocationModule
Publish RootCertsRevoke
User Certs
Revoke Root Certs
OCSP Validation Request for TACAR’s
Repository and hierarchies
17Assuring e-Trust alwayswww.certiver.com
CertiVeR – TACAR 2nd Proposal Revocation Administration done by CertiVeR
synch
CertiVeR Sites
OCSPResponder
Cert Status Database
RevocationModule
CA Users,Grid Users, etc.
CAs
Publish RootCerts
TACAR CA’s Root List
Revoke Root Certs
OCSP Validation Request for TACAR’s
Repository and hierarchies
Revoke User Certs
18Assuring e-Trust alwayswww.certiver.com
OCSP Signature Validation
We offer two options:
1. Sign OCSP responses with a certificate trusted by all parties.
2. Sign OCSP responses with a certificate issued by the same CA hierarchy as the certificates whose status is being asked for.
19Assuring e-Trust alwayswww.certiver.com
The Business case for CertiVeRAnnual cost assumptions included
Service Description Done by Cost Univ Cost SME
Status Checking Yourself 15,000 €40,000
Back up Yourself 2,000 €10,000
High Availability Yourself 18,000 €100,000
(Automated) Revocation Yourself 40,000 €50,000
CA Certification 3rd Party 15,000 €15,000
Trust Chain TACAR 5,000 €20,000
PKI Enablement/Appl. Yourself 15,000 €20,000
Total € 110,000| € 275,000Cost cover up to 10.000 users
20Assuring e-Trust alwayswww.certiver.com
The Business case for CertiVeRAnnual cost assumptions included depending on degree of Administration
Service Description Done by Cost
Enhanced Status Checking (1) CertiVeR €20,000
Back up CertiVeR €5,000
High Availability CertiVeR €20,000
Automated Revocation CertiVeR €30,000
CA Certification CertiVeR €15,000
Trust Chain (included in (1)) TACAR €0
PKI Enablement/Appl. CertiVeR €10,000
Total €100,000
Savings of €60,000 or 120% each site!!!
Cost cover up to 10.000 users(1) Status Checking + Trust chain integration
Discount Univ. 50% = 50,000€
21Assuring e-Trust alwayswww.certiver.com
The most cost-effective services offered
The Basic services by CertiVeR
Service Description By CertiVeR(50%) By Univers. Saving
Enhanced status checking 10,000 € 20,000 € 10,000€
User Revocations 15,000 € 40,000 € 25,000€
High Availability 10,000 € 18,000 € 8,000€
TOTAL 35,000 € 78,000 € 43,000 €
TOTAL saving 43.000 €/year/site123% over CertiVeR cost 55% over University cost
23Assuring e-Trust alwayswww.certiver.com
Try now our demo at:http://www.certiver.com
24Assuring e-Trust alwayswww.certiver.com
Any Questions ?