Best Practices in Deploying a PKI Solution

BIEN Nguyen Thanh

Product Consultant – M.Tech Vietnam

BienNT@mtechpro.com

Agenda

About RSA

Business Drivers

Implementation Considerations

Technology Considerations

Project process

PKI enabled applications

About RSA

RSA, The Security Division of EMC

EMC is the world leading information infrastructure company

enabling organizations to bring the power of their information to life

RSA is the world leader in securing information infrastructure ensuring that information is always an

asset and never a liability

AddIntelligence

Virtualize& Automate

StoreProtect

Information

RSA Security Leadership

Inventors of RSA algorithm

1st

yearlegacy

25+

organizationsprotected

35K +

phishing attacks shut down

175K+

250M +

online identities protected

1B +

productsshipped with RSA

BSAFE® encryption

World’s Largest

information security industry

event

yearlegacy

25+

Business Drivers

Business Drivers

Organizations leverage e-business to:• Enable users to access information

• Improve relationships with customers, suppliers, partners…

• New/enhanced revenue generation opportunities

• Reduce costs

• Enhance compliancy

Big question: “How can we do this securely?”

e-Business TransformationUnlocking the Potential of e-Business

Trusted e-business require parties to know:• Who they are doing business with

• Communications are confidential

• Transactions cannot be altered in transit

• Support for non-repudiation is available

Implementation Considerations

Implementation Considerations

Setting up a PKI• Long process

• Mainly organisational and business

Establishing a PKI service• Business cases

• Business drivers

Implementing the CA• Secure and highly available infrastructure

• Operations team to support 24*7*365

PKI-enabled applications

Technology Considerations

RSA Digital Certificate ManagementProducts & Solutions

Products

RSA Certificate Manager • Industry leading CA

RSA Validation Solution• Ensure high-levels of trust &

protection for organizations

RSA Root Signing Service

Solutions

Web Server SSL• Enables cost effective trusted

server authentication

Secure Digital Signing• Enables trusted transactions and

communications for streamlining processes

Secure e-Mail• Enables trusted messaging for

streamlining processes

Secure VPN• Cost effectives, easy to use strong

authentication of users and devices

RSA Digital Certificate Management Components

User

RSA Certificate Manager

RSA Key Recovery Manager

Web Server

RSARoot Signing Service

RSA Validation Clients

RSA Validation Manager

RSA Registration Manager

RSA Keon Root Signing Service

RSA Root Signing ServiceExtending the Value of Digital Certificates

Company ABC End User Browser

Company ABC Certificate Authority

External Business Partner

Actions Invisible to the End User

End User Certificate

Signed e-Mail / Web transaction

RSA Key Recovery Manager“m of n” Collaborative Encryption Key Recovery

RSA Certificate Manager

RSA Key Recovery Manager

Smart Cards

nCipher HSM

Key Recovery Mgr

Key Recovery Operators

Key Recovery Server

Other considerations

Infrastructure• Secure network

• Operating platforms (Windows/Solaris systems)

• System LDAP

• Public LDAP

• RA Stations

Secure computer centre

Systems and security monitoring

RSA BSAFE

Cryptographic toolkits• Java

• C / C ++

Project Process

Business Project set-up

Define project organisation • Business control

• Security

• Operations

• Administration

Define RSA project organisation

Define organization business cases, operational processes, etc.

Business Discovery and Analysis, Planning

Requirements collection and analysis• Business

• Information Security

Project planning• PKI operations department

• Processes and policies development

PKI project set-up

Requirements collection • Infrastructure/CA/RA

• IT Security

Project planning• PKI operations

• Processes and policies

• WebTrust

Solution design

Architecture• Systems

• Infrastructure

• Security

Physical Security

Development

Test plan and test cases

Policies and Processes• Information Security

• CP & CPS

• Operations

Pre-Production Infrastructure

Installation of test system

System and integration testing according to test plan

System documentation

Test run

Production Infrastructure

Installation of production system

Testing according to test plan

WebTrust

Boot strap

Root sign

Pilot

PKI-enabled Applications

PKI-enabled Applications

Using PKI with existing and new applications

Digital Signatures and Document Security

PKI-enabled Applications

PKI-enabled Applications

Thank you!