[Lithuania] DigiCerts and DigiID to Enterprise apps
Transcript of [Lithuania] DigiCerts and DigiID to Enterprise apps
DigiCerts and DigiID in Enterprise apps. So yesterday and so tomorrow.
Martynas Savickas
Types of digital certificates:
Certificate Authority (CA) certificatesServer or client certificatesObject signing certificatesUser certificates
Speed! Automation!
Do more with less! Automation!
Cost reduction! Automation!
Increase performance! Automation! Innovation! Automation!
Value!
Business needs 2015, 2016, 2017… 2XXX
Speed! Automation!Do more with
less! Automation!
Cost reduction! Automation!
Increase performance! Automation! Innovation! Automation!
Value!
InfoSec needs 2015, 2016, 2017… 2XXX
IntegrityConfidentialityNon repudiationAccess control+ Fight and pushback all
this stuff
Business processes @ applications
Digi ID & Digi Sign covers:
Integrity [checked]
Confidentiality [checked]
Non-repudiation [checked]
Encryption costs close to nothing. Encrypt and let cavalierly rest.
Goals? Sure. Compliance to: - standards- data classification requirements- data privacy
Any InfoSec will fall in love with end to end encrypted APP!
Data exchange is easy… until you hit into InfoSec (the one who thinks he is A Cavalierly) …
Digi Sign The document market.
What market?
ADOC [GGeDOC; GeDOC; BeDOC; CeDOC;] - LithuaniaBDOC – current Estonian official format… DDOC - Legacy Estonian formatEDOCs – current Latvian official format… PDF – this is just real simple pdf…
Containers
ASiC Simple (ASiC-S). Single file object with either one signature file or one time assertion file.ASiC Extended (ASiC-E). Each signature is associated with all or part of the files in the container
What if I do not trust online DigiSign services?
I really don’t!
Digi ID and Digi Sign hardware tokens advantages and disadvantages:
Smart ID [Chip on smartcard]
Mobile ID [SIM card]
Token ID [USB token]
And what if we try to change the world?
Once again.
Adopt it in Enterprise apps and give me some
SECURITY AUTOMATION!
Thank You!
Q/A‘s