Click here to load reader
Upload
kato-cook
View
26
Download
2
Embed Size (px)
DESCRIPTION
Certification Practices. DB Lab. 이 찬 섭 , 강 민 석 , 김 희 수 VLSI Systems Lab. 이 윤 아 , 송 영 아. = 목 차 =. 개념 (Concepts) Certificate Practice Statement (CPS) 용어 정의 PEM Policy Statement X.509 인증서 정책 인증서 종류 CPS 의 소개 CPS 의 내용 형식과 구조 다른 문서의 참조. Certification Practice Statement. - PowerPoint PPT Presentation
Citation preview
Certification PracticesDB Lab. , ,
VLSI Systems Lab. ,
= =(Concepts)Certificate Practice Statement (CPS) PEM Policy StatementX.509
CPS CPS
Certification Practice Statement . . .
CPSCA CA .
ABA GuidelinesCPS : . .CA : , , .CPS CA .CPS CPS, , , , .
/1( Enrollment) . (Issuing Authority) PEM CA .PEM CA Infrastructure , PCA . (Nonverified subscriber information) . . .
/2 (: Operational period) , .( Relying party) party. (Repository) on-line database. ( Subscriber) , , party.
PEM /1CPS Policy Certification Authority( ) .PEM(RFC1422) PCA . . .
PEM /2RFC1422-PCAPCA identityPCA PCA security and privacy Naming Business issues
X.509 /1X.509 ver3 PEM PCA X.509 CA(public, interorganization) (practice) CPS CPS . CPS , .
X.509 /2 () . , .
CPS X.509 ( )
X.509 /3 (sensitive - but-unclassified) , .( )High assurance policy : - (high-value financial transaction), (particularly sensitivity data) medium assurance policy : low-value transaction, medium sensitivity datelow assurance policy : low-sensitivity
X.509 /4 : . . CPS CPS . , CPS .
X.509 /5, CPS . , high, medium, low assurance CA . ( CPS )
Certificate Classes /1 , , , trusted third party . , , , .VeriSign . CPS . , , .
Certificate Classes /2 1, 2, 3 .3 1 .
Class 1 certificates1 . E-mail . ( ) .
Certificate Classes /3Class 2 certificates . . , , On-line .Class 3 certificates . . 2 .
Certificate Classes /4
, private-sector . 3 IA .
3 (electronic banking)electronic data interchange(EDI)S/W validation.Membership-based on-line services
CPS /1CPS CPS , , (open community) . .CPS , , , . ( ) CPS CA .
CPS /2CPS , , CPS .CPS . .
CPS /3CPS (framework) (template) . CPS . .ABA Guidelines : (party) . : .
CPS /3
CPS /4 , .CPS , , . , .
(Foundation for Certification Operations )
(Levels of Service) certificate class, certificate policy
(Certificate Format) / 1 (profile) (field)
X.509 , , , , (relying parties),
(Certificate Format) / 2 X.509 Certificate policies CPS Other critical extensions CPS
(Certification Authority Relationship Structure) Hierarchical structure, PEM (infrastructure) CPS CPS CPS
NamingName subject (open electronic commerce ) naming system (subscriber) : personal name address, e-mail address, registered corporation name ([email protected])
name naming authority naming authority CPS
/ 1(Publication and Repository) (publication)
:(subject) CPS
/ 2(Publication and Repository)Repository ( ) (infrastructure) (robust) ,
Inter-domain Certificationdomain
(certification practice) inter-domain certification ,
(Right to Investigate Compromises)
, (compromise) , CPS
(Trustworthiness and Security) , trustworthy system
(Trustworthy system) (misuse)
(Financial Responsibility) , .
(Records)(activities) . (creation), (issuance), (use), (suspension), (revocation), (expiration), (renewal), (re-enrollment)
time stamp
(Audit) (auditing)
CPS (entity) (audit obligations)
(Contingency Planning and Disaster Recovery) (certificate status) (revocation information) CPS
Local Registration Authority(LRA) RequirementsLRA
LRA application LRA (issue)
LRA
(Termination of Operations) .,
CPS 90 (records)
(Criminal Activity)
.
Certificate Application Procedures Key Generation and Protection : : - ( )Validation of Certificate Applications
Certificate Issuance Certification Authoritys Representations to Subscribers CPS , Certification Authoritys Representations to Relying Parties : ,
Certificate Acceptance Representations by Subscriber upon Acceptance : . writing CPS , ,
Certificate Acceptance (contd)Indemnity by Subscriber Publication : ,
Use of Certificates for Digital Signature Verification Digital Signature Verification Process => root pathWritings and Signatures Writing : Signature :
Certificate Suspension and Revocation ( ) ., , , , Subject CPS CPS denial-of-service attack , (, real-time) /
Warranties and Limitations of Liability - Warranties : ABA Guideline
Warranties and Limitations of Liability (contd) class procedure Party CPS party , ,
Warranties and Limitations of Liability (contd)Disclaimers and limitations on Obligations Damage and Loss Limitations party , . . class
Warranties and Limitations of Liability (contd)No Fiduciary Relationship , , time-stemp, party
Miscellaneous ProvisionsCPS Conflict of ProvisionsCPS CPS Governing Lawopen communication network Dispute Resolution
Miscellaneous Provisions (contd)Change Procedures CPS - ( )
Ongoing EvolutionHarmonization , EDI, , Web - Technical community : cross-certification Legal community : ABA Guideline .Business community : CommerceNet Certification authorities :
Ongoing Evolution (contd)AutomationCPS development toolsCertificate policy negotiation and mappingOnline policy and practice negotiationCommercial and Legislative/Regulatory Directions ABA Guideline . . . ( )