Upload
hagero
View
191
Download
0
Embed Size (px)
Citation preview
The EIDI Application Per Hägerö
June 10, 20152
The EIDI Application
The EIDI Application Per Hägerö
June 10, 20153
The neXus Dynamic Identity Platform The EIDI Application Use Cases for the EIDI Application
Agenda
The EIDI Application Per Hägerö
June 10, 20154
The Dynamic Identity Platform
Dynamic Identity Platform
The EIDI Application Per Hägerö
June 10, 20155
The Electronic Identity Infrastructure is an application targeted at providing life-cycle management of identities and
credentials for organizations that has large scale
credentials that works across organizational and country boarders
a set up of security capabilities including encryption, signatures and authentication
The eIDI Application
Dynamic Identity Platform
The EIDI Application Per Hägerö
June 10, 20156
The EIDI Application is based on Public Key Infrastructure (PKI) which built on using asymmetric keys and so called certificates Asymmetric encryption uses two keys, a key
pair, as opposed to symmetric encryption which uses one key. The keys are called private and public.
Certificates provides identifiable information, forgery resistant and can be verified because is normally issued by a 3rd party
The foundation
Dynamic Identity Platform
The EIDI Application Per Hägerö
June 10, 20157
Certificate Management System, a work-flow driven system that is the interface for a user, device or another object to request and manage certificates and keys
Certification Authority (CA), the issuer of certificates
Key Management Server, manages key archiving
OCSP Server, provides a validation point of the validity of certificates
PKI Client (Middleware), enables PKI services on the client
EIDI Application Components
Dynamic Identity Platform
The EIDI Application Per Hägerö
June 10, 20158
Trusted Third Parties Enterprises Organizations
EIDI Application Deployments
Dynamic Identity Platform
The EIDI Application Per Hägerö
June 10, 20159
PKI enables the use of scalable encryption where asymmetric and symmetric keys are combined
In this scenario the symmetric key is generated is encrypted with the public key of the recipient by the sender. The recipient then decrypts the symmetric key using it’s private key
Use Cases: Encryption
The EIDI Application Per Hägerö
June 10, 201510
In the digital signature scenario it’s the other way around, the sender performs a hash of data that should be signed then encrypts the data with the senders private key.
The recipient the decrypts the data with the public key of the sender. Since the public key is present in a certificate its possible to not just verify the integrity of the signed data it is also possible to get more identifiable information such as name, e-mail address etc. of the sender
Use Cases: Digital Signatures
The EIDI Application Per Hägerö
June 10, 201511
PKI provides a solution to encrypt the communication between the communicating parties
It also gives a mutual authentication of the communicating parties that ensures that only the intended entities can decipher the communication and prevents data loss
Use Cases: Secure Access
The EIDI Application Per Hägerö
June 10, 201512
PKI are ideal to identify mobile devices as they can be deployed as a seamless step-up authentication to mobile services such as E-mail synchronization
Use Cases: Mobile Access
The EIDI Application Per Hägerö
June 10, 201513
PKI is ideal when it comes to providing identities for Internet of Things where the devices or things have the cryptographic capabilities
It provides a scalable identity that can be used online and offline and can be used for all security purposes
Use Cases: Internet of Things