+ All Categories
Home > Documents > Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium...

Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium...

Date post: 19-Dec-2015
Category:

Documents
View: 214 times
Download: 0 times
Download Report this document
Share this document with a friend
Popular Tags:
cert slide
health org ca slide
security printer slide
stock exchange listing
cross certification
pki thickets
identity plurality slide
pki jim
18
Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep Consulting Pty Ltd
Transcript
Page 1: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Public Key SuperstructureIt’s PKI Jim, but not as we know it!

7th Annual “IDtrust” Symposium5 March 2008, Gaithersburg MD, USA

Stephen WilsonLockstep Consulting Pty Ltd

Page 2: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

About Lockstep

• Consultants specialised in PKI, smartcards & privacy

• Developing novel de-identification and online safety solutions

• Consultants specialised in PKI, smartcards & privacy

• Developing novel de-identification and online safety solutions

Page 3: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

About Lockstep

• Asia PKI Forum• Gatekeeper Policy Committee• Aust. Law Reform Commission

• Asia PKI Forum• Gatekeeper Policy Committee• Aust. Law Reform Commission

Page 4: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Historical PKI experience

Page 5: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

The passport metaphor

• Non-descript applications– impossible for CAs to manage risk

• Stranger-to-stranger e-business– “It’s good to trust but it’s better not

to”• Novel TTP business models

– Imposed incredible CPSs upon users• Notion of a single identity

– “Interoperability” = cross certification

Page 6: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

“Cross-certification and policy mapping has been a rat hole that has sucked up vast amounts of energy better spent elsewhere” Anonymous, Feb 2008

Page 7: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

“Fading PKI Market” June 2003

PKI thickets

1999 RSA Conference

Identrus

1999 2002 2005

Verisign IPO

2008

Page 8: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

PKI in practice

• Works best in closed communities– Automates transactions in context – This is a Good Thing

• Embedded keys & certificates• Fits with identity plurality

Page 9: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

PK Superstructure

Page 10: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

CA as Security Printer

Stock Exchange

ListingsDepartment

Listed CompanyAchieve Listing

Announcements Announcement

Distribute bar code labelsSecurityPrinter

ListingRules

ListingRules

ListingRules

ListingRules

ListingRules

ListingRules

Affix bar code

Off

ice

r

FaxOCR

Page 11: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Stock Exchange

ListingRules

ListingRules

ListingRules

ListingRules

ListingRules

Listed Company

Announcement

ListingRules

Distribute certificates, keys

Digitally sign

CA

ListingsDepartment

Announcements

Message AppMessage

App

CA as Security Printer

Page 12: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Security printer implications

• Decouples registration from production • Manages risks associated with

registration & production separately

• No contract between Subscriber & CA• No exposure of CPS to Subscriber• Easier to novate CA service providers • Accreditation not affected by new

Policies

Page 13: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

ContextContext

HealthOrganisation

“Relationship Certificates”

e-Prescription

Patient name - - Med - - -Dose - - -Repeats - - -

Credentials

Subject: - - - Ext: Lic No. xyzIssuer: Health OrgPolicy OID: - - -

Public Key: - - -

Transaction User Certificate CA Certificate

Sig

ned:

Dr

Lic.

xyz Health Org CA

Subject: - - - Validity: - - - Issuer: Root CAPolicy OID: - - -

Public Key: - - - Sig

ned:

Hea

lth R

oot

CA

Sig

ned:

Hea

lth O

rg C

A

Page 14: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

“Relationship Certificates”• Form of “Authorization PKI” • Kill the holy cow of authentication being

primary over authorization

• Preserves X.509 formats, software

• Not SPKI: no ‘primary’ ID certificate • Not Attribute Certs: we can sign with

cert

• Form of “Authorization PKI” • Kill the holy cow of authentication being

primary over authorization

• Preserves X.509 formats, software

• Not SPKI: no ‘primary’ ID certificate • Not Attribute Certs: we can sign with

cert

Page 15: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

C. Vote

Lockstep anonymous e-voting

B. RegisterA. Background

Roll Enrol to vote

Smartcard distribution process

CertificateSerial No.PollKey

Dig SignRegister

smartcard

CA

Ide

ntif

y vo

ter

Ge

ne

rate

ke

y p

air

Inst

all

an

on

. ce

rtifi

cate

CertificateSerial No.PollKey

2

1

Candidate

Candidate

Candidate

2

1

Candidate

Candidate

CandidateDig Sign Signedballot

Candidate

Candidate

Candidate

Page 16: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

Lockstep clinical study privacy

Study sponsor

Randomisation

Logistics

Collection

Certificate Server

(2) Enrol patient into study

(3) Load pt smartcard with Stepwise anonymous ID

CertificatePatient IDStudy IDKey

Dig Sign

(1) Distribute investigator packs

Page 17: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

(4) Patient presents for follow-up

Tests

(5) Investigations as per protocol

Study sponsor

Randomisation

Logistics

Collection

Certificate Server

CertificatePatient IDStudy IDKey(6) De-identified secure

follow up data, “sealed” with Stepwise ID

Lockstep clinical study privacy

Page 18: Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

[email protected]

Discussion

See also www.lockstep.com.au/technologies


Recommended
Gaithersburg Expo 2014

Gaithersburg Expo 2014

Documents

City of Gaithersburg

City of Gaithersburg

Documents

Gaithersburg 030415

Gaithersburg 030415

Documents

The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:

The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:

Documents

Gaithersburg Vicinity Master Plan Gaithersburg Woodfield and Warfield

Gaithersburg Vicinity Master Plan Gaithersburg Woodfield and Warfield

Documents

LockStep Free Quickstart Guide to Documenting Subassemblies

LockStep Free Quickstart Guide to Documenting Subassemblies

Documents

Gaithersburg 20878 TH

Gaithersburg 20878 TH

Documents

Draft gaithersburg west master plan - Montgomery …€¦ · 2 gaithersburg west master plan The Life Sciences Center Abstract This plan for areas of western Gaithersburg within the

Draft gaithersburg west master plan - Montgomery …€¦ · 2 gaithersburg west master plan The Life Sciences Center Abstract This plan for areas of western Gaithersburg within the

Documents

Gaithersburg 100114

Gaithersburg 100114

Documents

City of Gaithersburg WATER RESOURCES

City of Gaithersburg WATER RESOURCES

Documents

656 Quince Orchard Rd | Gaithersburg, MD

656 Quince Orchard Rd | Gaithersburg, MD

Documents

2020 ‘Lockdown’ 2010: Rockefeller ’s ‘Operation Lockstep ...

2020 ‘Lockdown’ 2010: Rockefeller ’s ‘Operation Lockstep ...

Documents

City of Gaithersburg HISTORIC

City of Gaithersburg HISTORIC

Documents

Gaithersburg, MD 20899 - NIST

Gaithersburg, MD 20899 - NIST

Documents

City Officials - Gaithersburg, MD | Home

City Officials - Gaithersburg, MD | Home

Documents

Gaithersburg High School

Gaithersburg High School

Documents

Gaithersburg 20882 SF

Gaithersburg 20882 SF

Documents

Gaithersburg 20878 SF

Gaithersburg 20878 SF

Documents