PowerPointPrsentation

1
European Forum on Electronic Signature, 1- 3 June
2005, Miedzyzdroje nCipher Corporation Ltd.
Robert Rüttgen Territory Manager
2
Agenda

• Trusted Time Source
• Time Stamping
• Database Encryption Access Control
• MasterCard chip PIN payment
• system

3
Who we are ?

• Founded in Cambridge, UK in 1996
• Public on London Stock Exchange
• Global company with regional offices
• Boston, New York, Paris, Hamburg, Singapore, Tokyo

n
n
n
n
n
n
n
n
4
What does nCipher do?

• Apply cryptography to the security
• needs of business
• Acceleration of secure communication
• Secure communication and Authentication
• Secure PKI and Applications
• Database Encryption and Access Control
• Time Stamping Document Management
• Protecting Software Applications

5
Providing Layers of Security Across the
Enterprise

• Secure to
• Switch
• (layer)
• Examples
• Cisco
• F5

Application servers
Web servers
Database applications
Switch

• Secure to
• Web server
• (layer)
• Examples
• IIS
• Apache
• iPlanet

• Secure to
• Database (layer)
• Examples
• Oracle DB
• SQL server
• IBM DB II

• Secure to
• Application server
• software application
• (layer)
• Examples
• Exchange OWA
• Financial transactions

6
Trusted Time InfrastructureTrusted Time
aboutTime Source Master ClockTime Stamping
Application
7
Trusted Time about
Stratum 0 United Coordinated Time (UTC) from
GPS Satellite National Measurement Institution
(NMI)
Authoritative Time Source
Stratum 1 Time Source Master Clock (TMC) NIST
( USA) PTB (Germany) NPL (UK) CRL (Japan)
Stratum 2 Time Stamping Server (nCipher
DSE200) NTP Server Computer System
8
Trusted Time usage model
Trusted Time Authority
Time Stamp Service
Trusted TimeMaster Clocks
NMIs (UTC)
Trusted TimeStampServer
Secure Facilityat Root Time Trust Service
Corporate Application or Transaction Server
Secure Time Stamps
9
Time Source Master Clock

• Provides Calibration and Audit Services for peer
  level TMC, Time Signing devices and Network
• nShield F3 FIPS 140-2 Level 3 validated HSM
• Secure Execution Engine (SEE) - code for secure
  network communications, timing functionality, and
  authentication execute within HSM boundary

10
Time Source Master Clock

• This technology allows to trace the Path of
• time back to UTC. This means that it provides
  Time Attribute Certificate at the End of Audit
• Who want to have an Audit Path for their Time
  Stamping Appliances back to UTC
• Who want to feed out time to internal Network
  over NTP and want have guaranteed time back to UTC

11
Secure Time Stamp Audit Trail
12
Secure Time Stamp Audit Trail
13
Time Source Master Clock

• Compliant with Atomic Clock - Agilent 5071A (HP
  5071A)
• Network Protocols Supported - NTPv2, NTPv3,
  NTPv4, SNTP (RFC 2030), Daytime Protocol (RFC
  867), Time Protocol (RFC 868), SNMPv1 (RFC 1157),
  DHCP (RFC 2131), SSH (Secure Shell),
  HTTP/HTML/HTTPS (RFC 2616), DS/NTP
• Time Sources and Time Accuracy
• GPS lt1 microsecond (relative to UTC, GPS
  Tracking)
• IRIG lt5µs to input
• 1PPS lt5µs to input
• Dial-Up lt1-10 milliseconds (to NIST Acts)

14
Time Stamping ApplicationSecure E-Procurement,
E-Billing System, (ERP Systems)
15
Document Sealing Engine

• Time Stamping Appliance which cryptographically
  provides Sealing of Documents, Transactions, Logs
  by applying a digital signature and
  independently, auditable Time Stamp
• nShield F3 FIPS 140-2 Level 3 validated HSM
• Secure Execution Engine (SEE) - code for secure
  sealing is execute within HSM boundary
• Implements Time Signing as specified by the IETF
  PKIX Time-Stamp RFC (RFC 3161)

16
E-Processing in the EnterpriseClient or/and
Server based
Trusted Agent provides and execute Time Stamps
for authorized users inside secure Cryptographic
Module(s) FIPS 140-2 Level 3 validated
Recipient
Time Stamp Request
Document Sealing Engine DSE 200
PDF XML RTF .
Database
Sender
17
TSA purposes of using

• Public Key Infrastructure
• - Designed to secure who does what and when
• - Strengthens Digital Signatures Proof that
• certificate used to create a digital signature
  was
• valid at the time of signing
• - Secure Audit Trail and non-repudiation
• Electronic Archiving / Digital Notarization
• - Long term validation after the certificate has
  expired
• - Proof that an electronic document or record
• existed at or before a specific point in time

18
TSA purposes of using cont

• eBusiness Applications
• - Digital Receipts
• - Online Bank Transactions
• - Share Trading
• Postal Service
• E-Mail Traffic - incoming / outgoing
• Secure Log Files

19
Database SecurityDatabase Encryption Access
Control
20
The Solution - SecureDB

• Column level encryption
• Protects against unauthorized access of entire
  files
• Protects against unauthorized access to database
  system
• Transparent to application logic, very flexible
  and easy to implement
• Separation of duties between DBA and security
  roles
• Secure key management (software, plus hardware
  option robust key recovery scheme)
• Assignment and administration of user access
  rights consistent with security policy

21
SecureDB Components
Client Applications
SecureDB Components
File System
22
Secure DB with HSM Multiple Databases Single
Server
Client Applications
SecureDB Adapter
SecureDB Adapter
HR Database
PIN Database
File System
23
Secure DB with HSM Multiple Database Multiple
Servers
Client Applications
File System
File System
24
Highly Scalable

• Easily scale your data security as your business
  grows and technical infrastructure expands

Internal Applications
Hosted Applications
SecureDB
25
Authentication Verificationof payment
transactions to helps combat phishing
attacks1. EMV Card for Payment
Systems2. Secure Signature Creation Device
(EAL4 Certificate storage)Press Conference,
19th of May in LjubljanaBanka Koper deploys
nCipher payShield as part of MasterCards Chip
Authentication Program (CAP) to give customers a
simple and secure means for online banking and
credit card authentication
MasterCard chip PIN
26
Thank you ! For more information go Robert
Rüttgen rruettgen_at_ncipher.com http//www.ncipher.c
om