Location

1
PKI in Saudi Telecom
Eng. Hijer D. Al-Badrani General Directorate of
Information Security
Location Date Mursalat, 14-12-2004
Type of Document Presentation
STC Confidentiality Normal
2
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website
• PKI in Saudi Telecom Next Step

3
Overview of PKI What is a PKI?

• A Public Key Infrastructure (PKI) is a framework,
  which provides end-users and applications with
  essential security services, such as
  confidentiality, integrity, authentication,
  non-repudiation and authorization.

TRUST
Authentication
Non-Repudiation
Integrity
Confidentiality
Technical
People

• A PKI includes the technical, organizational,
  legal and procedural mechanisms required to
  generate, distribute, archive, update and revoke
  digital certificates and the related keys.

Organizational
Legal
Procedural mechanisms
Process
4
Overview of PKI PKI - Enabler of Security

• PKI is providing digital equivalents of
  real-world
• Passports issuing authorities gt certificates
  and CAs
• Signatures and PIN numbers gt electronic
  signatures
• Sealed envelopes gt certification encryption
• Encrypted texts gt encrypted messages
• to build trust and allow reuse of proven business
  concepts in the digital world.

5
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website.
• PKI in Saudi Telecom Next Step

6
PKI in Saudi Telecom History

• Saudi Telecom was one of the first companies in
  Saudi Arabia who thought of using PKI and
  utilizing its services.
• - Pilot Project
• Pilot project had been conducted early 2001.
• Internal PKI Pilot is based on VeriSign
  technologies.
• The Digital Certificate had been used in Saudi
  Telecom since that time by selected group reached
  1000 user and it was mainly to provide Secure
  email.

7
PKI in Saudi Telecom History

• WHY PILOT PROJECT?
• Introduce the idea of PKI to STCs executives and
  use it as a proof of concept for full PKI
  deployment.
• Educate STCs employees on the PKI technology, how
  it could be used, and the benefits it can bring
  to STC.

8
PKI in Saudi Telecom
ARE WE READY?
YES
IT IS THE TIME TO START PUBLIC KEY INFRASTUCTURE
9
PKI in Saudi Telecom Current Setup

• PKI project started in May 2002.
• Public Key infrastructure project was part of
  Saudi Telecom eBusiness initiative.
• Fully Managed by General Directorate of
  Information Security.
• Saudi Telecom current setup is considered one of
  the largest implementations in Saudi Arabia.

10
PKI in Saudi Telecom Current Setup

• Main Objectives of stage one
• Provide full integration with email Secure
  Email.
• Preparation of the system to be ready for
  Integration with eBusiness applications.

11
PKI in Saudi Telecom Current Setup

• Project organization and personnel
• Steering group
• Project group with 3 members.
• Technical and service expert groups, 5 people

12
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website.
• PKI in Saudi Telecom Next Step

13
High-Level Work planStage One

Phase 3 Production
1.6 Deploy
1.6 Acceptance
Phase 2 Implementation
1.4 Testing
1.2 PKI Implementation
1.3 PKI Integration
1.1 Detailed Design
Phase 1 Assessment
0.1 PKI Plan Assessment
0.2 Vendor Selection Conceptual Design
14
High-Level Work plan Stage One

• The launch of the PKI has been audited by an
  independent auditing firm and done with presence
  of Key IT Managers.
• Internal Certificate Authority (CA) managed
  locally by Security Department Staff.
• 5 Registration Authorities (RA) in HQ, Riyadh,
  Jeddah, Dammam, Abha to distribute the
  registration process kingdom wide.

15
High-Level Work plan Stage One

• 10000 license (will expand to cover all STC
  employees)
• Certificate Policy (CP) Certification Practice
  Statement (CPS).
• The STC PKI offers different classes of
  certification services, Classes A-C.

16
PKI Design
17
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website
• PKI in Saudi Telecom Next Step

18
eBusiness Application Integration
Business Assessment

• e-Business Applications
• Document Management
• Enterprise Information Portal
• Corporate Web Site
• eProcurement

Integration Approach
Integration Effort and Impact
Application Readiness
Usability and Performance
19
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website
• PKI in Saudi Telecom Next Step

20
PKI Website
21
PKI Website
22
PKI Website
23
PKI Website
24
PKI Website
25
PKI Website
26
Agenda

• Overview of PKI
• PKI in Saudi Telecom
• High-Level Work plan
• eBusiness Application Integration
• PKI Website
• PKI in Saudi Telecom Next Step

27
PKI in Saudi Telecom Next Step

• Enhancement of the current internal setup by
  providing more services for internal users and
  more integration with key systems.
• PKI can be integrated with existing applications
  and system such as ICMS, BSS, HR
• More integration with eBusiness
• Online Bill Payment
• eProcurement
• Document Management systems

28
PKI in Saudi Telecom Next Step

• More functionality and enhancements
• Time Stamping
• Legally Binding Audit Trails
• Web-based secure email
• Certificate Roaming
• M-Commerce

29
Thank You!