The Hierarchical Trust Model - PowerPoint PPT Presentation

About This Presentation
Title:

The Hierarchical Trust Model

Description:

PGP Certificate Server details Fast, efficient key repository LDAP, HTTP interfaces Secure remote administration Pending area for unverified keys Server ... – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 12
Provided by: besti2
Category:

less

Transcript and Presenter's Notes

Title: The Hierarchical Trust Model


1
The Hierarchical Trust Model
2
PGP Certificate Server details
  • Fast, efficient key repository
  • LDAP, HTTP interfaces
  • Secure remote administration
  • Pending area for unverified keys
  • Server database replication
  • PGPtls connection between client and server
  • Database replication provides corporate branch
    offices with fast access to public keys
  • via Replication Engine
  • Solaris, Windows NT

3
PGP Certificate Server
  • Allows large-scale deployment of public keys for
    use in intranets and the Internet
  • Allows centralized storage management of
    digital certificates
  • Efficient LDAP/HTTP certificate distribution and
    searches
  • Support for client synchronization of keys
  • Scalable from small groups to multi-national
    corporations
  • Customizable policy management rules
  • Host of features remote access, administration,
    logging, replication engine to synchronize
    multiple servers
  • Seamless integration with PGP client programs
  • Windows NT 4.0 or Solaris 2.51 or above

4
PGP Certificate Server for NT
Control
Monitor
Event Log
5
Certifying Authority
Certifying Authority
Public Key
Encrypted Text
Decrypt
Encrypt
Private Key
6
Process for Validating Keys
  • User generates key, sends to server automatically
  • Key is held in pending area, not added to main
    server database
  • Administrator periodically checks pending area
    and manually verifies keys contained within to
    ensure authenticity
  • Admin reconstitutes shared signing key and
    validates keys
  • Keys are then added to server and made available

7
Key splitting and PGPtls
  • High-risk keys can be split and shared
  • N of M shares required to reconstitute key for
    use
  • ADKs, Corporate Signing Keys are good candidates
    for splitting
  • Share holders dont have to be present!
  • Secure connections between clients with PGPtls
    allow shareholders to be anywhere in the world
    and still reconstitute a split key

8
PGP Certificate Server for central certificate
storage LDAP-based, both x509 and PGP spt
Scaleable certserver.nai.com vends over 500,000
certificates alone Extensible searching mechanism
  • PGP Certificate Server for central certificate
    storage
  • Provides scalability to PGP applications
  • Supports hundreds of thousands of certificates
  • certserver.nai.com vends over 500,000
    certificates
  • LDAP-based

9
PGP Certificate Server
  • Large-Scale Deployment of Public Keys
  • Efficient LDAP HTTP Certificate Distribution
  • Scalable to Very Large Enterprises
  • Customizable Policy Management Rules
  • PKI Features Remote Access, Administration,
    Logging, Replication Engine, Multiple Trust
    Models, Validity Checking, Data Recovery
  • Seamless Integration with PGP Clients

10
PGP Certificate Server Operations
1. Alice creates message for Bob
2. Alice searches for Bobs public key on her
local key ring
3. Bobs key not found, auto-import key from
CertServer
4. CertServer returns Bobs valid key
5. Alices Client stores Bobs key locally
6. Alice encrypts to Bobs key sends...
6
3
1,2,5
4
Alice
Bob
CertServer
11
PGP Enterprise Security Products
  • Need Scalable and manageable PKI
  • Solution PGP Certificate Server
  • Scalable and replicated storage of public keys
  • Integrated policy management
  • Seamless integration with client
Write a Comment
User Comments (0)
About PowerShow.com