Baltimore technologies uk ltd charles pierson director of government business
Sponsored Links
This presentation is the property of its rightful owner.
1 / 31

Authentication and Authorisation PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Baltimore Technologies (UK) Ltd Charles Pierson Director of Government Business. Authentication and Authorisation . Introducing Baltimore. E-security products, solutions and professional services 25 years security industry experience UK Company of c 350 staff

Download Presentation

Authentication and Authorisation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Baltimore technologies uk ltd charles pierson director of government business

Baltimore Technologies (UK) Ltd

Charles Pierson

Director of Government Business

Authentication and Authorisation

Introducing baltimore

Introducing Baltimore

  • E-security products, solutions and professional services

  • 25 years security industry experience

  • UK Company of c 350 staff

  • Established blue-chip customer base

    • Government

    • Financial Institutions

  • Worldwide reach

    • Europe, Asia Pacific, US

  • Leading influencer of security standards

Baltimore products and services

Baltimore Products and Services

  • PKI Digital Certificate Management System – UniCERT

  • Access Control solutions – XML and LDAP based authorisation product - Select Access

  • Integrated security solutions - Trusted Business Suite

  • Developer toolkits for easy PKI enabling of applications;

  • Professional Services and consultancy on all aspects of e-security design and implementation ;

  • KeySteps PKI Structured Methodology;

  • Global 24*7*365 Support.

T he emerging connected digital world

The Emerging Connected Digital World

New challenges in securing on-line transactions…

  • Multi-channel, web-enabled applications & communications

  • Increasing mobility of people, devices and applications

  • Web Services connecting users to application services

  • Federated Identity Management

Authentication and authorisation

Security Challenges

  • Establishing identity


  • Providing access to entitled resources


  • Conducting e-business with integrity


Authentication and authorisation

Security Management Challenges

Identity Proved

Authorization Granted

Transaction Signed

Any Device, any Platform, any Network


Identity andEntitlemewwnts


Identity andEntitlements


Identity and Entitlements

Authentication, Authorisation,

Digital Signature Technology

Core products


Core Products

SelectAccess - Authorisation Management System

  • Provision, manage and enforce entitlements

  • Easy to use management features, unique GUI

  • Web-based single sign on for intranets, extranets and portals

  • Role-based access control with delegated administration

  • Performance-based scalability, architected for the Internet and web services

    UniCERT - Digital Certificate Management

  • Provision and manage digital certificates

  • Enable digital signatures and strong authentication

  • Protect the privacy and integrity of data

  • Carrier-grade performance, scalability and flexibility

Authentication and digital signing

Authentication and Digital Signing

Digital certificates

Digital Certificates

  • A Digital Certificates provide proof of identity

    • A Certificate Authority is the trusted third party that certifies the authenticity of users

    • It does this by creating a digital certificate which binds the user’s identity to their public key

    • User is required to present the certificate to prove identity (authentication)

    • Proof of identity can then be used to determine access rights (authorisation)

      A Certificate is the equivalent of a Digital Passport

Digital certificates v pins passwords

Digital Certificates v PINs / Passwords

There are many ways to provide security…

Digital Certificates are the only way to provide persistent trust

  • Password Systems

    • Well established methodology

    • Easy to “crack” or too difficult to remember

    • Do not provide full strength authentication

  • Digital Certificates

    • A tamper-proof ID

    • Provides highly secure and robust authentication

    • Often deployed with two-factor authentication tokens

    • Reusable across multiple applications / SSO

    • Necessary for ‘trusted’ transactions

Digital signatures

The sender’s credentials are used to create a digital signature which can be attached to a transaction, message or document and used to authenticate the sender as well as proving the integrity of the received data

Digital signatures enable

AuthenticationAn entity is as claimed

Data integrityData has not been changed

Non-repudiationThe signing party (or parties) cannot deny involvementin the transaction at a later date

AuthorisationEntitlement to access to a resource (Using signed policies & signed authentication data)

Digital Signatures

Digital signatures in business

Digital Signatures help resolve

Lack of trust

Manipulation of data

Repudiation of a transaction


Legal standing on electronic transaction

Chain of ownership and change management

Lack of an on-line trusted approval mechanism

Digital Signatures in Business



The need for authorisation

The Need for Authorisation

  • Enterprises face increased demand to make resources (data, applications, web sites) available to both internal and external users

  • Different users need to have access to different information and applications

  • Business managers determine user privileges and which data and applications are users are entitled

    • Payables clerk doesn’t get rights to generate invoices

    • Marketing can’t change salary information – only HR

  • Privileges enforced by users signing on to access resources

  • Access controlled at the application level – on a server by server, application by application basis

Who s problem is it

Who’s problem is it?

  • End Users – Multiple logons and lost passwords

    • Lost productivity & frustrated users

  • Business Manager – Reliance on IT to Add/Change user rights

    • Time consuming & error prone

  • IT Help Desk Manager – 40%-60% of calls password related

  • IT Administrator – Increasing users and resources to secure

    • No economies of scale & a growing backlog of requests

  • IT Security Manager- Leaves gaps in security

    • Servers and application control lists out of sync

    • Lags between business requests and changes

How selectaccess solves the problems

How SelectAccess Solves the Problems

  • End users – SSO eliminates multiple IDs and passwords to web based info and transactions

  • Business Manager – Reduces reliance on IT to manage user profiles and access

  • IT Help Desk Manager – Significantly reduces calls related to lost passwords and resets

  • IT Administrator – Provides a unified centralized means to maintain privilege rights across servers and applications

    • With delegation for economies of scale

  • IT Security Manager – Provides real time security uniformly updates servers and applications

    • Allows for businesses to make real time changes

Selectaccess architecture summary

Web Server


Java App Server


Admin Server

Enforcer Plug-In

Directory Server

Secure Audit Server


SAML Server

SelectAccess Architecture Summary

Integrated security solutions

Integrated Security Solutions

Trusted Business Suite

Baltimore s solutions strategy

Baltimore’s Solutions Strategy

  • Create solutions

    • That offer “out-of-the-box” functionality

    • Packaged and priced to meet clear departmental business needs

  • Based on UniCERT and SelectAccess functionality

  • Fully tested, KeySteps Blueprinted and globally supported

  • Designed to offer a highly functional & responsive but invisible PKI

Baltimore solutions

Baltimore Solutions

  • A suite of high trust business applications, designed to remove the complexity and cost of public key infrastructure

  • Built upon core authentication and authorisation technology, the solution modules work out of the box to deliver immediate business benefit.

  • Two Solution Suites:

    • Trusted Business Suite

    • Trusted Portal Suite

Trusted business suite

Trusted Business Suite

  • A comprehensive suite of high-trust, solutions that :

    • Meet business security needs without the cost of implementing large & complex security infrastructures

    • Tightly integrated with business


    • Open new markets for Baltimore’s products and technology

  • A Solution Suite comprising 3 application areas:

    • Trusted Workplace

    • Trusted Networks

    • Trusted Messaging

Trusted business suite1

Trusted VPN

Internal Users

Remote / Mobile





Trusted Business Suite


Trusted Portal SuiteTrusted Oracle Portal

Trusted WorkplaceTrusted DocumentsTrusted FormsTrusted Collaboration

Trusted Messaging Trusted E-MailTrusted Web-Mail


Trusted Network Trusted VPNTrusted Web

Trusted WebAuthorisation

Trusted WebSSL Class III

Baltimore Applied Solutions Engine

User Provisioning & Certificate Server

Now is the time fro all good men o come to the aid of the party..

Now is the time for all good men to come to the aid of the party

2) Non-repudiation

1) User Authentication

3) User Security Management

Business solution architecture key differentiators

Business Solution Architecture Key Differentiators

  • All Baltimore Solution Modules have been designed to feature:

    • The use of existing or bulk loaded user data - to simplify user registration

    • Simple installation for both an administrator and end users

    • An automated process to invite authorised users to enrol - for each solution

    • A registration page to guide users through enrolment

      • The managed download of any client side code

      • On-line key generation and certificate request processing

    • A single management interface for managing users & solutions

      • To set and manage all solution policy controls, with controlled delegation

      • To manage users, their registration data, groups, roles and digital credentials

    • Multiple solution credentials within a single credential store

      • Enterprise SSO, third party SSO with strong authentication & authorisation

      • A choice of smartcard, token, soft-token or roaming & mobile/wireless

    • Ease of solution expansion, ease of adding new solution modules

    • A minimum requirement for security management overheads

Smart cards

Smart Cards

Smart cards1

Smart Cards

  • The move towards “user-centric” computing and the expectations of “anytime / anywhere” access means portability of security credentials is a growing demand

  • Smart cards are a good fit , being:

    • Secure environments for credential storage ( cryptographic keys and digital certificates)

    • Familiar formats

    • Able to carry additional information (photo / logo)

  • Baltimore has undertaken interoperability testing with many major smart card vendors

Eu smart card initiatives

EU Smart Card Initiatives

  • Austria - Citizen Card with certificates , c 2003

  • Belgium -National Electronic ID Card , c 2003

  • Finland - National Electronic ID Card , rolling out

  • France - Multi application card being studied

  • Germany - Multifunction card being studied

  • Ireland - Pilots planned in 2003 for public service cards

  • Italy - National EID card and Regional projects underway

  • Netherlands - Plans for National Electronic ID card with certificates

  • Norway - Planning stages

  • Spain - Government internal use for civil servants, National ID card planned

  • Sweden - Multipurpose ID card with credentials , operational

Authentication and authorisation

Challenge to leverage the National Identity Card to accessWeb-based ‘e-government’ services

System based on standard issuance of national ID cards

new cards also have certificates

workflow exactly the same as before

municipality to police authorities to Ministry of the Interior

card printed with photograph and issued to citizen at the municipal office

UniCERT enables flexible architecture and registration processes, all in full compliance with EU and Italian digital signature legislation

Architecture involves 3 subordinate CAs to national root CA- 2 for citizens- 1 for local operators

100,000 certificates issued to date

Partners include Getronics, Bull and Siemens

Italian National ID Card System

Authentication and authorisation

Regional Government of Lombardia, Italy

9 million citizens in the region

Using UniCERT to strenthen the authentication, integrity, confidentiality and non-repudiation of e-healthcare services

Issuing a health card with digital certificate to all citizens

used to securely access public healthcare services

system based around smartcards

300,000 issued so far

focus on citizens and local Government staff

Partnered with Ericsson, Elsag and Context System




  • Baltimore Technologies provides solutions to enable e-business to be conducted in a secure, trusted manner

  • The solutions are built around Authentication , Authorisation and Digital Signing

  • Smart cards are a natural part of the solution to provide secure and portable credential stores to support authentication and digital signing

  • Many EU Governments are planning roll-outs of smart cards at national or regional levels

  • Login