Electronic services and security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Electronic Services and Security PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on
  • Presentation posted in: General

Electronic Services and Security. Agenda. Background – What? Why? Who? How? PKI and electronic services –concepts Sonera activities Sonera security services Trusted mobile operator -concept Questions, discussion. Development. Planning. Communication security. Physical security.

Download Presentation

Electronic Services and Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Electronic services and security

Electronic Services and Security


Agenda

Agenda

  • Background – What? Why? Who? How?

  • PKI and electronic services –concepts

  • Sonera activities

  • Sonera security services

  • Trusted mobile operator -concept

  • Questions, discussion


Security management

Development

Planning

Communication

security

Physical

security

Software

security

PKI

Safe

usage

Managerial

security

Personnel

security

Data

security

Auditing /

reporting

Security management

Hardware

security

Maintenance &

management


Public e services

Public e-services

  • “Producing, offering, using public services and complementing, replacing or renewing the traditional services by utilizing data networks”

  • Improves the competitive capability of society, decreases costs, increases standard of living etc.

  • Citizens, companies, communities, authorities


E services important concepts

E-Services: Important concepts

  • Data security

    • Confidentiality

    • Integrity

    • Availability

    • Non-repudiaton

  • Technology

    • Terminals (PC, community center terminal, mobile phone, PDA, digi-TV set-top box…)

    • Networks (Internet, private networks, digi-TV, mobile networks)


  • Why pki

    Why PKI?

    • PKI enables secure e-services:

      • Strong authentication

      • Digital signatures

      • Ensuring confidentiality and integrity

    Physical world

    e-World

    Authentication

    Certificates

    Non-repudiation

    Digital signatures

    Encryption +

    digital signatures

    Confidentiality

    and integrity


    What is pki

    What is PKI?

    • Public Key Infrastructure

    • ”The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke certificates based on public-key cryptography.”

    • Creates trust relationships between people, companies, communities etc.

    • Enables the increased security and user friendliness in current applications and environments and new applications in data networks


    Network of actors in european certificate scene

    Network of actors in European certificate scene

    EU

    Certification

    service provider (CA)

    Government

    Service Provider

    Relying Party

    Subscriber


    Sonera activities

    Sonera activities

    • Security services for companies and communities:

      • Strong authentication (smart cards, USB-tokens, software certificates)

      • Sonera CA – Certificate Authority

      • E-Work - VPN (Virtual Private Network) – and secured Web-connections

      • Digital signatures as a service

  • Mobile phone as the authentication device

    • Certificates to mobile phone:

      • Trusted mobile operator

      • Citizens/consumers (qualified certificates) and corporate users (role certificates)


  • Sonera activities1

    Sonera activities

    • Law about electronic signatures (in Finland still under ratification Q2/2002)

    • Following the qualified certificate regulation – Sonera sits in FICORA certificate workgroup

    • Technology evaluations

    • Standardization (EESSI, ETSI, CEN/ISSS, IETF, WAP Forum, )

    • Other interest groups & international co-operation (EEMA/ECAF, Radicchio, MeT...)


    Electronic signatures act

    Electronic Signatures Act

    • Q2/2002 in Finland…

    • based on Directive 99/93/EC:

      • legal recognition of all kinds of electronic signatures

      • « qualified » electronic signature: equivalence with handwritten signature

      • free flow of electronic signature-related products and services in the EU market (no barriers to the market)


    Security service portfolio 2002

    Security Service Portfolio 2002

    e-Business Security

    Management Services

    Secure Network Services

    E-Work

    Secure User, SecureWeb,

    Secure Wireless connections

    Office Networks

    Secure Office, Secure User

    Security Management

    Firewall & Intrusion Detection mgmt.

    Audits & assesments

    Partner Networks

    Secure Office

    SecureWeb

    Secure User

    Desktop& Device Security

    Secure User, Anti- Virus, SecureWeb, Mobile Security

    User profiling

    CA services, PKI projects

    Digital Signatures

    Professonal Services

    SurfManager service reporting & management

    SurfTrends, SurfView, SLM tool

    SENS PKI infrastructure


    Sonera security consulting

    Sonera Security Consulting

    Professional

    Services

    Technology

    Managerial

    Technical security

    Training / Seminars

    evaluation

    security

    In customer projects

    Together with the customer

    Evaluation, feasability studies of new security products and / or implementation of the solution. The customer can affect the development of our services

    • Consulting

    • Security policy

    • Security strategies

    • Business continuity planning

    • Risk analysis

    • Consulting

    • FW / LAN

    • Mobile technologies

    • Anti-virus consulting

    • Electronic archiving

    • Architecture and solution planning / auditing

    • The utilization of Sonera products

    • Consulting

    • Security strategy / business continuity planning targeted for management

    • Personnel training: email, anti-virus, passwords etc.


    Sonera ca

    Sonera CA

    One USB token -

    • Sonera CA is a service that issues and manages certificates throughout their life-cycle.

    • The service includes all the functions needed to implement PKI (public key infrastructure): certificates, registration authority, revocation authority, directories, integration to existing services etc.

    for many purposes:

    Encryption

    Signing

    VPN –Secure User

    SSL -SecureWeb

    Windows 2000 logon

    Dialup


    Authentication authorization user management secureweb and secure user

    Authentication, authorization & user management:SecureWeb and Secure User

    Sonera Security Center

    Application

    User profiles

    directory

    Sonera

    Gateway

    Device

    Internet

    Strong encryption

    Authorization query

    End-users with certificates


    User management

    User management


    Digital signatures as a service

    Digital signatures as a service

    • Sonera is responsible for the maintenance of required servers and software

    • The system is built together with the customer and partners

    • Piloting is possible


    Trusted mobile operator services

    Trusted mobile operator services

    • With mobile phone

      • Strong authentication and digital signatures

      • Ensuring confidentiality and integrity of transactions

    • Improving data and legal security in electronic commerce and services

    • Sonera acts as a trusted third party for the end-user and for the service provider


    The services of the wallet in the mobile phone

    Cash

    Identity proof

    Credit card

    Bank card

    Allekirjoitus

    The services of the wallet in the mobile phone

    +

    =

    One, easy-to-use device always with you for all services

    Anywhere, anytime

    Social security card

    Bonus card

    Library card

    etc..


    Service benefits to the user

    Service benefits to the user

    • Strong security enables new services

      • also together with Internet or traditional call services

    • Ease-of-use and usability

      • Security in different services is unified, logical and simple. The logic is the same as with credit cards or PINs in mobile phones. No passwords or password lists.

    • Low costs

      • The services function with current phones


    Service provider benefits

    Service provider benefits

    • New services or improved current services

    • Improved security can be implemented cost-effectively. Infrastructure is offered as a service through a simple interface. No investments in security are needed and the start-up costs are low. Also smaller service providers or service providers that consider security as important but not critical can join the service.

    • PKI shall be the infrastructure for implementing the electronic services in open networks.


    Soveltuvuus moneen kanavaan

    Soveltuvuus moneen kanavaan

    Customer

    Service Provider

    Phone

    SMS

    WAP

    Internet

    (Digi-TV)

    (WLAN)

    Authentication request

    Authentication


    Summary

    Summary

    • Certificates can solve many of the questions and risks involved in electronic transactions and services

    • Success requires versatile capabilities and understanding and considering all aspects of operations – it is not just about technology

    • Sonera has the required expert resources and can offer overall service – from planning to implementation and maintenance


  • Login