1 / 11

The Hierarchical Trust Model

The Hierarchical Trust Model. PGP Certificate Server details. Fast, efficient key repository LDAP, HTTP interfaces Secure remote administration “Pending” area for unverified keys Server database replication PGPtls connection between client and server

rcutler
Download Presentation

The Hierarchical Trust Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Hierarchical Trust Model

  2. PGP Certificate Server details • Fast, efficient key repository • LDAP, HTTP interfaces • Secure remote administration • “Pending” area for unverified keys • Server database replication • PGPtls connection between client and server • Database replication provides corporate branch offices with fast access to public keys • via Replication Engine • Solaris, Windows NT

  3. PGP Certificate Server • Allows large-scale deployment of public keys for use in intranets and the Internet • Allows centralized storage & management of digital certificates • Efficient LDAP/HTTP certificate distribution and searches • Support for client synchronization of keys • Scalable from small groups to multi-national corporations • Customizable policy management rules • Host of features: remote access, administration, logging, replication engine to synchronize multiple servers • Seamless integration with PGP client programs • Windows NT 4.0 or Solaris 2.51 or above

  4. PGP Certificate Server for NT Control Monitor Event Log

  5. Certifying Authority Certifying Authority Public Key Encrypted Text Decrypt Encrypt Private Key

  6. Process for Validating Keys • User generates key, sends to server automatically • Key is held in ‘pending area’, not added to main server database • Administrator periodically checks pending area and manually verifies keys contained within to ensure authenticity • Admin reconstitutes shared signing key and validates keys • Keys are then added to server and made available

  7. Key splitting and PGPtls • High-risk keys can be split and shared • “N of M” shares required to reconstitute key for use • ADKs, Corporate Signing Keys are good candidates for splitting • Share holders don’t have to be present! • Secure connections between clients with PGPtls allow shareholders to be anywhere in the world and still reconstitute a split key

  8. PGP Certificate Server for central certificate storage LDAP-based, both x509 and PGP spt Scaleable: certserver.nai.com vends over 500,000 certificates alone Extensible searching mechanism • PGP Certificate Server for central certificate storage • Provides scalability to PGP applications • Supports hundreds of thousands of certificates • certserver.nai.com vends over 500,000 certificates • LDAP-based

  9. PGP Certificate Server • Large-Scale Deployment of Public Keys • Efficient LDAP & HTTP Certificate Distribution • Scalable to Very Large Enterprises • Customizable Policy Management Rules • PKI Features: Remote Access, Administration, Logging, Replication Engine, Multiple Trust Models, Validity Checking, Data Recovery • Seamless Integration with PGP Clients

  10. PGP Certificate Server Operations 1. Alice creates message for Bob 2. Alice searches for Bob’s public key on her local key ring 3. Bob’s key not found, auto-import key from CertServer 4. CertServer returns Bob’s valid key 5. Alice’s Client stores Bob’s key locally 6. Alice encrypts to Bob’s key & sends... 6 3 1,2,5 4 Alice Bob CertServer

  11. PGP Enterprise Security Products • Need: Scalable and manageable PKI • Solution: PGP Certificate Server • Scalable and replicated storage of public keys • Integrated policy management • Seamless integration with client

More Related