baltimore technologies uk ltd charles pierson director of government business
Skip this Video
Download Presentation
Authentication and Authorisation

Loading in 2 Seconds...

play fullscreen
1 / 31

Authentication and Authorisation - PowerPoint PPT Presentation

  • Uploaded on

Baltimore Technologies (UK) Ltd Charles Pierson Director of Government Business. Authentication and Authorisation . Introducing Baltimore. E-security products, solutions and professional services 25 years security industry experience UK Company of c 350 staff

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Authentication and Authorisation' - porsche

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
baltimore technologies uk ltd charles pierson director of government business
Baltimore Technologies (UK) Ltd

Charles Pierson

Director of Government Business

Authentication and Authorisation

introducing baltimore
Introducing Baltimore
  • E-security products, solutions and professional services
  • 25 years security industry experience
  • UK Company of c 350 staff
  • Established blue-chip customer base
    • Government
    • Financial Institutions
  • Worldwide reach
    • Europe, Asia Pacific, US
  • Leading influencer of security standards
baltimore products and services
Baltimore Products and Services
  • PKI Digital Certificate Management System – UniCERT
  • Access Control solutions – XML and LDAP based authorisation product - Select Access
  • Integrated security solutions - Trusted Business Suite
  • Developer toolkits for easy PKI enabling of applications;
  • Professional Services and consultancy on all aspects of e-security design and implementation ;
  • KeySteps PKI Structured Methodology;
  • Global 24*7*365 Support.
t he emerging connected digital world
The Emerging Connected Digital World

New challenges in securing on-line transactions…

  • Multi-channel, web-enabled applications & communications
  • Increasing mobility of people, devices and applications
  • Web Services connecting users to application services
  • Federated Identity Management
Security Challenges
  • Establishing identity


  • Providing access to entitled resources


  • Conducting e-business with integrity


Security Management Challenges

Identity Proved

Authorization Granted

Transaction Signed

Any Device, any Platform, any Network


Identity andEntitlemewwnts


Identity andEntitlements


Identity and Entitlements

Authentication, Authorisation,

Digital Signature Technology

core products

SelectAccess - Authorisation Management System

  • Provision, manage and enforce entitlements
  • Easy to use management features, unique GUI
  • Web-based single sign on for intranets, extranets and portals
  • Role-based access control with delegated administration
  • Performance-based scalability, architected for the Internet and web services

UniCERT - Digital Certificate Management

  • Provision and manage digital certificates
  • Enable digital signatures and strong authentication
  • Protect the privacy and integrity of data
  • Carrier-grade performance, scalability and flexibility
digital certificates
Digital Certificates
  • A Digital Certificates provide proof of identity
    • A Certificate Authority is the trusted third party that certifies the authenticity of users
    • It does this by creating a digital certificate which binds the user’s identity to their public key
    • User is required to present the certificate to prove identity (authentication)
    • Proof of identity can then be used to determine access rights (authorisation)

A Certificate is the equivalent of a Digital Passport

digital certificates v pins passwords
Digital Certificates v PINs / Passwords

There are many ways to provide security…

Digital Certificates are the only way to provide persistent trust

  • Password Systems
    • Well established methodology
    • Easy to “crack” or too difficult to remember
    • Do not provide full strength authentication
  • Digital Certificates
    • A tamper-proof ID
    • Provides highly secure and robust authentication
    • Often deployed with two-factor authentication tokens
    • Reusable across multiple applications / SSO
    • Necessary for ‘trusted’ transactions
digital signatures
The sender’s credentials are used to create a digital signature which can be attached to a transaction, message or document and used to authenticate the sender as well as proving the integrity of the received data

Digital signatures enable

AuthenticationAn entity is as claimed

Data integrityData has not been changed

Non-repudiationThe signing party (or parties) cannot deny involvementin the transaction at a later date

AuthorisationEntitlement to access to a resource (Using signed policies & signed authentication data)

Digital Signatures
digital signatures in business
Digital Signatures help resolve

Lack of trust

Manipulation of data

Repudiation of a transaction


Legal standing on electronic transaction

Chain of ownership and change management

Lack of an on-line trusted approval mechanism

Digital Signatures in Business
the need for authorisation
The Need for Authorisation
  • Enterprises face increased demand to make resources (data, applications, web sites) available to both internal and external users
  • Different users need to have access to different information and applications
  • Business managers determine user privileges and which data and applications are users are entitled
    • Payables clerk doesn’t get rights to generate invoices
    • Marketing can’t change salary information – only HR
  • Privileges enforced by users signing on to access resources
  • Access controlled at the application level – on a server by server, application by application basis
who s problem is it
Who’s problem is it?
  • End Users – Multiple logons and lost passwords
    • Lost productivity & frustrated users
  • Business Manager – Reliance on IT to Add/Change user rights
    • Time consuming & error prone
  • IT Help Desk Manager – 40%-60% of calls password related
  • IT Administrator – Increasing users and resources to secure
    • No economies of scale & a growing backlog of requests
  • IT Security Manager- Leaves gaps in security
    • Servers and application control lists out of sync
    • Lags between business requests and changes
how selectaccess solves the problems
How SelectAccess Solves the Problems
  • End users – SSO eliminates multiple IDs and passwords to web based info and transactions
  • Business Manager – Reduces reliance on IT to manage user profiles and access
  • IT Help Desk Manager – Significantly reduces calls related to lost passwords and resets
  • IT Administrator – Provides a unified centralized means to maintain privilege rights across servers and applications
    • With delegation for economies of scale
  • IT Security Manager – Provides real time security uniformly updates servers and applications
    • Allows for businesses to make real time changes
selectaccess architecture summary
Web Server


Java App Server


Admin Server

Enforcer Plug-In

Directory Server

Secure Audit Server


SAML Server

SelectAccess Architecture Summary
baltimore s solutions strategy
Baltimore’s Solutions Strategy
  • Create solutions
    • That offer “out-of-the-box” functionality
    • Packaged and priced to meet clear departmental business needs
  • Based on UniCERT and SelectAccess functionality
  • Fully tested, KeySteps Blueprinted and globally supported
  • Designed to offer a highly functional & responsive but invisible PKI
baltimore solutions
Baltimore Solutions
  • A suite of high trust business applications, designed to remove the complexity and cost of public key infrastructure
  • Built upon core authentication and authorisation technology, the solution modules work out of the box to deliver immediate business benefit.
  • Two Solution Suites:
      • Trusted Business Suite
      • Trusted Portal Suite
trusted business suite
Trusted Business Suite
  • A comprehensive suite of high-trust, solutions that :
    • Meet business security needs without the cost of implementing large & complex security infrastructures
    • Tightly integrated with business


    • Open new markets for Baltimore’s products and technology
  • A Solution Suite comprising 3 application areas:
      • Trusted Workplace
      • Trusted Networks
      • Trusted Messaging
trusted business suite1
Trusted VPN

Internal Users

Remote / Mobile





Trusted Business Suite


Trusted Portal SuiteTrusted Oracle Portal

Trusted WorkplaceTrusted DocumentsTrusted FormsTrusted Collaboration

Trusted Messaging Trusted E-MailTrusted Web-Mail


Trusted Network Trusted VPNTrusted Web

Trusted WebAuthorisation

Trusted WebSSL Class III

Baltimore Applied Solutions Engine

User Provisioning & Certificate Server

Now is the time fro all good men o come to the aid of the party..

Now is the time for all good men to come to the aid of the party

2) Non-repudiation

1) User Authentication

3) User Security Management

business solution architecture key differentiators
Business Solution Architecture Key Differentiators
  • All Baltimore Solution Modules have been designed to feature:
    • The use of existing or bulk loaded user data - to simplify user registration
    • Simple installation for both an administrator and end users
    • An automated process to invite authorised users to enrol - for each solution
    • A registration page to guide users through enrolment
      • The managed download of any client side code
      • On-line key generation and certificate request processing
    • A single management interface for managing users & solutions
      • To set and manage all solution policy controls, with controlled delegation
      • To manage users, their registration data, groups, roles and digital credentials
    • Multiple solution credentials within a single credential store
      • Enterprise SSO, third party SSO with strong authentication & authorisation
      • A choice of smartcard, token, soft-token or roaming & mobile/wireless
    • Ease of solution expansion, ease of adding new solution modules
    • A minimum requirement for security management overheads
smart cards1
Smart Cards
  • The move towards “user-centric” computing and the expectations of “anytime / anywhere” access means portability of security credentials is a growing demand
  • Smart cards are a good fit , being:
    • Secure environments for credential storage ( cryptographic keys and digital certificates)
    • Familiar formats
    • Able to carry additional information (photo / logo)
  • Baltimore has undertaken interoperability testing with many major smart card vendors
eu smart card initiatives
EU Smart Card Initiatives
  • Austria - Citizen Card with certificates , c 2003
  • Belgium -National Electronic ID Card , c 2003
  • Finland - National Electronic ID Card , rolling out
  • France - Multi application card being studied
  • Germany - Multifunction card being studied
  • Ireland - Pilots planned in 2003 for public service cards
  • Italy - National EID card and Regional projects underway
  • Netherlands - Plans for National Electronic ID card with certificates
  • Norway - Planning stages
  • Spain - Government internal use for civil servants, National ID card planned
  • Sweden - Multipurpose ID card with credentials , operational
Challenge to leverage the National Identity Card to accessWeb-based ‘e-government’ services

System based on standard issuance of national ID cards

new cards also have certificates

workflow exactly the same as before

municipality to police authorities to Ministry of the Interior

card printed with photograph and issued to citizen at the municipal office

UniCERT enables flexible architecture and registration processes, all in full compliance with EU and Italian digital signature legislation

Architecture involves 3 subordinate CAs to national root CA- 2 for citizens- 1 for local operators

100,000 certificates issued to date

Partners include Getronics, Bull and Siemens

Italian National ID Card System

Regional Government of Lombardia, Italy

9 million citizens in the region

Using UniCERT to strenthen the authentication, integrity, confidentiality and non-repudiation of e-healthcare services

Issuing a health card with digital certificate to all citizens

used to securely access public healthcare services

system based around smartcards

300,000 issued so far

focus on citizens and local Government staff

Partnered with Ericsson, Elsag and Context System


  • Baltimore Technologies provides solutions to enable e-business to be conducted in a secure, trusted manner
  • The solutions are built around Authentication , Authorisation and Digital Signing
  • Smart cards are a natural part of the solution to provide secure and portable credential stores to support authentication and digital signing
  • Many EU Governments are planning roll-outs of smart cards at national or regional levels