1 © conclusive logic, 2001 company confidential 1 intelligent trust for electronic commerce howard...
Post on 18-Dec-2015
216 views
TRANSCRIPT
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 11
Intelligent Trust
for Electronic Commerce
Howard “Skip” ChapmanBusiness Development
V :: 703.734.3000 Ext.101F :: 703.734.3002
E :: [email protected]
Jim Heimberg, ABC, PhDTechnical Sales EngineerV :: 703.734.3000 Ext 102
F :: 703.734.3002E :: [email protected]
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 22
Agenda
Company Background
Conclusive’s Key Objective
Enterprise Requirements
Benefits of PKI
Current Issues with PKI
TrustLogic
Technical Product Overview
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 33
Company Background
• U.S. Company • Corporate Headquarters – Tysons Corner, VA• European Headquarters – Maidenhead, UK• Regional Offices in Plano, TX and San Jose, CA• Incorporated in Delaware
• 10 years Corporate experience in information security and cryptography
• Development team with over 100 years cumulative experience in IT security
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 55
Key Objective
by Creating an Enterprise Friendly
PKI Environment
To Enable Secure Electronic Business
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 77
Friendly PKI Environment?
In order to accomplish… the Enterprise
MUST have the:
• Ability to PK Enable multiple applications• Enterprise must isolate applications from the
need to understand PKI and other security technologies
• Ability to define who to trust and how much to trust them
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 88
Friendly PKI Environment?
• Ability to define what user has which role & rule base within individual enterprise applications
• Ability to have true End-to-End Encryption
• Ability to have Persistent Proof of transactions
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1010
Why PKI? : Benefits
• Authentication of identity
• Confidentiality of data
• Integrity of data
• Nonrepudiation of transaction or event…at that specific point in time
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1111
PKI Deployment Issue?
How does an organizationleverage the benefits of PKI…and cost effectively conduct
secure electronic business and define & manage risk
across applications?
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1212
PKI Status
• PKI, though a great core technology, is currently trapped…
Why?
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1313
PKI Status
• Lack of “Solutions Orientation”• Unworkable trust models…binary• Unworkable multi-domain, multi-vendor
interoperability models• Breaks in the chain of confidentiality• Lack of evidentiary proof• Difficult to deploy & integrate into
applications• Unattractive cost:benefit ratio
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1414
Current Issues with PKI
• PKI: Outstanding Enabling “Core” Technology Current PKI paradigm does not provide necessary solutions orientation and enterprise defined trust
• Traditional PKI Trust Model is Binary & ClosedNo extension of trust model outside closed user domain
Current Options = Cross-certification or Bridge CA
No degrees of trust
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1515
Current Issues with PKI
• Vendor Inter-OperabilityOpen Standards - Yet PKI and other security technology vendor “standards-based” products do not inter-operate
• Solutions / Applications Deployment• Each application must understand individual
security technologies deployed • Rules- & roles-based security not addressed
• Persistent ProofCA – PKI model cannot provide time context nonrepudiation
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1616
Current Issues with PKI
• PK Enabling Multiple Applications & Deployment of PKI has proven extremely difficult.• Each application has to be rewritten to “learn” to use
individual PKI & Security technologies.• Different PKI/CA vendors have interpreted &
implemented standards in different ways. • Different PKI/CA vendor client-side key store solutions
lock the client into a specific CA technology and/or domain.
• Vendors of associated technologies (X.500 directories, hardware authentication, etc.) all have their own specific interfaces.
• Technologies are evolving rapidly & deployments are obsolete before they go into service.
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1717
Current Issues with PKI
• In the HTTP environment, SSL has been presented as the preferred means to provide confidentiality...However:• Data is in clear on the web server and user platform –
the most likely points of attack• No provision for role-based confidentiality required for
web-based workflow• No validation of the client certificate presented• No possibility of granular data level encryption• Heavy processor overhead, “everything” has to be
encrypted
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1818
Current Issues with PKI
• Result: An extremely attractive core technology with an unattractive Cost:Benefit ratio • Costs have been High:
• Long term service costs are high due to:• Rework needed on applications• Each application has to be individually PK enabled
• CA costs are high because of admin & tech cost and limitations associated with registering all users into a single CA
• Maintenance costs are high because enterprise is not future proofed for new technology and revisions
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 1919
Current Issues with PKI
• Current PKI Cost:Benefit (continued)• Benefit has been low for implementing PKI:
• Cannot be rolled out to encompass the heterogeneous universe of a web-based application
• Users with certificates from a variety of CAs, from different CA technologies, & of varied security “quality”
• Users with no certificates at all
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2020
TrustLogic
• Conclusive has responded with an enterprise-driven & solutions-oriented approach for:
• PK Enabling multiple applications via a common interface that isolates applications from PKI & other security technologies
• Authentication of identities across domains with varying degrees of Trust
• Using Rules & Roles based security across applications
• True end-to-end confidentiality • Persistent proof that meets business needs
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2121
Solutions Oriented Approach
Multi Vendor - Security and PKI Management-----------------------------------------------------------------------------------
Rules and Roles Based Trust Management -----------------------------------------------------------------------------------
Persistent Proof of Transactions-----------------------------------------------------------------------------------
End to End Data Level Encryption
Vendor “B” CA & Security Technologies
TL=3
Vendor “A” CA & Security Technologies
TL=4
E-Commerce Workflow CRMOther
Applications
Vendor “C” CA & Security Technologies
TL=0
Vendor “Z” CA & Security Technologies
TL=2
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2323
Key Attributes
• What TrustLogic Does
– Authenticates signatures issued by any CA– Allows rules-based control of HTTP communications– Manages trust using enterprise rules & processes– Ensures consistent enterprise-wide PKI behavior– Encrypts data between HTTP applications & users– Ensures role-based encryption of data– Data exchange via secure forms with separate access
control to fields as well as to the form
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2424
Multiple Technologies of PKI
E-Commerce Application
Workflow Application
Access Control Application
Messaging Application
CAWeb
ServerX.500/LDAP
Directory
Hardtoken
SD
Softtoken
Time Stamp Server
CSPMS
CAPIVault
CRL orOCSP
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2525
Toolkit Approach to PKI
One-by-one process = unmanageable complexity + high recurring maintenance
CAWeb
ServerX.500/LDAP
DirectoryHardtoken
SD
Softtoken
Time StampCSP
MS CAPI
Vault OCSP EAI
E-Commerce Workflow CRMMessaging Application
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2626
PKI Reality…Reviewed
• PKI technology currently operates within a closed user group paradigm and often fails in the Internet environment, precisely where it is most needed.
• Why?– Unworkable trust models– Breaks in the chain of confidentiality– Lack of evidentiary proof– Difficult to deploy & integrate into applications– Unattractive cost:benefit ratio
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2727
Conclusive’s PK Enablement
TrustLogic
CAWeb
ServerX.500/LDAP
Directory
Hardtoken
SD
Softtoken
Time Stamp Server
CSPMS
CAPIVaultOCSP
E-Commerce Application
Workflow Application
Access Control Application
Messaging Application
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2828
TrustLogic – Logical Components
• Applications “talk” to TrustLogic via enterprise-defined processes using XML.
TrustLogic Process Manager
App makes procedure call + XML
1
Context Management
Application
Session
User
3
TrustLogic Services Rules
Rules
Directory
3rd Party Rules
Engine CRL
OCSP
VerifyCertificate
Directory
Registry
Cache / Storage
Encrypt XML
Decrypt XML
Transform XML
Audit Log
Time Stamp
Receipt
4
Processes
2
LDAP
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 2929
Web Application Templates
• Conclusive delivers a working, template-driven web application as a starting point for deployment in a web-based environment.
TrustLogic
Services
Directory
ConnectivityGeneric TL
processes
Servlet
Templates
Database
Connectivity
JSP
Templates
XML
Actions
Typical
Rules
Building Blocks
Working Web Application
Application &PKI Logic
Integration with Data Storage
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3030
Deployment - Overview
Defining business requirements in terms of authentication, confidentiality, & evidentiary proof is the basis of successful deployment.
Define application requirements
1
Describe processes2
Identify rules &roles required
3
Write rules & XML actions
4
Write processes5
Integrate to Application
6
RequirementsAuthentication,
Confidentiality, Proof
Rule DefinitionsUser, Unit, Company, CA
Pseudo code
TrustLogic XML Editor*
TrustLogic Process Editor*
TrustLogic Templates
Objects in X.500
Processes in X.500
Web Application
Requirements Templates
Activity Tools Output
* = Completed usinga single GUI
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3131
TrustLogic
PKI FunctionsHTTP Applications
Users
Perspectives
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3232
User Key Selection
Role 1 DN X.509 Cert Keys
Role 2 DN X.509 Cert Keys
Role n DN X.509 Cert Keys
Client
Selectable
NOTE:Users can be rejectedby TrustLogic if thereare no specified roles,but the client can stillselect a certificate fora role to which he orshe is assigned thruregistration.
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3333
User Session Initiation
Role nRole 2
Role 1Client
TrustLogic Server
X.500/LDAP Directory
RulesProcessesDNOther data about User
TrustLogicBenefits Proof Control Encryption Decryption
HTTP Application ---------------- Website Application Database
Storage
Via client HTTPapplication &
server
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3434
Session Functional Interface
StartHTML Page
SignoffServlet
JavaServerPage
Java
EndHTML Page
65
4
3
2
1 1. HTML page from server via browser.2. Sets up session.3. Chains session-unique exchanges.4. Session persistence.5. Prepares to end session.6. Signs off & terminates session.
Servlet
SetupServlet
Browser
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3535
Data Movement
XML Form
XML Fields
Java
XMLin
• The XML Form carries the XML fields into which data can be loaded & both separately signed & encrypted.
• XMLin determines how to decrypt & use the data in the fields throughout the session.
• Java is used as the transport mechanism to move the data around during the session.
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3636
Encrypt &Sign
AllowableClient
Responses
XML Decrypt& SignatureValidation
SignatureCheck Rules & Process Steps
Applications& Rules
XMLEncoding of
Pages
Client side Server side
On submit On receipt
On submitOn receipt
Processing Processing
RMI
RMI
SOAPCORBA
SOAPCORBA
Session Progression
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3737
User Open E-Commerce
E-Commerce Application
Business Model DecidesWho to Trust based on
Security & BusinessManager’s Inputs
TrustLogicKnowledge
Manager(rules-based)
Which CAs do I trust?How much do I trust someone?Which end users will I allow?What will I allow users to do?...Technology that enforces YOUR business rules.
Entrust CA
Baltimore CA
RSA CA
Microsoft CA
Verisign CA
Netscape CA
User Available Credentials
TrustLogic Client
TrustLogic Client
TrustLogic Client
Internet Explorer 5
Netscape
Internet Explorer 5
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3838
Trust & Open PKI
• Conclusive offers PKI management that corresponds to how business actually works.– Trust is a business decision – not dictated by
technology– There are degrees of trust - decisions are made in
context (In Situation “A”, I will extend trust to this person; in Situation “B”, I will not)
– Trust is extended, to the appropriate degree, to anyone with whom the business needs to communicate regardless of which CA issued the certificate or how the certificate is stored on the user’s machine
– Users are active – they choose which credentials to present & state their intentions when signing
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 3939
Extending PKI
• Provide confidentiality & authorization• Manage one-to-many & many-to-many relationships
Rule-Based Authori-zation
Many-to-Many
One-to-Many
One-to-One
Authenticate Confidential Authorized
RE
LA
TIO
NS
HIP
REQUIREMENT
Domain-ControlledNonbrowser Application
PKI (SMTP)
NOTE: Limited One-to-Many may be
achieved within a domain (single
application using HTTP).
Web Application Role-Based Open PKI
(HTTP)
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4040
Application Perspective
TrustLogic
CAWeb
ServerX.500/LDAP
Directory
Hardtoken
SD
Softtoken
Time Stamp Server
CSPMS
CAPIVaultOCSP
E-Commerce Workflow CRMMessaging Application
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4141
Application Interface
Application (legacy application-generated) &Servlet (user- & JSP server-generated)
TrustLogic Engine
Transaction between Client & AppDirectory
Processes& Rules XML Form
XML Form Translation
XML Form Translation
Remote Procedure Call
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4242
Deployed Application Scheme
• For an application, TrustLogic processes are invoked from servlets that call application logic.
TrustLogic
ServicesRules XML Actions
Business
Process
Servlet
JSP
Application Logic
Presentation
Data Capture
Security & PKI
Logic
Trust Logic Code
Application
TrustLogic
Legacy Code
Security Rules
Encryption Rules
Customer defined objects in X.500
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4343
Functional Application Interface
Web Application (e.g. Servlet)
TrustLogic Services
Rules
Business Processes
Audit Manager
Properties ActionsLow-Level
TrustLogic Code
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4444
PKI Management Perspective
TrustLogic
CAWeb
ServerX.500 Users
Directory
Smartcard
SD
Softtoken
Time Stamp Server
CSPMS
CAPIVaultOCSP
E-Commerce Application
Workflow Application
Access Control Application
Messaging Application
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4545
TrustLogic – Logical Components
• Applications “talk” to TrustLogic via enterprise-defined processes using XML.
TrustLogic Process Manager
App makes procedure call + XML
1
Context Management
Application
Session
User
3
TrustLogic Services Rules
Rules
Directory
3rd Party Rules
Engine CRL
OCSP
VerifyCertificate
Directory
Registry
Cache / Storage
Encrypt XML
Decrypt XML
Transform XML
Audit Log
Time Stamp
Receipt
4
Processes
2
LDAP
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4646
TrustLogic Services
getTLCertificate
getSigningCertificate
verifyCertificate
Certificate
Management
Services
getCertificate
checkRegistration
writeRegistrationData
createRegistration
User & CA
Registration
Services
writeAuditLog
getServerTimeStampEvidentiary
Proof
Services
decryptXML verifySignedXML
signXML
encryptXML
createXMLform
Encrypted
XML
Services
crlCheck
getOCSP
verifyAuthenticator
createAuthenticator
Authentication & Validation
Services
addAttributesToContext
addAttributeToContext
Context
Management
Services
attachProperties
updateDirectory
encryptHTMLform
sendEmailWorkflow &
Utility
Services
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4747
Persistent Proof
• Verify signature• Write result to log• Invoke rule if CA trusted
• Write result to log
• Invoke rule on validation• Write validation result to
log• Timestamp validation
response
• Invoke rule on authorization for role
• Write result to log
• Certificate serial # verified
• CA “x” trusted for level 2 requests
• OCSP responder “x” returned negative result
• OCSP response timestamped at 2000:05:16:14:24:20
• User “x” authorized for role “y”
Application Requests Audit Log
•Proof of the activity exists after the fact.•Audit log entries are cryptographically secure.
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 4848
Granular Security of XML Data
XMLIn
XML Field 1
XML Field 4
XML Field 3
XML Field 2
XML Form
Role Key 1
Role Key 3
Role Key 2Role Key 1
Role Key 2
Unencrypted
TrustLogicKey
Translation
Role Key 1 User A public key User B public key User D public keyRole Key 2 User B public key User C public key
User A
User B
User C
User D
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 505028
Generic System Architecture
X.500Directory
TrustLogicServer
-----Audit DataKey Store
ServerSide
WorkStation With
ClientSide
JSPServer
ViaInternet
orintranet
Application-----
Database,Server, orData Store
WebServer
Clientswith
TrustLogicSoftware
-----Key Store
TLData
JSPData
ApplicationData
NOTE: May be same platform.
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 5151
Summary
• Authentication of application users & validity of certificates
• Role-based access to HTTP application services & storage
• Proof of what occurs through signed, unchangeable audit logs
• Encryption & decryption services down to the field level on XML forms, which are used as the basis of transactions between users & applications
• An open PKI free of domain parameters
• Based on an organization’s business model, certificates are accepted from any CA with an appropriate level of trust
• Benefits of PKI are fully available in the HTTP domain without having to modify applications
• Business models drive technology, not vice versa
© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 5252
Conclusive Value Proposition
• Conclusive provides the:• Ability to PK Enable multiple applications• Ability to define who to trust and how much to
trust them• Ability to define what user has which role &
rule base within individual enterprise applications
• Ability to have true End-to-End Encryption• Ability to have Persistent Proof of transactions