1 © conclusive logic, 2001 company confidential 1 intelligent trust for electronic commerce howard...

© Conclusive Logic, 2001 COMPANY CONFIDENTIAL 11

Intelligent Trust

for Electronic Commerce

Howard “Skip” ChapmanBusiness Development

V :: 703.734.3000 Ext.101F :: 703.734.3002

E :: [email protected]

Jim Heimberg, ABC, PhDTechnical Sales EngineerV :: 703.734.3000 Ext 102

F :: 703.734.3002E :: [email protected]


Agenda

Company Background

Conclusive’s Key Objective

Enterprise Requirements

Benefits of PKI

Current Issues with PKI

TrustLogic

Technical Product Overview


Company Background

• U.S. Company • Corporate Headquarters – Tysons Corner, VA• European Headquarters – Maidenhead, UK• Regional Offices in Plano, TX and San Jose, CA• Incorporated in Delaware

• 10 years Corporate experience in information security and cryptography

• Development team with over 100 years cumulative experience in IT security


Conclusive’s Key Objective


Key Objective

by Creating an Enterprise Friendly

PKI Environment

To Enable Secure Electronic Business


Friendly PKI Environment?

Enterprise Requirements



In order to accomplish… the Enterprise

MUST have the:

• Ability to PK Enable multiple applications• Enterprise must isolate applications from the

need to understand PKI and other security technologies

• Ability to define who to trust and how much to trust them



• Ability to define what user has which role & rule base within individual enterprise applications

• Ability to have true End-to-End Encryption

• Ability to have Persistent Proof of transactions


A Look at PKI Benefitsand

Current Issues


Why PKI? : Benefits

• Authentication of identity

• Confidentiality of data

• Integrity of data

• Nonrepudiation of transaction or event…at that specific point in time


PKI Deployment Issue?

How does an organizationleverage the benefits of PKI…and cost effectively conduct

secure electronic business and define & manage risk

across applications?


PKI Status

• PKI, though a great core technology, is currently trapped…

Why?


PKI Status

• Lack of “Solutions Orientation”• Unworkable trust models…binary• Unworkable multi-domain, multi-vendor

interoperability models• Breaks in the chain of confidentiality• Lack of evidentiary proof• Difficult to deploy & integrate into

applications• Unattractive cost:benefit ratio



• PKI: Outstanding Enabling “Core” Technology Current PKI paradigm does not provide necessary solutions orientation and enterprise defined trust

• Traditional PKI Trust Model is Binary & ClosedNo extension of trust model outside closed user domain

Current Options = Cross-certification or Bridge CA

No degrees of trust



• Vendor Inter-OperabilityOpen Standards - Yet PKI and other security technology vendor “standards-based” products do not inter-operate

• Solutions / Applications Deployment• Each application must understand individual

security technologies deployed • Rules- & roles-based security not addressed

• Persistent ProofCA – PKI model cannot provide time context nonrepudiation



• PK Enabling Multiple Applications & Deployment of PKI has proven extremely difficult.• Each application has to be rewritten to “learn” to use

individual PKI & Security technologies.• Different PKI/CA vendors have interpreted &

implemented standards in different ways. • Different PKI/CA vendor client-side key store solutions

lock the client into a specific CA technology and/or domain.

• Vendors of associated technologies (X.500 directories, hardware authentication, etc.) all have their own specific interfaces.

• Technologies are evolving rapidly & deployments are obsolete before they go into service.



• In the HTTP environment, SSL has been presented as the preferred means to provide confidentiality...However:• Data is in clear on the web server and user platform –

the most likely points of attack• No provision for role-based confidentiality required for

web-based workflow• No validation of the client certificate presented• No possibility of granular data level encryption• Heavy processor overhead, “everything” has to be

encrypted



• Result: An extremely attractive core technology with an unattractive Cost:Benefit ratio • Costs have been High:

• Long term service costs are high due to:• Rework needed on applications• Each application has to be individually PK enabled

• CA costs are high because of admin & tech cost and limitations associated with registering all users into a single CA

• Maintenance costs are high because enterprise is not future proofed for new technology and revisions



• Current PKI Cost:Benefit (continued)• Benefit has been low for implementing PKI:

• Cannot be rolled out to encompass the heterogeneous universe of a web-based application

• Users with certificates from a variety of CAs, from different CA technologies, & of varied security “quality”

• Users with no certificates at all


TrustLogic

• Conclusive has responded with an enterprise-driven & solutions-oriented approach for:

• PK Enabling multiple applications via a common interface that isolates applications from PKI & other security technologies

• Authentication of identities across domains with varying degrees of Trust

• Using Rules & Roles based security across applications

• True end-to-end confidentiality • Persistent proof that meets business needs


Solutions Oriented Approach

Multi Vendor - Security and PKI Management-----------------------------------------------------------------------------------

Rules and Roles Based Trust Management -----------------------------------------------------------------------------------

Persistent Proof of Transactions-----------------------------------------------------------------------------------

End to End Data Level Encryption

Vendor “B” CA & Security Technologies

TL=3

Vendor “A” CA & Security Technologies

TL=4

E-Commerce Workflow CRMOther

Applications

Vendor “C” CA & Security Technologies

TL=0

Vendor “Z” CA & Security Technologies

TL=2


Solutions-Management Technical Overview


Key Attributes

• What TrustLogic Does

– Authenticates signatures issued by any CA– Allows rules-based control of HTTP communications– Manages trust using enterprise rules & processes– Ensures consistent enterprise-wide PKI behavior– Encrypts data between HTTP applications & users– Ensures role-based encryption of data– Data exchange via secure forms with separate access

control to fields as well as to the form


Multiple Technologies of PKI

E-Commerce Application

Workflow Application

Access Control Application

Messaging Application

CAWeb

ServerX.500/LDAP

Directory

Hardtoken

SD

Softtoken

Time Stamp Server

CSPMS

CAPIVault

CRL orOCSP


Toolkit Approach to PKI

One-by-one process = unmanageable complexity + high recurring maintenance

CAWeb

ServerX.500/LDAP

DirectoryHardtoken

SD

Softtoken

Time StampCSP

MS CAPI

Vault OCSP EAI

E-Commerce Workflow CRMMessaging Application


PKI Reality…Reviewed

• PKI technology currently operates within a closed user group paradigm and often fails in the Internet environment, precisely where it is most needed.

• Why?– Unworkable trust models– Breaks in the chain of confidentiality– Lack of evidentiary proof– Difficult to deploy & integrate into applications– Unattractive cost:benefit ratio


Conclusive’s PK Enablement

TrustLogic

CAWeb

ServerX.500/LDAP

Directory

Hardtoken

SD

Softtoken

Time Stamp Server

CSPMS

CAPIVaultOCSP






TrustLogic – Logical Components

• Applications “talk” to TrustLogic via enterprise-defined processes using XML.

TrustLogic Process Manager

App makes procedure call + XML

1

Context Management

Application

Session

User

3

TrustLogic Services Rules

Rules

Directory

3rd Party Rules

Engine CRL

OCSP

VerifyCertificate

Directory

Registry

Cache / Storage

Encrypt XML

Decrypt XML

Transform XML

Audit Log

Time Stamp

Receipt

4

Processes

2

LDAP


Web Application Templates

• Conclusive delivers a working, template-driven web application as a starting point for deployment in a web-based environment.

TrustLogic

Services

Directory

ConnectivityGeneric TL

processes

Servlet

Templates

Database

Connectivity

JSP

Templates

XML

Actions

Typical

Rules

Building Blocks

Working Web Application

Application &PKI Logic

Integration with Data Storage


Deployment - Overview

Defining business requirements in terms of authentication, confidentiality, & evidentiary proof is the basis of successful deployment.

Define application requirements

1

Describe processes2

Identify rules &roles required

3

Write rules & XML actions

4

Write processes5

Integrate to Application

6

RequirementsAuthentication,

Confidentiality, Proof

Rule DefinitionsUser, Unit, Company, CA

Pseudo code

TrustLogic XML Editor*

TrustLogic Process Editor*

TrustLogic Templates

Objects in X.500

Processes in X.500

Web Application

Requirements Templates

Activity Tools Output

* = Completed usinga single GUI


TrustLogic

PKI FunctionsHTTP Applications

Users

Perspectives


User Key Selection

Role 1 DN X.509 Cert Keys

Role 2 DN X.509 Cert Keys

Role n DN X.509 Cert Keys

Client

Selectable

NOTE:Users can be rejectedby TrustLogic if thereare no specified roles,but the client can stillselect a certificate fora role to which he orshe is assigned thruregistration.


User Session Initiation

Role nRole 2

Role 1Client

TrustLogic Server

X.500/LDAP Directory

RulesProcessesDNOther data about User

TrustLogicBenefits Proof Control Encryption Decryption

HTTP Application ---------------- Website Application Database

Storage

Via client HTTPapplication &

server


Session Functional Interface

StartHTML Page

SignoffServlet

JavaServerPage

Java

EndHTML Page

65

4

3

2

1 1. HTML page from server via browser.2. Sets up session.3. Chains session-unique exchanges.4. Session persistence.5. Prepares to end session.6. Signs off & terminates session.

Servlet

SetupServlet

Browser


Data Movement

XML Form

XML Fields

Java

XMLin

• The XML Form carries the XML fields into which data can be loaded & both separately signed & encrypted.

• XMLin determines how to decrypt & use the data in the fields throughout the session.

• Java is used as the transport mechanism to move the data around during the session.


Encrypt &Sign

AllowableClient

Responses

XML Decrypt& SignatureValidation

SignatureCheck Rules & Process Steps

Applications& Rules

XMLEncoding of

Pages

Client side Server side

On submit On receipt

On submitOn receipt

Processing Processing

RMI

RMI

SOAPCORBA

SOAPCORBA

Session Progression


User Open E-Commerce


Business Model DecidesWho to Trust based on

Security & BusinessManager’s Inputs

TrustLogicKnowledge

Manager(rules-based)

Which CAs do I trust?How much do I trust someone?Which end users will I allow?What will I allow users to do?...Technology that enforces YOUR business rules.

Entrust CA

Baltimore CA

RSA CA

Microsoft CA

Verisign CA

Netscape CA

User Available Credentials

TrustLogic Client

TrustLogic Client

TrustLogic Client

Internet Explorer 5

Netscape

Internet Explorer 5


Trust & Open PKI

• Conclusive offers PKI management that corresponds to how business actually works.– Trust is a business decision – not dictated by

technology– There are degrees of trust - decisions are made in

context (In Situation “A”, I will extend trust to this person; in Situation “B”, I will not)

– Trust is extended, to the appropriate degree, to anyone with whom the business needs to communicate regardless of which CA issued the certificate or how the certificate is stored on the user’s machine

– Users are active – they choose which credentials to present & state their intentions when signing


Extending PKI

• Provide confidentiality & authorization• Manage one-to-many & many-to-many relationships

Rule-Based Authori-zation

Many-to-Many

One-to-Many

One-to-One

Authenticate Confidential Authorized

RE

LA

TIO

NS

HIP

REQUIREMENT

Domain-ControlledNonbrowser Application

PKI (SMTP)

NOTE: Limited One-to-Many may be

achieved within a domain (single

application using HTTP).

Web Application Role-Based Open PKI

(HTTP)


Application Perspective

TrustLogic

CAWeb

ServerX.500/LDAP

Directory

Hardtoken

SD

Softtoken

Time Stamp Server

CSPMS

CAPIVaultOCSP

E-Commerce Workflow CRMMessaging Application


Application Interface

Application (legacy application-generated) &Servlet (user- & JSP server-generated)

TrustLogic Engine

Transaction between Client & AppDirectory

Processes& Rules XML Form

XML Form Translation

XML Form Translation

Remote Procedure Call


Deployed Application Scheme

• For an application, TrustLogic processes are invoked from servlets that call application logic.

TrustLogic

ServicesRules XML Actions

Business

Process

Servlet

JSP

Application Logic

Presentation

Data Capture

Security & PKI

Logic

Trust Logic Code

Application

TrustLogic

Legacy Code

Security Rules

Encryption Rules

Customer defined objects in X.500


Functional Application Interface

Web Application (e.g. Servlet)

TrustLogic Services

Rules

Business Processes

Audit Manager

Properties ActionsLow-Level

TrustLogic Code


PKI Management Perspective

TrustLogic

CAWeb

ServerX.500 Users

Directory

Smartcard

SD

Softtoken

Time Stamp Server

CSPMS

CAPIVaultOCSP






TrustLogic – Logical Components

• Applications “talk” to TrustLogic via enterprise-defined processes using XML.

TrustLogic Process Manager

App makes procedure call + XML

1

Context Management

Application

Session

User

3

TrustLogic Services Rules

Rules

Directory

3rd Party Rules

Engine CRL

OCSP

VerifyCertificate

Directory

Registry

Cache / Storage

Encrypt XML

Decrypt XML

Transform XML

Audit Log

Time Stamp

Receipt

4

Processes

2

LDAP


TrustLogic Services

getTLCertificate

getSigningCertificate

verifyCertificate

Certificate

Management

Services

getCertificate

checkRegistration

writeRegistrationData

createRegistration

User & CA

Registration

Services

writeAuditLog

getServerTimeStampEvidentiary

Proof

Services

decryptXML verifySignedXML

signXML

encryptXML

createXMLform

Encrypted

XML

Services

crlCheck

getOCSP

verifyAuthenticator

createAuthenticator

Authentication & Validation

Services

addAttributesToContext

addAttributeToContext

Context

Management

Services

attachProperties

updateDirectory

encryptHTMLform

sendEmailWorkflow &

Utility

Services


Persistent Proof

• Verify signature• Write result to log• Invoke rule if CA trusted

• Write result to log

• Invoke rule on validation• Write validation result to

log• Timestamp validation

response

• Invoke rule on authorization for role

• Write result to log

• Certificate serial # verified

• CA “x” trusted for level 2 requests

• OCSP responder “x” returned negative result

• OCSP response timestamped at 2000:05:16:14:24:20

• User “x” authorized for role “y”

Application Requests Audit Log

•Proof of the activity exists after the fact.•Audit log entries are cryptographically secure.


Granular Security of XML Data

XMLIn

XML Field 1

XML Field 4

XML Field 3

XML Field 2

XML Form

Role Key 1

Role Key 3

Role Key 2Role Key 1

Role Key 2

Unencrypted

TrustLogicKey

Translation

Role Key 1 User A public key User B public key User D public keyRole Key 2 User B public key User C public key

User A

User B

User C

User D


Bringing it all together


Generic System Architecture

X.500Directory

TrustLogicServer

-----Audit DataKey Store

ServerSide

WorkStation With

ClientSide

JSPServer

ViaInternet

orintranet

Application-----

Database,Server, orData Store

WebServer

Clientswith

TrustLogicSoftware

-----Key Store

TLData

JSPData

ApplicationData

NOTE: May be same platform.


Summary

• Authentication of application users & validity of certificates

• Role-based access to HTTP application services & storage

• Proof of what occurs through signed, unchangeable audit logs

• Encryption & decryption services down to the field level on XML forms, which are used as the basis of transactions between users & applications

• An open PKI free of domain parameters

• Based on an organization’s business model, certificates are accepted from any CA with an appropriate level of trust

• Benefits of PKI are fully available in the HTTP domain without having to modify applications

• Business models drive technology, not vice versa


Conclusive Value Proposition

• Conclusive provides the:• Ability to PK Enable multiple applications• Ability to define who to trust and how much to

trust them• Ability to define what user has which role &

rule base within individual enterprise applications

• Ability to have true End-to-End Encryption• Ability to have Persistent Proof of transactions


Questions

Comments

Observations

1 © conclusive logic, 2001 company confidential 1 intelligent trust for electronic commerce howard...

Documents

pki pki

company confidential

conclusive logic

pki status pki

pki benefits

security slide

time slide

pki deployment issue