welcome to mindshare 2016! - crypto vision · pdf filensa crypto symposium. wipa aktuell....
TRANSCRIPT
1Welcome to Mindshare 2016cv cryptovision GmbH | T: +49 (0) 209.167-24 50 | F: +49 (0) 209.167-24 61 | info(at)cryptovision.com
Welcome to Mindshare 2016!
Markus Hoffmeister, cryptovisionMarco Smeja, cryptovision
6Welcome to Mindshare 2016
We had to stop when this photo was published ...
The beginnings of cryptovision
37Welcome to Mindshare 2016
Terminal Clients ServerDocuments
CardApplications Middleware
SecurityApplications
SecurityInfrastructure
Technology Chain
38Welcome to Mindshare 2016CAmelot
Terminal Clients ServerDocuments
ePasslet s/mailsc/interface
SCalibur
CAmelot
PKIntegrated
Technology Chain
41Welcome to Mindshare 2016sc/interface
What is Security Token Middleware?
Interface between any token form factor and any PKI‐enabled software
SoftwareHardware
Middleware
42Welcome to Mindshare 2016
sc/interface Environment
crypto interface
Host
applicationsc/interface
smart cardreader
card interface
43Welcome to Mindshare 2016sc/interface
Why choose cryptovision PKI middleware?
• Universal sc/interface supports all major Operating Systems like Windows, Linux and OS X and over 50 different card types and readers. Can be used to support old and new documents and the transition period
• Independent sc/interface offers vendor independent ISO-MoC support• Versatile sc/interface offers the complete range of Digital Signature,
Authentication and PKI use-cases• Proven Hundreds of thousands of customers use and trust sc/interface every
day to easily support their daily work• Secure All base libraries of sc/interface have been developed by cryptovision
and are therefore under complete control by us. That means that the middleware does not depend on third-party algorithm implementations. In times of the ‘NSA-scandal’ where the security of algorithms is questioned, this is a significant advantage.
45Welcome to Mindshare 2016SCalibur
Comparison: Paper ID versus Electronic ID
eID• content is PIN‐protected
• integrity protection with digital signatures
• physical security mechanisms available
• biometry support
• can be used for encryption, digital signatures and digital authentication
• enables new business processes
Paper ID• piece of paper with a photograph
• hard to forge or copy
46Welcome to Mindshare 2016SCalibur
Distributed middleware allows to store the access credentials on a trusted server
What is a Distributed Middleware?
Distributed Middleware
Card
TrustedServer
Online Service
TerminalKey
47Welcome to Mindshare 2016SCalibur
What else …
Trusted Devicewith Terminal Key
Standalone usage allows to store the access credentials on a trusted device
Card
48Welcome to Mindshare 2016SCalibur
Why choose cryptovision eID middleware SDK?
• Customizable with the SCalibur SDK proposed by cryptovision, partners and agencies will be enabled to offer eGovernment use cases which strengthen their business model
• Simple with a card focused SDK advanced eID functions and security mechanisms can be implemented easily for web services or local applications
• Powerful SDK based applications can be used for a variety of purposes including initial card issuance, biometric matching, or user data management
• Java® Broad cross platform support allows for card applications to be offered on virtually any platform, including mobile.
50Welcome to Mindshare 2016ePasslet Suite
Comparison: Native versus Java Card
Java Card• open architecture
• customer can build up expertise
• customization also by customer
• everybody can create new applications
Native• closed architecture
• expertise stays at the supplier
• customization only by supplier
• new applications only by supplier
51Welcome to Mindshare 2016ePasslet Suite
eID Framework
Framework for eIDdocuments
ChipApplications
Framework
52Welcome to Mindshare 2016ePasslet Suite
An eIDframework should not depend on proprietary technology. This is only possible with Java Card
Java
53Welcome to Mindshare 2016ePasslet Suite
ePasslet Suite Environment
Web Service
InspectionSystem
Proof ofAuthorisation
Proof ofEntitlement
Enterprise application
ZOLL
DOUANE
55Welcome to Mindshare 2016CAmelot
CAmelot is the solution for digital certificate lifecycle management
Registration Request
Provisioning
PublicationUse
Key Generation
CertificateGeneration
Revocation/EoL
X.509 CertificateLifecycle Management
56Welcome to Mindshare 2016CAmelot
CAmelot is the solution for digital certificate lifecycle management
Registration Request
Provisioning
PublicationDocumentSigning
Key Generation
CertificateGeneration
EoLCard Verifiable Certificate
Lifecycle Management
58Welcome to Mindshare 2016SCalibur
Why choose cryptovision PKI backend solutions?
• Modular with its unique Engine Module Order (EMO) architecture, CAmelot designed by cryptovision can be individually configured to meet virtually any customer needs and project sizes.
• Efficient integration with existing infrastructure components and processes allows for lower total cost of ownership compared to traditional stand-alone solutions.
• Scalable solution that was proven in various national initiatives from simple ICAO CSCA servers to complex and large-scale multi-application eID PKI backends with 100 million card holders and above.
• Secure configurations possible with support for different HSM vendors with available security levels up to FIPS 140-2 Level 4
• Java® Broad cross platform support enables customers to implement and maintain the cryptovision PKI backend on various server architectures and environments.
59Welcome to Mindshare 2016
Jul 2016 2017 More
CAmelot• Key‐Server• PKI as Appliance
CAmelot• New Workflow Engine • New PKI Client Pendragon
CAmelot• Government CA Enhancements (CHAT
extension, SPOC, National PKD, eIDAS)• IBM, Oracle, … integrationsc/interface
• Virtual Smart Card• PIV Edition
sc/interface• sc/interface 7.0 (Full biometric)
SCalibur• Android Edition
ePasslet Suite• New eIDAS functionality• CC certifiable at EAL5+
s/mail• new refactored version• s/mime file encryption s/mail
• Mobile Client• PGP Support• Pendragon interface
ePasslet Suite• Own EMV offering (Visa VSDC, MastercardM/Chip)
ePasslet Suite• LDS 2.0• FIDO Authentication
Product Highlights and Future Topics
cryptovision is an international company, but still we enjoy meeting existing and new customers at a German event like it‐sa.Sascha Wester, cryptovision
73Welcome to Mindshare 2016
Only three days after the Paris terror attacks 40 booths were cancelled at short notice. But it was encouraging to see so many delegates still attend and carry on in spite of the senseless violence.Adam Ross, cryptovision
Only 17 out of 200 presentation proposals were accepted. Both, Adam and I, were among the lucky ones.Klaus Schmeh, cryptovision
ID4Africa
It was a great experience to see two cryptovision customers presenting their eID projects back to back on stage to an interested audience.Adam Ross, cryptovision
SDW 2016
The Security Document World is a must‐go for the worldwide eID industry. I was proud to present cryptovision's world‐class solutions there.Joachim Kessel, cryptovision
Secure Identification Riga
The Eastern European eID market is a very interesting one. But Secure Identification Riga goes far beyondthat region and yet we established valuable global contacts.Benjamin Drisch, cryptovision
94Welcome to Mindshare 2016
Partner Presentations
Securing the Identity of TomorrowJoe Lo, Advanide
Hardware Security for Government ApplicationsAlexandra Guennewig, Utimaco
An eID Card Aiming to Bank the UnbankedRolan Jahn, NXP
Derived Personal Identity: Might Software Be the Answer?Aleksandrs Popovs, X INFOTEC
95Welcome to Mindshare 2016
Agenda Highlights
Do You Care if Johnny can Encrypt?Prof. Dr. Angela Sasse, University College London
96Welcome to Mindshare 2016
Agenda Highlights
You are being Watched!Prof. Dr. Arno Wacker, University Kassel