1 / 15

SAFE Public Key Infrastructure (PKI)

SAFE Public Key Infrastructure (PKI). 2005 EDUCAUSE/Dartmouth PKI Deployment Summit. Topics. SAFE What is SAFE? History? Framework Architecture SAFE Bridge Authority Architecture Timeline Current Test environment for the SBCA Architecture Services Test Package.

gprieto
Download Presentation

SAFE Public Key Infrastructure (PKI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit SAFE BioPharma Association CONFIDENTIAL

  2. Topics • SAFE • What is SAFE? • History? • Framework • Architecture • SAFE Bridge Authority • Architecture • Timeline • Current Test environment for the SBCA • Architecture • Services • Test Package SAFE BioPharma Association CONFIDENTIAL

  3. SAFE – Secure Access For Everyone SAFE is a Bio-pharmaceutical Industry Standard that specifies technical, legal, and regulatory compliance standards SAFE delivers unique electronic identity credentials for legally enforceable & regulatory compliant digital signatures across the global biopharmaceutical environment for Business-to-Business and Business-to-Regulator transactions SAFE BioPharma Association CONFIDENTIAL

  4. SAFE & Bio-Pharmaceutical Community CONCEPT • Trusted e-identity credentials • Closed contractual system • Accredited • Business focus DRIVERS • Regulatory compliance • Business efficiency • Cost savings MAY 2003 SAFE  strategic PhRMA initiative DEC 2003 Seed investment  12 bio-pharmaceuticals JUN 2004 SAFE Standard v1.0 DEC 2004 SAFE-Biopharma  8 bio-pharmaceutials JUL & AUG 2005 SAFE Bridge IOC & SAFE Standard v2.0 SAFE BioPharma Association CONFIDENTIAL

  5. SAFE-Biopharma Agreement Agreement Member Issuer • SAFE Standard • Business/Legal • Governance • Specifications • Full • For-Profit Entities • Not-For-Profit Entities • Government Orgs • Services • SAFE Bridge CA • Directory • Issuer Services for Medical Practitioners/Others • Associate • Medical Practitioners • Other Entities/Individuals designated by SAFE Agreement SAFE Community Framework • Services • CA / RA / CSA • Credentials for Members • Identity Proofing SAFE BioPharma Association CONFIDENTIAL

  6. C P C P C P SAFE Architecture SAFE Issuer Registration and Certificate Management Systems OCSP Request OCSP Response Cross Certificates SAFE Certificate SAFE Certificate OCSP SAFE Cert. Response Subscriber Authentication SAFE- Biopharma SAFE Bridge CA Central Systems End-User Systems Machine Systems OCSP Request Validation Request & Response Signing & Validation Request & Response Signing & Validation Request & Response OCSP Request OCSP Response SAFE Member SAFE Enabled Applications Details contained in associated SAFE BioPharma Association CONFIDENTIAL Details contained in SAFE CP Technical Specification

  7. SAFE Bridge Authority (SBCA) Physical Layout SAFE BioPharma Association CONFIDENTIAL

  8. SBCA Operational Authority – Cybertrust 2004 Sep SAFE SBCA RFP 2005 Jan Cybertrust chosen as operational authority for SBCA Jan - Mar Contract negotiations Mar - Jul Development of CPS, policies & procedures, test environment, and production environment Jun 30 SBCA Root Key generation ceremony Jul 26-27 SBCA acceptance testing [in progress] Jul 29 Acceptance for Initial SBCA operations [planned] Aug - Dec Initial Cross certification with initial SAFE Issuers [planned] SAFE BioPharma Association CONFIDENTIAL

  9. SBCA Test Environment • Provides emulation of SBCA: • SBCA pre-production testing • SAFE Issuers cross-certifying with the SAFE Bridge CA • SAFE Application Testing • Accredited SAFE Product Certification Labs • Availability: • Operational NOW  • Download package at http://safe-biopharma.org • No guaranteed service level • No support available SAFE BioPharma Association CONFIDENTIAL

  10. SBCA Test Environment SAFE BioPharma Association CONFIDENTIAL

  11. SBCA Test Environment Package • SAFE_CROSS-CERT_TEST_PKG • Version: 1.3 • Released: 7/12/2005 • TEST Readme file • Test package components: • 2 Test Issuers • Emulates 2 test-only SAFE Issuers, cross-certified by test-only SBCA • Valid and revoked digital signature certificates - PKCS#12 format • Certificates provide all OCSP, CRL and directory URIs • Cross-Certificates are available via URL • OCSP • Accepting both signed & unsigned OCSP requests • Only tested unsigned request • Only URL to access OCSP Responders • CRL • For each test CA • Certificate is available via URL • Cross Certificate Request • PKCS#10 certificate request from the test SBCA • The request is provided in both Binary and Base 64 formats SAFE BioPharma Association CONFIDENTIAL

  12. SAFE Bridge Certificates - Test • Every CA has also issued an OCSP Responder certificate • The responder certificate is not explicitly trusted, but can be verified using the CA cert • Except for the self signed roots, all certificates have the Authority Information Access (AIA) extension • OCSP entry points to an internet accessible OCSP server • caIssuers entry points to an internet accessible URL for the issuing CA’s certificate(s) contained in PKCS#7 files • Except for the self signed roots, all certificates have the CRL Distribution Point (CRLDP) extension • HTTP URL points to an internet accessible location • The above properties allow certificate paths to be built and validated from any user certificate to either trusted root certificate • Even without prior “knowledge” of the existence of the bridge! SAFE BioPharma Association CONFIDENTIAL

  13. SAFE Bridge CA Test Structure MagiCure Water TEST CA Cybertrust SAFE Issuer TEST Root CA Cybertrust From Bridge MagiCure Water From Bridge SAFE Bridge CA TEST Cybertrust SAFE Issuer Test Sub CA End Entities End Entities SAFE BioPharma Association CONFIDENTIAL

  14. OCSP OCSP OCSP OCSP SAFE Bridge CA - Test MagiCure Water Cybertrust SBCA Test Sub CA SAFE BioPharma Association CONFIDENTIAL

  15. Questions Contact information: Russel F Weiser PKI SME Cybertrust Inc. Russ.Weiser@cybertrust.com Cell 801-631-1685 SAFE contact information: Terry Zagar SAFE Core Team SAFE-BioPharma Association terry.zagar@ngc.com Phone 301-527-6780 SAFE BioPharma Association CONFIDENTIAL

More Related