Public Key Directory: What is the PKD and How to Make Best Use of It
|
|
- Giles Higgins
- 8 years ago
- Views:
Transcription
1 Public Key Directory: What is the PKD and How to Make Best Use of It Christiane DerMarkar ICAO Programme Officer Public Key Directory ICAO TRIP: Building Trust in Travel Document Security 19/10/2015 Footer 1
2 PKD and TRIP Strategy For the efficient and secure reading and verification of MRTDs, including the use of PKD 2
3 MRP Connection between PKD and epassports epassport Machine Readable Passport (MRP) CHIP RFID IMAGE FACE Logical Data Structure (LDS) PKI DIGITAL SIGNATURE Public Key Directory (PKD) 3
4 What is the PKD & What does it do? A central storage location, highly secure where States and other entities can input and retrieve the security information to validate the electronic information on the passport. It allows Border control authorities to confirm that the epassport: Was issued by the right authority Has not been altered Is not a copy or cloned document 4
5 The Role of The PKD Minimizing the volume of certificate exchange: Document Signer Certificates (DSCs) Certificate Revocation Lists (CRLs) Country Signing Certificate Authority (CSCA) Master List Ensuring timely uploads Managing adherence to technical standards Facilitating the validation process 5
6 Central Broker Distribution of Certificates and CRLs via bilateral Exchange via ICAO PKD Conformity validated certificates Country A Country B Country A Country B Country H Country C Country H ICAO PKD Country C Country G Country D Country G Country D Country F Country E Country F Country E This example shows 8 States/non-States requiring 56 bilateral exchanges (left ) or 2 exchanges with the PKD (right) to be up to date with DSCs and CRLs. In case of 191 ICAO States 36,290 bilateral exchanges would be necessary while there are still 2 exchanges with the PKD. This example shows 8 states requiring 56 bilateral exchanges (left) or 2 exchanges with the PKD (right) to be up to date with certificates and CRLs. In case of 188 ICAO States 35,156 bilateral exchanges would be necessary while there are still 2 exchanges necessary with the PKD. 6
7 Current Services of the PKD Validated DSCs and CRLs of Participants CSCA Master List List of CSCAs used by Participants Country Signing Certificate Authority (CSCA) Registry Yellow Pages for the Passport Issuance Agency of the Participant A reference for compliance to Doc 9303 for DSCs and CRLs Contains lists on non-compliant certificates 7
8 8 46 Participants New Participant COLOMBIA
9 ANNEX 9: Recommended Practice & The Standards and Recommended Practice of Annex 9 recommend the following: 3.9.1: Contracting States issuing, or intending to issue emrtds should join the ICAO Public Key Directory (PKD) and upload their information to the PKD : Contracting States implementing checks on emrtds at border controls should join the ICAO Public Key Directory (PKD) and use the information available from the PKD to validate emrtds at border controls. 9
10 Some Arguments repeated over and over. It s too expensive Bilateral exchange works good enough It s not necessary DSCs are (mostly) on the chip It s too complicated we must first introduce epassports As of Fee reduction cumbersome, time consuming and possible security risk A DSC on the epassport but not on the PKD could mean a compromised private signing key. & CRLS are only distributed via PKD 1. Participation in the PKD should go hand in hand with introduction of epassports 2. PKD participation is key for setting up any successful epassport based border control. 10
11 Reasons to Participate The need to exchange certificates is the logical step forward from the well known specimen exchange (you must know what you're looking for, when inspecting a travel document). Without the ability of validating the digital signature in a epassport at the border, the travel document must be treated exactly as a simple MRP not an epassport Using the PKD in epassport validation is essential to capitalize on the investment made by States in developing epassports to improve Border Security 11
12 It s not complicated : All you have to do is. Find out who is responsible Check legislation and budget Different organizations in different states (try to make it as simple as possible) Contact ICAO or any PKD Board Member or PKD Participant if you have questions 12
13 Formalities: The steps to join the PKD 1. Deposit a Notice of Participation with the Secretary General of ICAO 2. Deposit a Notice of Registration with the Secretary General of ICAO 3. Effect payment of the Registration Fee and Annual Fee to ICAO a) Registration Fees : US $ 15,900 b) Annual Fees: +/- US $40, Securely submit to ICAO and all Participants, the CSCA certificate 5. Use the PKD : upload/download certificates
14 2016 a year that will bring changes New Fees New Services New service provider 14
15 : Fees reduction A. For new Participants - Registration Fee: US $15,900 B. Annual Fees based on 45 Participants: 1. Operator: US $ 29, ICAO: US $10, Total: US $39,900 C. More Participants = reduction in Operators and ICAO Annual Fees 50 Participants 27, US$ 55 Participants 24, US$ 60 Participants 22, US$ 65 Participants 20, US$ 15
16 New Service ICAO Global Master List A fact: heir full extend Border Agencies need the tools (certificates) necessary, bilateral exchange doesn t meet the requirements One-Stop Shop For epassport Validation K L I + A M B D H PKD G F E C + CSCA + DSCs + + CRLs CSCA = ICAO Master List (new) = currently in the PKD = currently in the PKD 16
17 : New Service Provider Bundesdruckerei - Germany Operations at ICAO HQ Montreal Site BDr Berlin Site MOI UAE, Abu Dhabi 17
18 Technology and Security ICAO HQ Montreal Site A: D-Trust Berlin (Germany) Fully redundant system at each location Outer Firewall Inner Firewall incl. Intrusion Detection & Prevention System High Security VPN Network 1 2 Disaster Scenario: Geo-redundant, TLS encrypted and load-balanced up- and Even certificate with one download based access site completely d download sites own, additional failures at the remaining s ites the system is still fully functional with Trust Center without service interruption Security Level, Min. 99.8% availability Site B: Abu Dhabi Police (UAE) ICAO PKD October
19 ICAO PKD - how does it work? D S New generation of DS certificates in DS issued passports Access to ICAO PKD Service CSCA Official key ceremony by diplomatic means cryptographic check ICAO PKD D S Access to ICAO PKD Service e.g.national PKD system ICAO PKD October D S Border Control
20 ICAO PKD - Advantages for participants Unique chain of trust: Supervision by ICAO as supra-national institution Transparent and reliable processes (initial key ceremony at ICAO HQ) High security and high availability of ICAO PKD system, available end of 2015 Additional advantages: A combination with National PKD systems (npkd) allows for secure and automated distribution of certificates to border control stations nation-wide Live support via phone and ticket system ICAO PKD October
21 Support for ICAO PKD by Veridos/BDr Site A: D-Trust, Berlin (Germany) Site B: MoI, Abu Dhabi (UAE) ICAO HQ Montreal Local Technical support downlaod sites Berlin & Abu Dhabi 46 ICAO PKD Participants Local technical support ICAO HQ Montreal Monthly reports on system usage and performance for ICAO Participant support - Live Phone support - Online Support System - 2h reaction time (Monday- Friday) High Security High Availability min. 99.8% 24/7 ICAO PKD October
22 Schedule & Transition to new ICAO PKD Pilot Testing (AUS, Sweden, UK) Beg. August 2015 Testing period Test Environment New PKD system Bundesdruckerei Current Structure Switch-Over Date Beg. Dec 2015 PKD Pre-Production System Bundesdruckerei (new structure) Current Structure All participants can perform Implementation migration and tests Testing for of 4 month Implementation prior to the and switch-over Testing of day New Structure New Structure The test environment provides identical interface and functions as the production system Testing Current Structure PKD Production System Bundesdruckerei (new structure) Current Structure Step 1: Testing and migration to current structure guarantee business continuity on switch-over day Step 2: Testing and migration to new structure gain more time even until after the switch-over day ICAO PKD October
23 Project Setup involved companies ICAO Customer and ICAO PKD system principal Bundesdruckerei Prime Contractor Bundesdruckerei GmbH D-Trust Abu Dhabi Police GHQ EGSP Veridos IT operations ICAP PKD Housing the ICAO PKD System Site Berlin Local service Berlin Housing the ICAO PKD System - Site Abu Dhabi Local service Abu Dhabi Service Management ICAP PKD System Local service Montreal ICAO PKD October
24 Contact Details Name: Christiane DerMarkar PKD website: 19/10/
Introduction ICAO PKD
Introduction ICAO PKD Higher Travel Security Dr. Hermann Sterzinger Veridos COO October 2015 Border control with epassports Certificates exchanged: CSCA Certificates Document Signer Certificates Certificate
More informationDeputy Chief Executive Netrust Pte Ltd
ICAO Public Key Directory R Rajeshkumar R Rajeshkumar Deputy Chief Executive Netrust Pte Ltd The trust imperative E-Passports are issued by entities that assert trust Trust depends on the requirements
More informationPKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory
Procedures for the ICAO Public Key Directory last modification final 1/13 SECTION 1 INTRODUCTION 1.1 As part of the MRTD initiative by ICAO, the Participants will upload to and download from the PKD, their
More informationElectronic machine-readable travel documents (emrtds) The importance of digital certificates
Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.
More informationPKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory
Regulations for the ICAO Public Key Directory last modification final 1/8 SECTION 1 AUTHORITY These Regulations are issued by ICAO on the basis of Paragraph 3 b) of the Memorandum of Understanding (MoU)
More informationCase Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system
Case Studies National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system Royal Oman Police (ROP) of the Sultanate of Oman eid Consulting for e-passport system Federal
More informationEstablishing and Managing the Schengen Masterlist of CSCAs
Establishing and Managing the Schengen Masterlist of CSCAs Big City 21/04/2015 European Commission Directorate-General HOME Unit B3 Information Systems for Borders and Security Richard.Rinkens@ec.europa.eu
More informationSecurity by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA
Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the
More informationSub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013
Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013 Carlos Gómez Head of R&D and Innova.on, FNMT- RCM, Spain ICAO TRIP: Building Trust in Travel Document
More informationOperational and Technical security of Electronic Passports
European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal
More informationImplementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS (Logo) TECHNICAL REPORT PKI for Machine Readable Travel Documents offering ICC Read-Only Access Version - 1.1 Date - October 01, 2004 Published by authority of the Secretary
More informationBest Solutions for Biometrics and eid
Best Solutions for Biometrics and eid In times of virtual communication even a person s identity is converted into an electronic form with the help of biometrics and then organised through intricate technical
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationInternational Civil Aviation Organization ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE
A38-WP/11 17/05/13 International Civil Aviation Organization WORKING PAPER ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE Agenda Item 16: Facilitation and Machine Readable Travel Documents PROPOSAL FOR AN ICAO
More informationFAQs Electronic residence permit
FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit
More informationPreventing fraud in epassports and eids
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
More informationBiometrics for Public Sector Applications
Technical Guideline TR-03121-2 Biometrics for Public Sector Applications Part 2: Software Architecture and Application Profiles Version 2.3 Bundesamt für Sicherheit in der Informationstechnik Postfach
More informationeidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationConcept of Electronic Approvals
E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationEvidence of Identity: Breeder Documents and Beyond Barry J. Kefauver International national Standards ds Organization ation Why Care? A false passport in the hands of a terrorist is as dangerous as a bomb
More informationProgress by Partnership. State Wide E-Procurement Implementation
Progress by Partnership 1 State Wide E-Procurement Implementation Contents Selecting the Platform and Model Snapshot of progress so far Implementation Challenges Way forward 3 Selecting the e-procurement
More informationCommon Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010)
Common Criteria Protection Profile for BSI-CC-PP-0064 Version 1.01 (15 th April 2010) Federal Office for Information Security Postfach 20 03 63 53133 Bonn Phone: +49 228 99 9582-0 e-mail: zertifizierung@bsi.bund.de
More informationVeridos Protects Identities. The expert for worldwide government solutions
Veridos Protects Identities The expert for worldwide government solutions 2 Personal identity in a globalized world Today s globalized world is fast, mobile, and highly virtualized. We now expect access
More informationCertificate Policies and Certification Practice Statements
Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date June 23, 2009 Published by authority of the Secretary General ISO/IEC JTC1 SC17 WG3/TF5 FOR THE INTERNATIONAL CIVIL AVIATION ORGANIZATION
More informationMobile Driver s License Solution
Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity
More informationElectronic Signatures: A New Opportunity for Growth. May 10, 2005
Electronic Signatures: A New Opportunity for Growth May 10, 2005 1 Contents Is It Legal? 3 E-Signature Technology 12 Another Industry Example 15 National Association for Variable Annuities Applications
More informationWhite Paper. Cloud Signing vs. Smartcard Signing
White Paper Cloud Signing vs. Smartcard Signing 1. Introduction 2. What is the Goal? What is driving successful Electronic Commerce and e-government solutions? The answer is simple: useful applications
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationsign-me Bundesdruckerei's solution for online signatures using the new German ID card
Basic information: sign-me sign-me Bundesdruckerei's solution for online signatures using the new German ID card What is sign-me? sign-me is a web application from Bundesdruckerei that enables online signatures
More informationTeleTrusT European Bridge CA Status and Outlook
TeleTrusT European Bridge CA Status and Outlook TeleTrusT Workshop, Saarbrücken, 2010-06-11 Dr. Guido von der Heidt, Siemens AG Copyright Siemens AG 2010. All rights reserved. Secure (E-Mail) Communication
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationCombatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs
Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs 1 GOVERNMENTS ADOPTING DIGITAL STRATEGIES Governments designing/operating digital ecosystems to create, transform and optimize
More informationThe Costs of Managed PKI:
The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationGuide to Using DoD PKI Certificates in Outlook
Report Number: I33-002R-2005 Guide to Using DoD PKI Certificates in Outlook Security Evaluation Group Authors: Margaret Salter Mike Boyle Updated: June 9, 2005 Version 4.0 National Security Agency 9800
More informationfulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.
The certification body of TÜV Informationstechnik GmbH hereby awards this certificate to the company D-TRUST GmbH Kommandantenstraße 15 10969 Berlin, Germany to confirm that its certification service D
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationICP BRASIL The Brazilian PKI
ICP BRASIL The Brazilian PKI PKI as a National Basic Infrastructure for Electronic Identification Projects in Brazil Mauricio Augusto Coelho Director, PKI Department National Institute of Information Technology
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationE-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption
Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,
More informationTechnical Guideline eid-server. Part 2: Security Framework
Technical Guideline eid-server Part 2: Security Framework BSI TR-03130-2 Version 2.0.1 January 15, 2014 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail:
More informationModular biometric architecture with secunet biomiddle
Version 2.1 Modular biometric architecture with secunet biomiddle White Paper Version 2.0, 25/03/10 secunet Security Networks AG Copyright 2010 by secunet Security Networks AG This document is for information
More informationCourse Outline: 6436 _ Designing a Windows Server 2008 Active Directory Infrastructure and Services Learning Method: Instructor-led Classroom Learning
Course Outline: 6436 _ Designing a Active Directory Infrastructure and Services Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: At the end of this five-day course,
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationTeleTrusT IT Security Association Germany. TeleTrusT IT Security Association Germany. Overview
TeleTrusT IT Security Association Germany Overview Introduction to TeleTrusT EBCA Since 2001 Consolidation of individual, equal PKIs in a PKI network of trust simple, secure email communication & data
More informationFAQs - New German ID Card. General
FAQs - New German ID Card General 1) How to change from the old ID card to the new one? The new Law on Identification Cards came into effect on 1 November 2010. Since then, citizens can apply for the new
More informationGNB RSA Token Standards and Procedures
Client Authentication Standards GNB RSA Token Standards and Procedures Concept The client authentication standard provides a formalized, secure and efficient methodology for proper identification of the
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationDesigning a Windows Server 2008 Active Directory Infrastructure and Services
Designing a Windows Server 2008 Active Directory Infrastructure and Services MOC6436 About this Course At the end of this five-day course, students will learn how to design an Active Directory Infrastructure
More informationTHE LEADING EDGE OF BORDER SECURITY
THE LEADING EDGE OF BORDER SECURITY RECORD-BREAKING TRAVEL CREATING NEW CHALLENGES TIM KLABUNDE Entrust Datacard; Director, Government Vertical Marketing THE ERA OF THE MOBILE IDENTITY In an increasingly
More informationCommon Criteria Protection Profile
Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.01, 22th July 2014 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationElectronic Document Imaging Solution for Births, Marriages & Death Certificates Digitization & Issuance Colombo, Sri Lanka
Page 1 of 6 Electronic Document Imaging Solution for Births, Marriages & Death Certificates Digitization & Issuance Colombo, Sri Lanka THE SITUATION Births, Marriages and Death certificates are highly
More information6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days)
www.peaklearningllc.com 6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days) Introduction At the end of this five-day course, students will learn how to design an
More informationEPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION
COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...
More informationDNSSEC - Tanzania
DNSSEC Policy & Practice Statement for.tz Zone Version 1.1 Effective Date: January 1, 2013 Tanzania Network Information Centre 14107 LAPF Millenium Towers, Ground Floor, Suite 04 New Bagamoyo Road, Dar
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationFacts about the new identity card
Facts about the new identity card Contents The new identity card At a glance... 4 In detail... 6 Photographs... 8 New ID card, new possibilities...10 Special functions... 11 The online function...12 Reader
More informationA B U N D E S D R U C K E R E I P O C K E T G U I D E T O B O R D E R C O N T R O L
A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B O R D E R C O N T R O L www.bundesdruckerei.de A B U N D E S D R U C K E R E I P O C K E T G U I D E T O B o r d e r C o n t r o l P u b l i
More informationLand Registry. Version 4.0 10/09/2009. Certificate Policy
Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2
More informationCompliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION
Compliance Response Edition 07/2009 SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures simatic wincc DOKUMENTATION Compliance Response Electronic Records / Electronic Signatures
More informationFIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and ID verification.
Discover a new conception for customer verification and electronic contract management Your benefit is our task. FIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and
More informatione-authentication guidelines for esign- Online Electronic Signature Service
e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications
More informationDNSSEC Policy and Practice Statement.amsterdam
DNSSEC Policy and Practice Statement.amsterdam Contact T +31 26 352 55 00 support@sidn.nl www.sidn.nl Offices Meander 501 6825 MD Arnhem Mailing address Postbus 5022 6802 EA Arnhem May 24, 2016 Public
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationPublic Key Infrastructure. A Brief Overview by Tim Sigmon
Public Key Infrastructure A Brief Overview by Tim Sigmon May, 2000 Fundamental Security Requirements (all addressed by PKI) X Authentication - verify identity of communicating parties X Access Control
More informationStatewatch Briefing ID Cards in the EU: Current state of play
Statewatch Briefing ID Cards in the EU: Current state of play Introduction In March 2010, the Council Presidency sent out a questionnaire to EU Member States and countries that are members of the socalled
More informationAdobe Digital Publishing Security FAQ
Adobe Digital Publishing Suite Security FAQ Adobe Digital Publishing Security FAQ Table of contents DPS Security Overview Network Service Topology Folio ProducerService Network Diagram Fulfillment Server
More informationOnline Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.
New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. Introduction. Since 2001 T-Systems made research on secure online voting systems
More informationAn introduction to EJBCA and SignServer
An introduction to EJBCA and SignServer PrimeKey Solutions AB Tomas Gustavsson http://www.primekey.se tomas@primekey.se EJBCA and SignServer Euro PKI projects and use cases 1 EJBCA - Open Source Enterprise
More informationCounter-Terrorism Global Strategy Civil Aviation Sector ICAO s Contribution. Counter-Terrorism Committee Meeting UN Security Council
Counter-Terrorism Global Strategy Civil Aviation Sector ICAO s Contribution Counter-Terrorism Committee Meeting UN Security Council 27 June 2013 Boubacar Djibo, Director, ICAO Air Transport Bureau Page
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationGlobal eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa
Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary
More informationID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents
ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents 3 Your Personal Identity: Unique, Secure, Multifaceted Every person has individual characteristics by which
More informationNew Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany
New Attacks against RFID-Systems Lukas Grunwald DN-Systems GmbH Germany Agenda What is RFID? How to exploit and attack RFID systems Attacks against the middleware Reader-emulation, soft-tags Unexpected
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationDesigning a Windows Server 2008 Active Directory Infrastructure and Services
Designing a Windows Server 2008 Active Directory Infrastructure and Services About this Course At the end of this five-day course, students will learn how to design an Active Directory Infrastructure in
More informationCertification Practice Statement (ANZ PKI)
Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority
More informationSecurity Services and Solutions. Full security, from planning through implementation to operation.
Security Services and Solutions. Full security, from planning through implementation to operation. Security Services and Solutions. Seamless end-to-end service provision. T-Systems supports its customers
More informationAn identity management solution. TELUS AD Sync
An identity management solution TELUS AD Sync June 2013 Introduction An important historic challenge faced by small and mid-sized businesses when opting for the TELUS Business E-mail Service is the requirement
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationLot 4 Specialist Cloud Service Questmark Ltd. Video Conferencing Small Meeting Room Service
Lot 4 Specialist Cloud Services Lot 4 Specialist Cloud Service Questmark Ltd Video Conferencing Small Meeting Room Service QUESTMARK LIMITED Park House, 104 Derby Road, Long Eaton, NG10 4LS Telephone:
More informationBreeder documents closing the gap in the identity management chain. Christian Wagner VP SDM Government Washington, March 23, 2015
Breeder documents closing the gap in the identity management chain Christian Wagner VP SDM Government Washington, March 23, 2015 INTERNET OF THINGS IS RISING Five-Year (2014-2019) CAGR 57% 2014, Business
More informationPOSITION PAPER. The Application of Biometrics at Airports PUBLISHED BY ACI WORLD HEADQUARTERS GENEVA SWITZERLAND
POSITION PAPER The Application of Biometrics at Airports PUBLISHED BY ACI WORLD HEADQUARTERS GENEVA SWITZERLAND Dear ACI Members and World Business Partners, With the increasing need for secure personal
More informationCitizen s Charter (Services of the Embassy)
Citizen s Charter (Services of the Embassy) S. No. Services Documents Required Fees Mode of Payment 1. Visa Duly filled in Visa Application Cash or One passport size photograph deposit in Passport with
More informationControl and management of privileged users
Control and management of privileged users The secure solution for monitoring and recording privileged users Visulox The complete Access Management Solution ToolBox Solution GmbH, established in 2003,
More information