CA & PKI Certificate Authority s Perspective FOO Jong Ai Chief Executive Officer Netrust Pte Ltd Email: jongai.foo@netrust.net
Agenda Brief introduction of Netrust What is Important to a CA? Applications & Applications Support. Technology & Processes Conclusion
Brief Profile of Netrust First Public Certificate Authority (CA) in Asia. Company started in 1997. Only licensed CA in Singapore. Provider of cryptographic solutions to enable customers to maximize their returns on investment on security infrastructure. Turnkey project deployment partner for organizations implementing security and identity frameworks.
Netrust is the Only Public Licensed CA Only CAs that meet high integrity and operational standards will qualify for a license Evidence of sound financial standing, approved operational practices, and security cleared staff. Subjected to annual security audits. The CA license affirms Netrust s commitment to offer services at the highest level of integrity and security.
Netrust s Focus Identity Management (Licensed CA) Integrated Identity Mgt Infra Server and client single factor dual factor mobile PKI Public directory services Entrust SSL Applications (COTS) (Single certificate, multiple uses) Document signing Secure email, Desktop security Secure remote access Single sign-on Entrust Authority (PKI) Winmagic hard-disk encryption National Identity Service Provider Consultancy/ Services CA setup (Pte, Pte Label) CA hosting (Pte Label) Training Security Framework CP/ CPS/ Operational Procedures Turnkey PKI and Directory deployment Security Solutions Solutions to protect data in transit or at rest Secure transaction platform Securing data in databases, e-registries Securing file transfers via FTP Restricting secure data distribution Secure server messaging
What is the key source of CA s revenue?
Sale of Digital Certificates CA s key source of revenue comes from issuing Digital Certificates. Where do demand comes from? From PKI-enabled applications.
Examples of PKI-enabled Applications
Partner in Transforming the Singapore Government Singapore has consistently been ranked amongst the top in global egovernment ranking.
Partial List of Clients for Certificate/Directory Services Singapore Government Public Service Card Provision of digital certificates for civil servants GEBIZ / Ministry of Finance GEBIZ Partners Integrated, one stop centre for Trading Partners to interact with the Government for business activities. Building and Construction Authority/ Ministry of National Development CORENET e-submissions Electronic submission of building project documents. Central Provident Fund Board CPF Online Allows members to securely access their CPF account online for ments, fund transfers and change of PIN Custom and Excise Department / Ministry of Home Affairs Warehouse Inventory Submission System (WISE) An Internet application system that allows Bonded Warehouse Licensees to submit daily inventory ments to Customs Petrolink To enable petroleum installations and refineries to submit their stock movements and inventory ments to the department via Internet Intellectual Property Office of Singapore, Ministry of Law E-Patent Services One-Stop website for electronic filing of patent transaction and patent search
Partial List of Clients for Certificate/Directory Services Land Transport Authority / Ministry of Transport Road Tax Online For LTA Authorised Collection Centres to renew road tax for vehicles Ministry of Defence Mindef Internet Procurement System A supply management system developed by MINDEF Singapore Land Authority / Ministry of Law Integrated Land Information System A one-stop online service that provides property buyers, lawyers, real e agents, valuers, developers, surveyors, and the general public with easy access to land information STARS elodgement System An application for law firms to lodge caveats, land documents, register title deeds and do searches from anywhere, on the Internet. Urban Redevelopment Authority Electronic Development Applications Allows for submission of Development Applications (DA) electronically Public Service Infrastructure PSOnline PSI acts as a common services platform for E-Government services deployment
CORENET e-submission Features Provides One stop convenience to both private and public sector in submitting and processing building/ construction-related documents. Participants include MND, BCA, Nparks, URA, HDB, ENV, Fire Safety Bureau, MCIT, PUB, JTC, SingPower, Industry Associations. Benefits Single point of submission and retrieval of project-related documents. Increased efficiency and workflow management. Digital archival. Incorporates multiple signatures.
Legal Sector Submission of legal documents, patent filing, property transactions, etc..
Netrust NServer
Vehicle Registration & Licensing System (LTALink) Submission of vehicle registration, licensing, insurance and other information
Launched in October 2007, TradeXchange provides seamless inter-connectivity among commercial and regulatory systems for the Singapore trade and logistics community. It offers a single electronic window for integrated workflow, submissions and enquiries to the Sea Ports, Airports, Maritime Authorities, Customs and Controlling Agencies. TradeXchange TradeXchange is a neutral and secure trade platform that facilitates the exchange of information within the trade and logistics community.
Examples of PKI-enabled Applications in Private Sector
enets (Online Payment Solutions) Features Online payment solution for merchants Supports payment via direct debit, credit cards, cash cards Certificates used for server to server authentication and security Benefits Secure online authentication and encryption Fast rollout and connectivity
PKI is less susceptible to attacks. Online Banking A potentially major application. CA can support multiple banks easily compared to other 2FA technology.
Online Banking Misconception of CA s role as Trusted Third Party. CA acted as a third party that issues certificates, but trust is still directly between the individual bank and customers.
Support Applications Development PKI requires expertise that may not be readily available. CA must have ready pool of cryptographic expertise to support development and maintenance. Rapid rollout of applications is key to CA s business growth.
PKI Technology PKI Systems From Different Vendors Are Not The Same
Entrust Authority Integrated Certificate Management System o Automatic key/certificate update eliminates need to continually administer each user Key Expiry Key Generation Key expiry and automatic renewal Key histories CA key update User archival DN changes User CA to CA transfer Revocation Certificate Valid n Certificate Issuance Key Usage
Entrust Support For Client Apps
Certification Authority and Processes
RA Processes Basic RA procedure Identify user (document check) Check eligibility Create user data (Data entry) Authorize addition of data to Entrust Issue Auth / Ref code to user Three basic options Face to Face Registration Centralized Registration Organizational RA Other issues to Consider Data Entry & user creation split? Multiple officers to create user (M of N) Types of documents for verification Type of authorization for eligibility Who holds the paper records
Face to Face Registration
Centralized Registration /Decentralised Verification
Organizational Registration Agency (ORA)
Conclusion and Summary Applications are key to success of a CA. CA needs to be able to support PKIapplications development. The correct choice of technology can impact scalability. CA operations is about processes.
Netrust s Strengths & Capabilities 12 x Year experience in CA operations, and in supporting Government and Businesses. A Licensed CA in Singapore compliance with stringent security requirements and processes. Provider of customized cryptographic solutions. Experience in supporting SIs in PKI-enabling applications. Experienced in turnkey CA/ PKI deployment, and PKD deployment. Consultancy on all aspects of PKI policies, implementation and processes.
Contact Details FOO Jong Ai Chief Executive Officer jongai.foo@netrust.net Netrust Pte Ltd URL: http://www.netrust.net