with PKI Use Case Guide



Similar documents
Intel Identity Protection Technology with PKI (Intel IPT with PKI)

Intel Identity Protection Technology (IPT)

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Intel Media SDK Library Distribution and Dispatching Process

Intel Solid-State Drive Pro 2500 Series Opal* Compatibility Guide

Intel Remote Configuration Certificate Utility Frequently Asked Questions

Intel SSD 520 Series Specification Update

Intel Desktop Board D945GCPE

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Intel HTML5 Development Environment. Article - Native Application Facebook* Integration

Intel Desktop Board DG43RK

Intel Desktop Board D945GCPE Specification Update

Intel Desktop Board DP55WB

Intel Desktop Board DG41TY

Intel Desktop Board DG41BI

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

This guide explains how to install an Intel Solid-State Drive (Intel SSD) in a SATA-based desktop or notebook computer.

Intel System Event Log (SEL) Viewer Utility

Intel Core i5 processor 520E CPU Embedded Application Power Guideline Addendum January 2011

Intel Desktop Board DQ35JO

Intel Desktop Board DQ43AP

Intel Desktop Board DG31PR

Intel HTML5 Development Environment Article Using the App Dev Center

System Event Log (SEL) Viewer User Guide

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

iscsi Quick-Connect Guide for Red Hat Linux

Intel Desktop Board D945GCL

Intel vpro Technology Use Case Reference Design

Intel Integrated Native Developer Experience (INDE): IDE Integration for Android*

Intel Desktop Board DQ965GF

Intel Desktop Board DG33TL

Intel Desktop Board DG41WV

System Image Recovery* Training Foils

Intel Management Engine BIOS Extension (Intel MEBX) User s Guide

Resetting USB drive using Windows Diskpart command

Intel HTML5 Development Environment. Tutorial Building an Apple ios* Application Binary

Intel Desktop Board DP43BF

Intel HTML5 Development Environment. Tutorial Test & Submit a Microsoft Windows Phone 8* App (BETA)

Intel Desktop Board DG965RY

Software Solutions for Multi-Display Setups

Intel Platform Controller Hub EG20T

Intel Desktop Board D101GGC Specification Update

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters

Intel Unite Solution. Standalone User Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Revision History. Revision Revision History Date

Intel Storage System SSR212CC Enclosure Management Software Installation Guide For Red Hat* Enterprise Linux

Intel Unite. User Guide

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

Intel System Event Log (SEL) Viewer Utility

CLOUD SECURITY: Secure Your Infrastructure

Intel Small Business Advantage (Intel SBA) Release Notes for OEMs

Intel Simple Network Management Protocol (SNMP) Subagent v6.0

Intel Retail Client Manager

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on Citrix* XenServer 6.0*

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

PaperClip. em4 Cloud Client. Manual Setup Guide

Intel Matrix Storage Console

Intel Internet of Things (IoT) Developer Kit

Intel Desktop Board DG43NB

Cloud based Holdfast Electronic Sports Game Platform

Setting Up on Your Palm. Treo 700wx Smartphone

Intel Desktop Board D945GCZ

Specification Update. January 2014

Intel Data Migration Software

Trusted Platform Module (TPM) Quick Reference Guide

Intel System Event Log (SEL) Viewer Utility

Intel Retail Client Manager

Intel(R) IT Director User's Guide

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Version Rev. 1.0

Intel Desktop Board D945GNT

* * * Intel RealSense SDK Architecture

WHITE PAPER. LVDS Flat Panel Display Interface on Intel Desktop Boards. July 2009 Order Number: E

Deeper Levels of Security with Intel Identity Protection Technology

AN4108 Application note

Intel System Event Log (SEL) Viewer Utility. User Guide SELViewer Version 10.0 /11.0 December 2012 Document number: G

User Experience Reference Design

Intel Active Management Technology with System Defense Feature Quick Start Guide

Intel Entry Storage System SS4000-E

Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V. Technical Brief v1.

Intel Core TM i7-660ue, i7-620le/ue, i7-610e, i5-520e, i3-330e and Intel Celeron Processor P4505, U3405 Series

Software Evaluation Guide for Autodesk 3ds Max 2009* and Enemy Territory: Quake Wars* Render a 3D character while playing a game

How to Configure Intel Ethernet Converged Network Adapter-Enabled Virtual Functions on VMware* ESXi* 5.1

Partition Alignment of Intel SSDs for Achieving Maximum Performance and Endurance Technical Brief February 2014

Intel vpro Technology. Common-Use Guide. For the Kaseya IT Automation Platform* Introduction

Intel Solid-State Drive Data Center Tool User Guide Version 1.1

Intel Data Direct I/O Technology (Intel DDIO): A Primer >

Technical Certificates Overview

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

Intel Technical Advisory

RAID and Storage Options Available on Intel Server Boards and Systems

Juniper Networks SSL VPN Implementation Guide

Intel Service Assurance Administrator. Product Overview

Transcription:

Intel Identity Protection Technology (Intel IPT) with PKI Use Case Guide Version 1.0 Document Release Date: February 29, 2012 Intel IPT with PKI Use Case Guide i

Legal Notices and Disclaimers INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm No system can provide absolute security under all conditions. Requires an Intel Identity Protection Technology-enabled system, including a 2nd gen Intel Core processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com. Intel, the Intel logo, Intel vpro, and Intel Core, are trademarks of Intel Corporation in the U.S. and/or other countries. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Copyright 2012 Intel Corporation. All rights reserved. Intel IPT with PKI Use Case Guide ii

Table of Contents 1 Introduction... 1 2 Preparing the Computer - Prerequisites... 2 3 Use Cases for using Intel IPT with PKI... 3 3.1 Securely Accessing a Website Using SSL... 4 3.2 Digitally Sign and Encrypt Email... 5 3.3 VPN Authentication... 7 Acronyms and Abbreviations Name CSP PIN PKI URL SSL VPN Description Cryptographic Service Provider Personal Identification Number Public Key Infrastructure Uniform Resource Locator Secure Sockets Layer Virtual Private Network Intel IPT with PKI Use Case Guide iii

1 Introduction Intel hardware based public/private key crypto support, formerly known as Intel Identity Protection Technology (Intel IPT) with PKI, is now available on select 3rd generation Intel Core TM vpro TM processors. This support is exposed as a Windows Crypto Service Provider. The Intel Hardware Cryptographic Service Provider (Intel CSP) provides a more secure method for certificate-based authentication, encryption, and signing. This document provides a snapshot of the primary use cases: SSL authentication, email signing and encryption, and VPN authentication. Intel IPT with PKI Use Case Guide 1

2 Preparing the Computer - Prerequisites This section describes the prerequisites for Intel IPT with PKI. Prerequisite Hardware Firmware Intel MEI Intel IPT with PKI PKI Client PKI Certificate Description The system must include a 3rd generation Intel Core TM vpro TM processor. The Firmware of the Intel Management Engine (Intel ME) must be version 8.0.0.1351 or later. The Intel Management Engine Interface (Intel MEI) must be installed and running. The Intel MEI (also known as HECI ), is the software interface to the Intel ME. This driver is installed when you install the Intel ME software kit, and is usually located under System devices in the operating system. The computer must support Intel Identity Protection Technology (Intel IPT) with PKI. For more information about configuring Intel IPT with PKI, see the Intel IPT with PKI Implementation Guide. The PKI Client software must be installed and running. For more information about installing and configuring the PKI Client, see the Intel IPT with PKI Implementation Guide. The PKI certificate must be installed. For more information about installing the PKI certificate, see the Intel IPT with PKI Implementation Guide. Intel IPT with PKI Use Case Guide 2

3 Use Cases for using Intel IPT with PKI This section describes how you can use Intel IPT with PKI. Use Case landing zones: Use Case SSL Authentication to Web Page Digitally Sign and Encrypt Email VPN Valid Configurations Windows Internet Explorer 8 Windows Internet Explorer 9 Chrome Microsoft Office 2007 Outlook Email Microsoft Office 2010 Outlook Email Juniper VPN without Pinpad For more information, see: Securely Accessing a Website Using SSL Digitally Sign and Encrypt Email VPN Authentication Intel IPT with PKI Use Case Guide 3

3.1 Securely Accessing a Website Using SSL You can use Intel IPT with PKI to securely access a website using SSL. This procedure shows how you can securely access a website that uses the certificate to authenticate the user. To access the test website: 1. Open a web browser and navigate to a website that supports certificate-based SSL authentication. The site shown below is a test site that is used for testing and documentation purposes only. It is not available for general use. 2. When prompted to select a certificate, select the certificate that you installed for Intel IPT with PKI. 3. If you protected the certificate with a PIN, the Enter Pin window opens. 4. Enter the PIN that you used when installing the certificate and click OK. 5. After connecting to the website, you will notice in the URL line that the connection is using the https secure protocol, and that the user has been authenticated by the VeriSign certificate. Intel IPT with PKI Use Case Guide 4

3.2 Digitally Sign and Encrypt Email You can use Intel IPT with PKI to digitally sign and encrypt email. This section provides the instructions for both use cases as demonstrated in Microsoft Outlook 2010. To setup Outlook for Encryption and Digital Signature: 1. Open Outlook and navigate to the E-mail Security tab of the Trust Center: a. Click the File tab. b. Click Options. The Outlook Options window opens. c. From the bottom left side of the Outlook Options window, click Trust Center. d. Click Trust Center Settings. The Trust Center window opens. e. From the left side of the Trust Center window, click E-mail Security. 2. Select the Encrypt contents and attachments for outgoing messages check box. 3. Select the Add digital signature to outgoing messages check box. 4. From the Default Settings drop-down list, select My S/MIME Settings. 5. Click Publish to GAL. 6. Click OK. The Trust Center window closes. Intel IPT with PKI Use Case Guide 5

To create a Digitally Signed and Encrypted email: 1. In Outlook, create a new email as you normally would, and then click Send. 2. If you protected the certificate with a PIN, the Enter Pin window opens. 3. Enter the PIN that you used when installing the certificate and click OK. 4. Note in the screenshot below that the email is signed and encrypted as indicated by the blue lock icon and the red Digital Signature icon in the email. You can click the red Digital Signature icon to view the signature certificate details. Intel IPT with PKI Use Case Guide 6

3.3 VPN Authentication You can use Intel IPT with PKI to authenticate into a VPN session. This section provides the instructions for VPN Authentication using the Juniper Junos Pulse VPN Client. To setup the Juniper VPN Client: 1. Open the Juniper Juno Pulse VPN Client. Click Connect and select the Certificate in the Pulse Connect window. 2. Select the Realm. We will select Users in this example. Intel IPT with PKI Use Case Guide 7

3. Enter the username and password and the connection is completed. 4. The screenshots below show the network configuration before and after connecting via the VPN Client. Note in the second screenshot that there is an additional network connection with an IP address of 192.168.1.103. This is the new VPN connection. Before Intel IPT with PKI Use Case Guide 8

After Intel IPT with PKI Use Case Guide 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information