1 / 10

SAFE Public Key Infrastructure (PKI)

SAFE Public Key Infrastructure (PKI). Terry Zagar Chair, SAFE Operations & Technology Working Group April 21, 2005. Topics. SAFE & Biopharmaceutical Community SAFE Community Framework Architecture Drivers SAFE Architecture Certificate/OCSP Structure Building Understanding & Conformance

posy
Download Presentation

SAFE Public Key Infrastructure (PKI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAFE Public Key Infrastructure (PKI) Terry Zagar Chair, SAFE Operations & Technology Working Group April 21, 2005

  2. Topics • SAFE & Biopharmaceutical Community • SAFE Community Framework • Architecture Drivers • SAFE Architecture • Certificate/OCSP Structure • Building Understanding & Conformance • Future SAFE Directions

  3. SAFE & Bio-Pharmaceutical Community MAY 2003 SAFE  strategic PhRMA initiative CONCEPT • Trusted e-identity credentials • Closed contractual system • Accredited • Business focus DRIVERS • Regulatory compliance • Business efficiency • Cost savings DEC 2003 Seed investment  12 bio-pharmaceuticals JUN 2003 SAFE Standard v1.0 DEC 2004 SAFE-Biopharma  8 bio-pharmaceutials JUN 2005 [planned] SAFE Bridge IOC & SAFE Standard v2.0

  4. SAFE-Biopharma Agreement Agreement Member Issuer SAFE Standard • Business/Legal • Governance • Specifications Full • For-Profit Entities • Not-For-Profit Entities • Government Orgs Services • SAFE Bridge CA • Directory • Issuer Services for Medical Practitioners/Others Associate • Medical Practitioners • Other Entities/Individuals designated by SAFE Agreement SAFE Community Framework Services • CA / RA / CSA • Credentials for Members • Identity Proofing

  5. SAFE Architectural Drivers • High trust system • Pre-existing Member PKIs • Minimum of reinvention • Regulatory compliance • Move burden from user to infrastructure • Do not preclude other uses • What time is it in …?

  6. C P C P C P SAFE Architecture SAFE Issuer Registration and Certificate Management Systems OCSP Request OCSP Response Cross Certificates SAFE Certificate SAFE Certificate OCSP SAFE Cert. Response Subscriber Authentication SAFE- Biopharma SAFE Bridge CA Central Systems End-User Systems Machine Systems OCSP Request Validation Request & Response Signing & Validation Request & Response Signing & Validation Request & Response OCSP Request OCSP Response SAFE Member SAFE Enabled Applications Details contained in associated Details contained in SAFE CP Technical Specification

  7. Key SAFE Certificate & OCSP Features SAFE Subscriber Certificate • Issuer & Subject Distinguished Name field • Subject Alternate Name extension • Key Usage extension • Authority Information Access extension • Certificate Policies extension SAFE OCSP Request/Response • SAFE certificate validation must use OCSP • OCSP Responder must accept unsigned requests • Nonce required for digital signature validation purposes only

  8. Building Understanding & Interoperability • Participation • Member working groups • Member control mechanisms • Member tools • Issuers, Infrastructure providers, Application vendors, Integrators • Accreditation • Members • Issuers • Certification • Application vendors • Infrastructure providers • Integrators

  9. Future SAFE Directions • Easing SAFE application enablement • API Specification between applications and certificate validation software/services • API Specification between applications and smart card/token middleware • Verifying SAFE application enablement • Designation of independent certification test labs • Supporting other uses for SAFE identity • SAFE specifications/guidance for authentication uses

  10. Discussion

More Related