250 likes | 410 Views
Electronic Services and Security. Agenda. Background – What? Why? Who? How? PKI and electronic services –concepts Sonera activities Sonera security services Trusted mobile operator -concept Questions, discussion. Development. Planning. Communication security. Physical security.
E N D
Agenda • Background – What? Why? Who? How? • PKI and electronic services –concepts • Sonera activities • Sonera security services • Trusted mobile operator -concept • Questions, discussion
Development Planning Communication security Physical security Software security PKI Safe usage Managerial security Personnel security Data security Auditing / reporting Security management Hardware security Maintenance & management
Public e-services • “Producing, offering, using public services and complementing, replacing or renewing the traditional services by utilizing data networks” • Improves the competitive capability of society, decreases costs, increases standard of living etc. • Citizens, companies, communities, authorities
E-Services: Important concepts • Data security • Confidentiality • Integrity • Availability • Non-repudiaton • Technology • Terminals (PC, community center terminal, mobile phone, PDA, digi-TV set-top box…) • Networks (Internet, private networks, digi-TV, mobile networks)
Why PKI? • PKI enables secure e-services: • Strong authentication • Digital signatures • Ensuring confidentiality and integrity Physical world e-World Authentication Certificates Non-repudiation Digital signatures Encryption + digital signatures Confidentiality and integrity
What is PKI? • Public Key Infrastructure • ”The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke certificates based on public-key cryptography.” • Creates trust relationships between people, companies, communities etc. • Enables the increased security and user friendliness in current applications and environments and new applications in data networks
Network of actors in European certificate scene EU Certification service provider (CA) Government Service Provider Relying Party Subscriber
Sonera activities • Security services for companies and communities: • Strong authentication (smart cards, USB-tokens, software certificates) • Sonera CA – Certificate Authority • E-Work - VPN (Virtual Private Network) – and secured Web-connections • Digital signatures as a service • Mobile phone as the authentication device • Certificates to mobile phone: • Trusted mobile operator • Citizens/consumers (qualified certificates) and corporate users (role certificates)
Sonera activities • Law about electronic signatures (in Finland still under ratification Q2/2002) • Following the qualified certificate regulation – Sonera sits in FICORA certificate workgroup • Technology evaluations • Standardization (EESSI, ETSI, CEN/ISSS, IETF, WAP Forum, ) • Other interest groups & international co-operation (EEMA/ECAF, Radicchio, MeT...)
Electronic Signatures Act • Q2/2002 in Finland… • based on Directive 99/93/EC: • legal recognition of all kinds of electronic signatures • « qualified » electronic signature: equivalence with handwritten signature • free flow of electronic signature-related products and services in the EU market (no barriers to the market)
Security Service Portfolio 2002 e-Business Security Management Services Secure Network Services E-Work Secure User, SecureWeb, Secure Wireless connections Office Networks Secure Office, Secure User Security Management Firewall & Intrusion Detection mgmt. Audits & assesments Partner Networks Secure Office SecureWeb Secure User Desktop& Device Security Secure User, Anti- Virus, SecureWeb, Mobile Security User profiling CA services, PKI projects Digital Signatures Professonal Services SurfManager service reporting & management SurfTrends, SurfView, SLM tool SENS PKI infrastructure
Sonera Security Consulting Professional Services Technology Managerial Technical security Training / Seminars evaluation security In customer projects Together with the customer Evaluation, feasability studies of new security products and / or implementation of the solution. The customer can affect the development of our services • Consulting • Security policy • Security strategies • Business continuity planning • Risk analysis • Consulting • FW / LAN • Mobile technologies • Anti-virus consulting • Electronic archiving • Architecture and solution planning / auditing • The utilization of Sonera products • Consulting • Security strategy / business continuity planning targeted for management • Personnel training: email, anti-virus, passwords etc.
Sonera CA One USB token - • Sonera CA is a service that issues and manages certificates throughout their life-cycle. • The service includes all the functions needed to implement PKI (public key infrastructure): certificates, registration authority, revocation authority, directories, integration to existing services etc. for many purposes: Encryption Signing VPN –Secure User SSL -SecureWeb Windows 2000 logon Dialup
Authentication, authorization & user management:SecureWeb and Secure User Sonera Security Center Application User profiles directory Sonera Gateway Device Internet Strong encryption Authorization query End-users with certificates
Digital signatures as a service • Sonera is responsible for the maintenance of required servers and software • The system is built together with the customer and partners • Piloting is possible
Trusted mobile operator services • With mobile phone • Strong authentication and digital signatures • Ensuring confidentiality and integrity of transactions • Improving data and legal security in electronic commerce and services • Sonera acts as a trusted third party for the end-user and for the service provider
Cash Identity proof Credit card Bank card Allekirjoitus The services of the wallet in the mobile phone + = One, easy-to-use device always with you for all services Anywhere, anytime Social security card Bonus card Library card etc..
Service benefits to the user • Strong security enables new services • also together with Internet or traditional call services • Ease-of-use and usability • Security in different services is unified, logical and simple. The logic is the same as with credit cards or PINs in mobile phones. No passwords or password lists. • Low costs • The services function with current phones
Service provider benefits • New services or improved current services • Improved security can be implemented cost-effectively. Infrastructure is offered as a service through a simple interface. No investments in security are needed and the start-up costs are low. Also smaller service providers or service providers that consider security as important but not critical can join the service. • PKI shall be the infrastructure for implementing the electronic services in open networks.
Soveltuvuus moneen kanavaan Customer Service Provider Phone SMS WAP Internet (Digi-TV) (WLAN) Authentication request Authentication
Summary • Certificates can solve many of the questions and risks involved in electronic transactions and services • Success requires versatile capabilities and understanding and considering all aspects of operations – it is not just about technology • Sonera has the required expert resources and can offer overall service – from planning to implementation and maintenance