160 likes | 367 Views
CompuSec TM & e-Identity TM. G. Krause CE-Infosys. 23.11.2001. Overview. Security offer for the next decade Security Blueprint e-Identity CompusSec Installation CompuSec Advantages Intranet, Extranet, Internet Security Management. CE-Infosys Security Offer .
E N D
CompuSecTM & e-IdentityTM G. Krause CE-Infosys 23.11.2001
Overview • Security offer for the next decade • Security Blueprint • e-Identity • CompusSec • Installation • CompuSec Advantages • Intranet, Extranet, Internet • Security Management
CE-Infosys Security Offer • Total solution for almost all security threats • State of the Art Technology • Universal (All machines – All OS) • Use security standards • Open architecture – open for partners • World Class Support
Security Blueprint Security PolicyCustomer Security Management GlobalAdmin Security AuditAuditor & Watcher User Identity e-Identity Secure BootCompuSece-Identity Disk SecurityCompuSec e-Identity System AccessSingle Sign OnLogon+ e-Identity NetworkAccessIPCrypt Cliente-Identity WAN EncryptionIPCrypt Cliente-Identity NetworkEncryptionIPCryptor Cryptographic User Separation SafeLan e-Identity Application Control e-Identity Secure Internet e-IdentityPrivateWEB
e-IdentityTM Combination of a single chip subsystem for IT applications with optional access transponders to gain physical access. • IT applications • Access control • Key storage • Certificate storage • Digital Signature • Application tickets • RSA Processor • Triple DES Processor • 16 K Byte Storage • Transponder applications • Physical access control • Door access systems • Credit sales systems • Time window support • Passive token number or • Read/Write storage 2 kByte
e-IdentityTM USB Controller Security Processor OSC CPU ROM Security Processor RSA E2Prom CPU ROM DES RAM RSA E2Prom Transponder DES RAM Transponder Processor / RAM Processor / RAM
e-IdentityTM Single chip subsystem to store and process sensitve information related to an individual in a secure way. • Password Application • User password verification • False password counter & lock • Password change management • Lifetime and or usage counter • Password history • Password complexity check • Application list and Identifiers • Secure application access keys CompuSec IPCrypt Logon + SafeLan TwinSafe User Certificates Private Keys
e-IdentityTM - How it works Certificate application keys Password IPCrypt application keys SafeLanapplication keys OWF Password application data CompuSecTMapplication data Password application key Decryption Decryption Access MAC & Decryption Application access key OWF Certificate application keys CompuSecTMDisk keys Access rightsAlgorithm.... Pin for e-Identity IPCrypt application keys SafeLanapplication keys CompuSecTMapplication keys
e-Identity – Application Access Authenticate Application DF • Generate Random • MAC with Keys from ID 11 • Compare with external data • Copy security ID if equal HostSystem Get Random Random • Security Object • ID (11) • KeysFunction (Authenticate) A/C List • Security Object • ID (11) • KeysFunction (Authenticate) A/C List • Security Object • ID (11) • KeysFunction (Authenticate) A/C List Authenticate ID11 MAC over RND Ack / Nack Data EF Data A/C List Read 11 Modify (17) Append (19) Delete EF (67) Current Security Status = 11 Read access granted
CompuSecTM • Authentication by possession and knowledge (e-Identity) • USB Technology (replaces serial port and parallel port) • Disk Sector Encryption (incl. Operating System) • Flexible Algorithms • Flexible Smart Card OS (CardOS and others)
CompuSecTM - How it works Power ON Install USB Host Controller support Password dialog - Verify user identity. Install CE-Infosys USB driver. Access CompuSec application data from e-Identity. System boot attempt reads MBR Install the IPCrypt driver. (Option) MBR code executes CompuSec loader and graphical Interface. MBR partition table is empty. Decrypt and restore partition table. Install the Logon + GINA support. (Option) Install BIOS disk and floppy encryption. CompuSec initializes and scans USB ports. Run the applications. Boot the OS CompuSec finds e-Identity or asks for. Install the disk crypt driver Secure the machine if e-Identity is removed.
CompuSecTM Installation CE-Infosys supply • Complete installation at target system • Personalization of e-Identity • User ID • Keys (automatically generated) • GlobalAdmin • Personalization of e-Identity • User ID, access rights • Keys • e-Identity applications !!! • Driver installation at target system • Verification of e-Identity • Disk encryption • User verification • Installation right • Sector encryption
CompuSecTM Advantages • Secrets stored in Hardware • Individual users • Large corporate users • Easy to use • Easy installation • Easy to maintain • Integrated in total solution concept • Cost effective &
Intranet, Extranet and Internet • e-Identity, CompuSec and IPCrypt provides the complete network security solution. • Automatic Authentication • Complete IP encryption based on IPSEC • Integrated Radius Server • Integrated Access Control Lists • Integrated Firewall • Stealth Technology CompuSecTM IPCrypt Client IPCryptor
Security Management Company network access rules Audit Munich Central GlobalAdmin Munich Company directory services Policies User data Decentral GlobalAdmin Frankfurt