pki
ECURE 2002: Dollar Presentation
[an error occurred while processing this directive]
[Back to 2002 Presentations]
Forward to Presentation 2
ECURE 2002
PKI Records Management and Archive Issues
October 10, 2002
Phoenix, AZ
Charles Dollar
Dollar Consulting
1
Agenda
Introduction/Orientation
Digital Communication
What is PKI?
PKI Administrative
Records Functions
PKI Operational Records
v. PKI Electronic
Recordkeeping Requirements
Recommendation
2
PKI
Case Study: Overview
Not a PKI tutorial
Work for the National Archives and Records Administration
Opportunity for records managers/archivists
3
Digital communication
Closed and secure (national defense,
VPN)
Open and secure (SSL)
Open and non-secure (PKI)
4
PKI
a “hot technology”
E-Commerce
E-Governance
State of Illinois
5
What is PKI?
A PKI is an asymmetric
cryptography security environment that supports the transmission, delivery, and
receipt of digital communications over a non-secure communications channel.
6
What Does PKI
Do?
Authenticates sender of digital communications
Protects integrity of digital communications
Key Pair
Private
Public
Trusted third party
7
How PKI
Works in Digital Communications
8
Hash Digest Values
337.60 KB
AaAEAACoAQAKAGjhX84+VC1d3)
NgDiPHvG+/R8hKCAUCACOvWKAT
FOYIz3XS5gAAgI1wrAKO1geAAA
AAAAAAAAAAAAAA=
337.60 KB
AaAEAACoAQAKAGy2YV8gORj
Feuf3yfnn7V)QMKBCgKywNfTD+
avB8UVEYKAAAoUB2gKo1gEAALg
AAAAAAAAAAAA=
9
Key PKI
maangement concepts
PKI standard: X.509
Certificate Policy (CP): What
Certificate Practice Statement (CPS): How
PKI administrative records v.
PKI transaction records
Little or no good practice guidance
10
Certificate Policy (CP) for Access Certificates for Electronic Services
General Provisions
Identification and Authentication
Operational Requirements
Physical, Procedural, and Personnel Security Controls
Technical Security Controls
Certificate and CRL Profiles
Policy Administration
11
CP Operational Requirements
Certificate Issuance & Acceptance
Certificate Suspension & Revocation
Computer Security Audit Procedures
Records “Archival”
Compromise & Disaster Recovery
12
Certificate Practice Statement (CPS)
To Be Discussed Later
Under PKI Operational and
Electronic Recordkeeping
Requirements
13
PKI
Records
14
PKI
Administrative Records
15
PKI
Administrative Records Guidance Constraints
PKI records are not
unique
PKI operational system
v. PKI recordkeeping system
Some PKI records are
paper-based
16
PKI functions
Plan/define PKI
Establish, startup, install
Operate
Audit/monitor
Reorganize/dismantle
17
PKI Functions,
Activities, and EXAMPLE Records
18
Example Operate Functions and Related Records
19
PKI
Requirements Overview
PKI Operational and
Recordkeeing Requirements
Operational Systems
Recordkeeping Systems
1. Records Capture
X
X
2. Records Metadata
X
X
3. Records Retreval
X
X
4. Records Classification
X
5. Records Disposition
X
X
6. Records Integrity
X
X
1. Records Storage*
X
1. Vital Records
X
9. Records Audit/History Log
X
X
10. Records Privacy
X
X
11. Records Security
X
X
12. Records Freezes
X
X
13. Records Transfer to ERS
X
14. Records Preservation*
X
15. Records Transfer to Archives
X
* Records storage in an operational system is substantially different from records
preservation in an electronic recordkeeping system. Some of the specific requirements
for records preservation include those of records storage.
20
PKI Record capture
Operational
Accurate and complete at or near the time of the event
Event log that trachs all activities associated with capture
Automatic population of record series title, disposition, and
vital records status.
Recordkeeping
As database tables or as “rendered for viewing”
Technology neutral formats
Paper-based records
Document transfer of recurds to
ERS
Confirm integrity of transferred records
Complete and accurate transfer of metadata
21
PKI records metadata
Operational
Augment event log data with series title, retention period, vital
record status
For each unique event:
Common name
Certificate number
Date of event
Distinguished name
Restrict changes in metadata to authorized persons
Recordkeeping
Minimum attributes specified in operational requirements
For CP and
CPS use
registered Object ID
View/print complete metadata
Computer generated unique id for each record
Record location of electronic and paper records
Human readable bar code for all paper records
Restrict changes to authorized persons
22
Recommendations
Become knowledgeable about X.509
Get involved in PKI
discussions NOW
Understand the differences between operational
PKI systems and
PKI recordkeeping requirements
Adopt/implement federal government guidance
Don’t accept “we can’t do that“ from
IT and
PKI vendors
Make the risk management argument
23
Summary
Topics covered
Seize the opportunity
24
Questions?
25
Thank You!
Charles Dollar
thecdollar@cs.com
Tel.: (253) 853-6346
26
Digital Technology Standards: What to Look Out For
ECURE
Conference
October 11, 2002
Charles Dollar
thecdollar@cs.com
1
What are Standards?
“Standards are documented agreements containing technical specifications or other
precise criteria to be used consistently as rules, guidelines, or definitions or other
characteristics to ensure that materials, products, processes, and services are fit for
their purpose.” International Standards Organization
2
Standard Principles
Consensus
Industry-wide
Voluntary
3
Types of Standards
De jure (sanctioned standards organizations)
De facto (industry practice)
Proprietary (specific company practice)
4
What Makes A Standard Succeed?
Addresses a real need
Market place penetration
Transparent
Successful and failed standards
5
Strengths and Weaknesses of Standards
Stengths
Stability
Interoperability
Interconnectivity
Portability
Supports migration
Weaknesses
Lag behind technology
Not necessarily the best technical solution
Vendor compliance
Change over time
Unending migration
6
Standards and Migration
7
Selected Standards that Affect long-Term Access to Electronic Records
XML
JPEG 2000
PDF - X, A
8
[ ECURE Home |
Archives |
2002 Presentations ]
© 2002
Charles Dollar —
Last Modified
Thursday 28 June 2007
разделы
промышленый альпинизм
индивидуальный банковский ячейка
рукавичка доставка
антенна акустомагнитные
лучший ковры
озонатор воздуха
барбекю
конвейер
анкетирование
ванна моечный
электрокамин dimplex model magic (sp8)
телевизионный антенна
втулка переходный
бахила производитель
профиль salamander
залог кострома
вакансия красноярск
спецобувь оптом
k610 купить
медикаментозный прерывание беременность
волосовский доломит
детский гинеколог
подбор контрацепция
подбор контрацепция
кадровый владимир
стеклянный перегородка
спецобувь заказ
электропечь dimplex model brayford
сервис холодильник
восстановление бухучета
три цвета: синий
архитектурный визуализация
жаростойкий краска
помыть потолок
kyiv apartaments service
intex
автоподъемник
покраска рчв
слименд лифт
предохранитель пкэ
купить видеокарту
кожгалантерея
система перемешивание
фасадный покрытие
аэрография
задний зеркало
pki