Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
CipherNET®
Information Security Solutions and Products
CipherNET
CipherNET® SoftwareDeveloper’s Kit (CDSA)
Sri Myneni
July 21, 1998
MOTOROLA and CipherNet are registered trademarks of Motorola, Inc.
CipherNET
CipherNET®
Information Security Solutions and Products
CipherNETIntroduction
• Why Motorola-ISD chose CDSA ?
• CipherNet product offering
• Motorola-ISD CDSA vision
• Questions!!!!
CipherNET®
Information Security Solutions and Products
CipherNETMotorola Security Experiencel 30 years experience designing and developing information
security systemsè Large scale security systems integration
l Developing certificate management systems since 1993l Provide PKI for Defense Messaging Systeml Supplied link encryption systems to the U.S. government
for 30 years (1000s of secure networks)l Delivered over 2500 Network Encryption Systems (NES)l Delivered over 250,000 secure telephones worldwide
CipherNET®
Information Security Solutions and Products
CipherNETWhy Support CDSA ?• The Open Group - Global leader in setting
standards
• Supported by wide range of industry leaders(IT Buyers and Suppliers)
• Open Architecture
• Wide range of capabilities
• Flexible and Extensible
• Platform Independent
• Framework for interoperability
CipherNET®
Information Security Solutions and Products
CipherNETMotorola CDSA -SDKImplementation
• Supports CDSA 1.2
• Enhancements to the Intel reference code
• PlatformsèWindows 95 and Windows NT 3.51/4.0
• Motorola will optimize CDSA to meetapplication requirements
CipherNET®
Information Security Solutions and Products
CipherNETMotorola Solutions• Provide E-Commerce and E-Business
application providers with the security toolsforèEnabling global solutions
èRapidly exploiting the power of all forms ofelectronic communication
• System integrationèAssemble complex systems involving
messaging, information security, and customapplication development
CipherNET®
Information Security Solutions and Products
CipherNET
On-LineBusiness
On-LineCommerce
WirelessOn-LineBanking
On-Line Purchasing
Other
Developer’s API (CSSM)
CryptoServiceProvider
DataLibrary
CertificateLibrary
TrustPolicy
Service Provider’s Interface
ECC
LDAP
X.509V3
X.509V3
End-User
Applications
Motorola C
ipherNE
T S
DK
(CD
SA
)
Security Service
Provider Plug-In
Components
Future
FUTURE
LocalStorage
P
K
C
S
#12
Module
Managers
CipherNET®
Information Security Solutions and Products
CipherNETCryptographic Service Provider
• Elliptic Curve Cryptography (ECC)è High strength + small key sizes = good performance
è 160 bit ECC key ≡ 1024 bit RSA key
è 210 bit ECC key ≡ 2048 bit RSA key
è Signature: ECDSA, ECNRA
è Key Agreement: ECDH, MQV
è Key Transport: ECES, ECAES
CipherNET®
Information Security Solutions and Products
CipherNETCryptographic Service Providerl Other algorithms
è Bulk encryption: DES and Triple-DES
è Hashing: SHA-1
è Message Authentication Check: HMAC
è Random numbers: FIPS 186, ECC BBS
l Keys and certificates are stored on PKCS #12 “softwaretoken” for transportability
è Allows migration to hardware tokens with minimalimpact on the application
CipherNET®
Information Security Solutions and Products
CipherNETWhy Elliptic Curve Crypto?• Small key size
• Performance
• Ideal for systems with limited resourcesèSmart cards
èWireless and embedded systems
• Growing acceptance of EC in financialservices communityèSET 2.0, ANSI X9, ‘Short Certificates’
CipherNET®
Information Security Solutions and Products
CipherNETData Storage Libraryl Manages X.509 certificates and CRLs
l Remote repositoryè LDAP v3 directory service
è Read-only
è Local cache
l Local repositoryè For certificates not in the directory
è Allows offline use (e.g., laptop)
è Read and write access
CipherNET®
Information Security Solutions and Products
CipherNETCertificate Libraryl Parses X.509 certificates and CRLs
è X.509 v3 certificate formats
è X.509 v2 CRL formats
l Trust Policy Moduleè Single CA modal
è Migrating to multiple CA hierarchy
CipherNET®
Information Security Solutions and Products
CipherNETMotorola Public Key Infrastructure (PKI)
• Companion PKI is under development
• PKI is based upon a highly scaleable webarchitecture to allow rapid rollout of largescale applications
• Support application builders withcertificates during SDK integration and test
CipherNET®
Information Security Solutions and Products
CipherNET
CipherNet CAServer
Directory Server
Client SystemToken
CipherNet RA Workstations
PKI Architecture
CipherNET®
Information Security Solutions and Products
CipherNETMotorola Partner Relationships• Certicom:
èWorld leader in ECC
èCryptographic Service Provider for ourSoftware Developer’s Kit.
• Intelisys:è Jointly developing next generation Internet
purchasing applications
CipherNET®
Information Security Solutions and Products
CipherNETCDSA Critical Success Factors
• Delivering CDSA 2.0
• Small footprint version
• Browser support
• PKI agnostic
• Resolution of the export issues
• Applications developers buy-in
CipherNET®
Information Security Solutions and Products
CipherNETMotorola Technology DirectionBridged technology evolving to common security architecture
MICRO T A C ELITE
1 324 5 67 8 9* 0 #
RCL STO CLR SND
PWR FCN NAME END
Card/Disk TokenTechnology
Wireless- MicroTac- Pagers
Applications- Banking- E-Business- E-Commerce
Wireline- STE-CipherLink
Integrated Communications Securityfor Business, Government, and DOD
CipherNET®
Information Security Solutions and Products
CipherNET
Security ServicesE-Commerce, E-Business and Financial Applications
GSMSecurity
Pipe
CDMASecurity
Pipe
PagingSecurity
Pipe
iDenSecurity
Pipe
Tele- maticsSecurity Pipe
Standard Security Algorithms and Protocols
CelestriSecurity Pipe
CipherNET®
Information Security Solutions and Products
CipherNETCipherNet Availability
• CipherNET Software Developer’s Kit isavailable NOW
• Expect availability announcementsregarding PKI in next quarter
CipherNET®
Information Security Solutions and Products
CipherNETSupport
• Licensing agreement includesèProduct training
èOne year product support
èTest certificates
èExample source code
èManuals
• Optional support includesè Integration assistance
èModule customization
èOptional module development
CipherNET®
Information Security Solutions and Products
CipherNETSample Demonstration• Web based banking application using the
CipherNET SDK
• Demonstrates construction of an applicationrequiring strong authentication, dataintegrity, privacy, and non-repudiation
CipherNET®
Information Security Solutions and Products
CipherNETContacts• Product Information: Peter Uscinski (602) 441-5792
• Public Relations: Dede Connors (602) 441-2027
• Product Manager: Tres Wiley (602) 441-7401
• Email us: [email protected]
• www.ciphernet.motorola.com
Motorola
Information Security Division
8201 E. McDowell Road
Scottsdale, AZ 85257