Upload
heta-desai
View
218
Download
0
Embed Size (px)
Citation preview
8/2/2019 mobilepki
1/48
The World Internet Security Company
Practical Experiences of
PKI-enabled Applications and
Implications for Mass Deployment of e-IDs
Conference on
Cryptology and digital Content Security
An activity of MATHESS, a NEST coordination activity of the EC
CRM, Bellaterra, 15 de mayo 2007
Victor Canivell, CEO, Wisekey ELA
8/2/2019 mobilepki
2/48
The World Internet Security Company
Agenda
On Wisekey
PKI today:- challenges
- PKI & PKO- DNI-e
Mass deployments tools:
- Wisekey CertfyID Blackbox Wisekey references
Conclusions
8/2/2019 mobilepki
3/48
The World Internet Security Company
Intelligentcities
DestiNY USA
Biometrics, PKI, DRM,Physical & Logical
Secuirty
e-Voting
first ever binding
Internet Vote
Biometric enabledPKI evoting for
Blind
DevelopingCountries
Deploying infrastructures withthe ITU
Digital TV AppsProtection
Securing the Digital Video
BroadcastingInfrastructure
Object eIDs
Securing objects(silicon, luxury
goods, materials)
NISpartnership
Microsoft, HP,WISeKey
ID cards, driverspermits,
passports...
Wisekeys development
1999
2001
2003
2005
2007
TechnologyPlatform
UnicertGold CA Platform
(HP)
Bronze Box(RA System)
eVoting Solutions
CustomisedIdentity &
Secuity Solutions
Birth of CertifyIDPlatform
Trust Service
Blackbox forEnterprise
Validation Solutions
Signing Solutions
TrustEcoSystem
Device &Content
Protection
Secure Video ProcessorAlliance
8/2/2019 mobilepki
4/48
The World Internet Security Company
Wisekey SA
Geneva, Switzerland, 1999
e-ID specialization
Our vision is to enable the volume deployment of e-IDs in a way that is cost effective and easy to
integrate with existing IT backbones From supplier of digital certificates to supplier of
certificate-enabled solutions and services
On site, hosted, managed and/or ASP models
Signs a strategic e-ID partnership with Microsoft(Brussels, June 2006)
M.DeSmedt ex SrVP MSFT EMEA becomes aninvestor and Board Member in 2007
8/2/2019 mobilepki
5/48
The World Internet Security Company
Wisekey ELA
Joint venture of Wisekey SA and Veliba-Sectecfor the development of the business model inSpain and LatinAmerica
Initiates operations as of 2007 in Madrid,Barcelona, Bilbao
Secure facility under construction in Bilbao
2008 Initiates operations in LatinAmerica for local
joint ventures
8/2/2019 mobilepki
6/48
The World Internet Security Company
Agenda
On Wisekey
PKI today:- challenges
- PKI & PKO- DNI-e
Mass deployments tools:
- Wisekey CertfyID Blackbox Wisekey references
Conclusions
8/2/2019 mobilepki
7/48
The World Internet Security Company
Internet:(great) success with (some) challenges
Internet has scaled over four decades- showing exponential growth- and becoming mission critical
Internet continues to augment its bandwidth- Internet2- IPv6
But Internet suffers from architecture constraints
related to some of its founding assumptions:- principle of trust- computers always in fixed locationsand always connected
8/2/2019 mobilepki
8/48
The World Internet Security Company
An old problem
The New Yorker,1993
On the Internet,
nobody knows youre a dog!
8/2/2019 mobilepki
9/48
The World Internet Security Company
Exponential growth in e-IDs
Pre 1980s 1980s 1990s 2000s
No. of e-IDs
TimeMainframe
Client Server
Internet
BusinessAutomation
Company(B2E)
Partners(B2B)
Customers(B2C)
Mobility
plus all devices
to be tracked!!
8/2/2019 mobilepki
10/48
The World Internet Security Company
Employees
Suppliers
PartnersRemote employees
Customers
Customer satisfaction & customer intimacyCost competitiveness
Reach, personalization
CollaborationOutsourcingFaster business cycles;process automationValue chain
M&AMobile/global workforceFlexible/temp workforce
Supply chain openness= more e-IDs
8/2/2019 mobilepki
11/48
The World Internet Security Company
Demand vectors
27.000 phishing sites (RSA Jan. 07)
Malware in 40% of systems (Panda)
8/2/2019 mobilepki
12/48
The World Internet Security Company
The best antidote
8/2/2019 mobilepki
13/48
The World Internet Security Company
Note to The best antidote
Yes, PKI
but we must not forget* that security
(1) is a chain;
its only as secure as its weakest link
(2) is a process, not a product
* Bruce Schneier
8/2/2019 mobilepki
14/48
The World Internet Security CompanyUsage
Data Encryption
Intranet/ExtranetAccess Management
Mobile Data Encryption
Digital Identity
Digital Signature
Email encryptionAnd signatureAccess Control
Usermanagement
Applicability
8/2/2019 mobilepki
15/48
The World Internet Security Company
The PKI components
Technology platform
Policies and procedures Trust model
8/2/2019 mobilepki
16/48
The World Internet Security Company
The perception of PKI success
No and/or limited volume PKI deployments
but
In fact they now exist (DNI-e et al.)
The above refers to authenticating individuals in themeantime there is an explosion of authenticationrequirements for servers, devices, digital content, etc
And, in fact, PKI-enabled solutions for addressingindividuals are now becoming economically attractive
The first issue to recognize is that we are dealing with aninfrastructure element, and its attractiveness is afunction of the ROI for the first solution it supports (e-invoicing, email encryption, SSO, etc)
8/2/2019 mobilepki
17/48
The World Internet Security Company
The classical barriers to PKI
Complexity
Cost Lack of applications
Lack of integration
8/2/2019 mobilepki
18/48
The World Internet Security Company
PKI technology acceptance
PKIs ROI- Tangible & intangible- Current and future (perceptions)
- Comparative to alternatives(incl. do-nothing)
- Direct economic returns- Legislative drivers related to traceability
McKinsey-Gartners new technology acceptancecurve:
- PKI is emerging embedded in many apps
8/2/2019 mobilepki
19/48
The World Internet Security Company
PKI & PKO
Open PKI (Public Key Infrastructure)Integrated use of certificates to authenticateindividuals across disparate public- and private-sector applications
Closed PKI (Public Key Infrastructure)Use of broader PKI services but limited to use byone enterprise or a closed community of businesspartners, users or devices
PKO (Public Key Operations)Integrated use of certificates within one applicationor service for limited key management uses
8/2/2019 mobilepki
20/48
The World Internet Security Company
Uses of PKI technologies today
DRIVERS SCOPE SIZE NO. EXAMPLES
IN EU
OPEN PKI e-GOVERMENT RECOGNIZED Millions Tens DNI-e
G2C
CLOSED PKI B2B, B2C ADVANCED Thousands Thousands SSO
PKO INTERNAL STANDARD Tens Millions em encryption
OPERATIONS
8/2/2019 mobilepki
21/48
8/2/2019 mobilepki
22/48
The World Internet Security Company
DNI-e impact
Infrastructures (keyboards et al.), publictransactions and both individual and privatesector awareness
DNI-e as the registration facilitator for theobtention of other credentials
Immediate complementary needs to surface:
- other CAs- signature platforms- identity management across systems
8/2/2019 mobilepki
23/48
The World Internet Security Company
What is now required
Solutions to emit and manage certificate lifecycles- in an economic manner- and easily integrateable (SOA)
Value added services- time stamping- OCSP
- secure vault- etc
International interoperability schemes
8/2/2019 mobilepki
24/48
The World Internet Security Company
Agenda
On Wisekey
PKI today:- challenges
- PKI & PKO- DNI-e
Mass deployments tools:- Wisekey CertfyID Blackbox
Wisekey references
Conclusions
8/2/2019 mobilepki
25/48
The World Internet Security Company
8/2/2019 mobilepki
26/48
The World Internet Security Company
Vision: Mass Deployment
Microsoft Platform provides:- Commercially widespread platform- Globally available support and training- Certifications and accreditations (CC EAL4)- Widespread knowledgeable & technical resources
- Strong security program & update/patch cycle- Certificate support in base engineering specs- Common interface and usage across product families
WISeKey :- Trust model international, neutral, commerciallyacceptable, policy and governance structure- Full technology stack with tested and certifiedcomponents- Secure infrastructure hosting, and operations- Affiliate and partner network support
Delivery through:- Local partners- Affiliates
8/2/2019 mobilepki
27/48
The World Internet Security Company
CertifyID Platform
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
Exchange
SPS
MMS,
ISA,AD
BizTalk
CS2002
Office
2003
Mobile
Info
Server
3rdParty
Product
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Microsoft Platform provides:- CC EAL4 certification- Industrial class millions of certificates
- Strong security program & update/patch cycle- Common interface and usage across product families- Long term platform base
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
8/2/2019 mobilepki
28/48
The World Internet Security Company
OISTE Trust Service
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
Trust Service :
WISeKey verifies and certifies your organisations identity so that your usersand devices electronic identities can be trusted and recognised globally.
- Self or 3rd party audit depending on Trust Class- Global multilateral and commercial acceptability of eIDs- Microsoft Root Certificate Progam- Apple Leopard OS X 10.5
- Mozilla, Nokia, etc. pending
8/2/2019 mobilepki
29/48
The World Internet Security Company
CA Web Service SOA
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
CerifyID MS CA Web Services API (C#,C++) :
- SOAP/XML Layer- Enterprise SOA integration- Default interface for URA, ARM etc.
ESB - SOA
Other Apps
CA
Guardian
8/2/2019 mobilepki
30/48
The World Internet Security Company
GuardianCA Disaster Recovery /BC
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
Guardian (C++) :
Guardian XM provides professional grade database redundancy and datapersistency services for Certification Authorities on the Microsoft WindowsServer platform.
- Certificate Service Exit Module- Saves all certificates, status, history to MS SQL DB- Disaster recovery from MS SQL DB to MS SQL DB
CA MS SQL DB
Recoveryconsole
8/2/2019 mobilepki
31/48
The World Internet Security Company
CRL Manager
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
CRL Manager (C#) :
Reliably publish and monitor certficate revocation lists.
- Monitor and replicate revocation information- Detect fault conditions and alert operators
CA Public WebCRL Manager
(Replicate/Int. Monitor)
CRL Manager(Ext. Monitor)
8/2/2019 mobilepki
32/48
The World Internet Security Company
OCSP Server (C/C++):
Provides real time validation of certificates. Can interface directly with the Certificate ServicesDB, or via Guardian SQL DB for more efficient performance. Supports pre-built responses anddistributed OCSP for large scale scenarios.
- IETF RFC 2560 compliant- use CRLs, or provides real time responses- Pre-built responses for distributed OCSP, using
SQL 2005 DB replication- Integrated with IIS ISAPI extension
OCSP Server
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
CA OCSP
Clients
OCSP DB
8/2/2019 mobilepki
33/48
The World Internet Security Company
Directory Service / Publishing
ConsistentInterfaces
SingleSign-On
Windows Server
MSMQ
.Net Framework
Windows Media Services
CommonMgmt Infra
SQL Server
RMS
Distributed File Service
VPN
RAS
Active Dicrectory
Transaction Service
APS .NET
IIS PKI
SmartCard
WMI
Kerberos
Windows KernelVisualS
tudio.NET
SMS20
03,MOM
Exchange, SPS, BizTalk, MMS, ISA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
Directory Server (ADAM) / Certificate Publisher (C++/C# ) :
Provides a highly available and reliable directory service (LDAP), with flexible certificatepublishing whose schema can conform to be compliant the ISIS-MTT PKI managementspecification, and other government specifications.
- Publish to WISeKey Global Directory Service (GDS) for universal accessibility- Reliably publish certificates to local and/or external Directory instances- Multi-master replication and directory scaling
- Optionally remove revoked and/or expired certificates- Schema conformance to ISI-MTT, Federal Govt,and others on demand
CA CID Services
Publisher Module
Directory Srv(ADAM)
8/2/2019 mobilepki
34/48
The World Internet Security Company
URA
Trust Service
MS CA Web Svc API
Guardian Timestamp
Universal RA (URA)
OCSP
ARMCRL | Directory Svcs
Universal Registration Authority (C++/C# ) :
Provides a registration authority interface and certificate lifecycle manager that interfaces withmultiple load balanced CAs in the backend, designed for scalability to millions of users andcertificates. ASP .Net application that is network load balanced across several servers usingMS SQL 2005 as data store. Configuration data, user account, authentication, templates,certificates, requests etc. are stored in SQL 2005 database.Authentication can be done against LDAP.
Used in CertifyID Trust Center Managed PKI services,and with Stand-alone CAs at customer sites.
CA URA Web
Clients
URA DB
CertifyID Black Box
8/2/2019 mobilepki
35/48
The World Internet Security Company
35
CertifyID Black BoxEnterprise Offering
The CertifyID Blackbox offers a complete andaffordable out-of-the-box solution for establishing aTrusted Identity Infrastructure dedicated to yourorganization.
8/2/2019 mobilepki
36/48
The World Internet Security Company
Partners
Athena SCS Aladdin
Gemalto
HP
IBM
idQuantique
MCI Microsoft
NCP
NDS
Novell
OASIS
Omnikey
Precise Biometrics
SafeNet
Secure VideoProcessor Alliance
http://www.oasis-open.org/home/index.phphttp://welcome.hp.com/country/us/en/welcome.html8/2/2019 mobilepki
37/48
The World Internet Security Company
Agenda
On Wisekey PKI today:
- challenges
- PKI & PKO- DNI-e
Mass deployments tools:- Wisekey CertfyID Blackbox
Wisekey references
Conclusions
R f
8/2/2019 mobilepki
38/48
The World Internet Security Company
Executive
Summary
Business
Challenge
Value
Delivered & Benefitfor the client
To move to a secure,
interoperable web based
system that enforces
mandatory strong
authentication access control
and encryption of information
and data.
Customization of CPS and
policy sets, lightly to meet
client needs.
Reviewing the entire
certificate lifecycle, system
design, auditability, security inconjunction with KPMG as a
trusted neutral party.
Hosting of a custom portal
solution based on the WISeKey
Universal Registration
Authority.
Delivered a neutral Swiss
Trust Root PKI system, specific
custom development,
application and PKI hosting, for
the certificate issuance and
management of certificates that
protect the clients information
systems end-to-end, which
include sensitive financial and
consumer data.
Support of a Swiss based
company compliant with strict
the Swiss Banking regulation
on outsourcing.
The client was able to
incorporate a highly secure
logical access control system
protecting sensitive business
information on time and on
budget.
FinanceOrganisation of cooperating
Financial Institutions.Switzerland
References
R f
8/2/2019 mobilepki
39/48
The World Internet Security Company
Executive
Summary
Business
Challenge
Value
Delivered & Benefitfor the client
The financial sector of this
retail company needed to use
digital certificates for their
internal financial system and
for email exchange.
Implementation of a dedicated
CA for our client, for the usage
of certificates within their
financial system, defined the
type of certificates to be
issued.
Dedicated CA managed by
WISeKey staff and client
certificates issued by WISeKey
staff
Customization of CPS and
policy sets, lightly to meetclient needs.
Reviewing the entire
certificate lifecycle, system
design.
Hosting of the CA
Benefit
Greater data confidentiality
No technical knowledge for the
client
No cost for technical
maintenance
Low cost
RetailPrivately-held, international,
low-cost home productsretailer
Switzerland, Sweden and Belgium
References
R f
8/2/2019 mobilepki
40/48
The World Internet Security Company
ExecutiveSummary
BusinessChallenge
ValueDelivered & Benefit
for the client
The Client PKI is designed to
ensure secure
communications and system
access to protect confidential
information between
departments within the
organizations and most
importantly from external
parties.
The Client chose WISeKeys
CertifyID Solution as the basis
of their PKI, because of its
Trust Framework, its tight
integration with the Microsoft
Windows Platform and the
essential enhancing elements
that it adds to Windows
Certificate Services.
Implementation of the core
infrastructure used to protect
the Clients systems and data.
This core infrastructure is
based on WISeKeys CertifyID
Solution and Trust
Infrastructure.
Customization of operational
procedures; technical design,
implementation; legal
documents and agreements;
and service operation.
Project Management.
Implementation of Client PKI,
legal, technical, security and
operational infrastructure.
Legal consulting includingorganization structure,
production certificate practice
statement, certificate policies,
and end user agreements.
The customer can safely rely
on WISeKey expertise and
experience to provide the
delivery of a world class
certification service that
ensures the security, and
availability of its core PKI
infrastructure that is essential
to the safety and security of its
internal community and
collaborators.
InternationalOrganization
IO dedicated to pursuingjustice and prosecuting
international crimes that fall
within their mandate,namely genocide, war
crimes, and crimes againsthumanity.
References
R f
8/2/2019 mobilepki
41/48
The World Internet Security Company
Executive
Summary
Business
Challenge
Value
Delivered & Benefit forthe client
The DVB Multimedia Home
Platform (MHP) is the software
interface between interactive
digital TV applications and the
terminals on which those
applications execute. Such
terminals are typically set-top-
boxes or integrated digital TVs,
both of which are also known as
MHP receivers, platforms, hosts
or clients.
The DVB Project Office chose
WISeKey to design, implement,
host and manage the Public Key
Infrastructure that is used to
secure MHP applications.
WISeKey is the designatedCertificate Services Provider and
Operator for the DVB MHP PKI.
Multimedia Home Platform is
the open standard platform for
interactive TV and multimedia
services. MHP is based on
Internet and web standards, so it
offers compatibility and
convergence between TV and the
Internet.
DVB thus needed to implement
a MHP security mechanism that
defines the security requirements
for the consumer, the service
provider and the broadcaster,
using a security mechanism that
provides confidentiality, integrity,
availability, privacy and non-
reputability.
WISeKey implemented the core
infrastructure that is used to
protect the MHP security
mechanism and thus implement
the security for the consumer,
the service provider and the
broadcaster. This core
infrastructure is the DVB MHP
Public Key Infrastructure,
including the operational
procedures; technical design,
implementation; legal documents
and agreements; and service
operation.
Project Management.
Implementation of DVB MHP
PKI, legal, technical, security and
operational infrastructure.
Provide DVB MHP Operator
functions and services.
Legal consulting including
organization structure,
production certificate practice
statement, certificate policies,
and end user agreements.
Outsourced service operation.
DVB
The Digital VideoBroadcasting - DVB
Industry consortiumdedicated to authoring
international DTV
standards.
Switzerland
References
R f
8/2/2019 mobilepki
42/48
The World Internet Security Company
Executive
Summary
Business
Challenge
Value
Delivered & Benefitfor the client
SVP is an open technology
specification for protecting
digital video content. Applying
the SVP specification to any
standard video processor turns
it into an SVP-compliant video
processor that can protect
digital content end-to-end.
To move to a secure,
interoperable web based
system that enforces
mandatory strong
authentication access control
and encryption of information
and data.
The SVP Alliance Licensing
Authority chose WISeKey
securely host Trusted SVP
Roots that are at the heart of
the SVP Security Infrastructure,
based on a WISeKey designed
secure SVP Root software and
hardware security platform.
Solution delivers an
extremely low total cost of
ownership for the client, and
also provides extremely
increased security via the
Hardware Security Module, and
use of key shares for role
segregation.
The advantages of using
WISeKey professional services:
Leverage on expertise of PKIleaders
Lower total cost of ownership
Less effort for planning anddesign
Much more cost effective for
a small enterprise; thebusiness with the externalpartner can be extended asneed for crypto-enabledapplications grows
Requires less in-houseexpertise
Leverage liability rules,policies and procedures ofWISeKey
Can be operational in a shortperiod of time using theWISeKey Key Step deployment
approach
SVP
The Secure Video ProcessorAlliance is a group of media
and technology leaderspromoting the broad adoption of
SVP content protectiontechnology in digital home
networks and portable devices.
USA
References
R f
8/2/2019 mobilepki
43/48
The World Internet Security Company
Executive
Summary
Business
Challenge
ValueDelivered &
Benefit for theclient
The Client wanted to
implement an extranet
portal communication
system, featuring
knowledge bases,electronic mail and
correspondence tools to
provide better service and
support to their partners,
including their very
important dealer
community.
Because of the sensitive
nature of the information
stored on the portal, the
client needed to implement
a highly secure accesssolution, and after
extensive analysis decided
to use Digital Certificates
and secure devices
provided by a highly
trusted provider.
The Client chose WISeKey
to provide and host a
managed dedicated PublicKey Infrastructure to
provide digital identity
services for their extranet
portal, with strict
confidentiality and quality
of service requirements.
As part of the project
WISeKey delivered a
turnkey system for the
certificate issuance and
management, integratingcustom CA development
with the Clients backend
systems.
Exists a Development,
Quality and Production
environment. WISeKey
maintains a Quality MPKI
CA for testing and the
Production MPKI CA.
Access is controlled via
two-factor authentication
control; (certificate based
SSL client authentication
and a password).
IndustryLeading Swiss Watch
Maker.
Switzerland
References
R f
8/2/2019 mobilepki
44/48
The World Internet Security Company
ExecutiveSummary
BusinessChallenge
ValueDelivered & Benefit
for the client
The canton of Geneva was
chosen by the Confederation
for a pilot experiment of vote by
Internet, from the point of view
of its introduction at the
national level, by way ofadditional possibility to vote, to
current methods, votes by
correspondence and polling
station. During its official
introduction, voting by Internet
will have to guarantee a similar
safety even higher than these
two modes of poll.
WISeKey has taken part in the
concept drafting. WISeKey has
taken care of the of the system
security, the server side
development, the physical
architecture, the installationand of the solution
presentation and promotion.
The system was developed
and subjected to thorough
testing and controlled hacking
by the University of Geneva
and CERN. It underwent
significant load testing, andwas utilized by over 20,000
voters over the course of
several alpha an beta tests.
Since its outset the e-Voting
system has been subjected to
various tests and security
reviews, to collect the
observations of the users
under the angle of user-
friendliness, the facility and the
safety of the system.
Various trials were run
throughout the pilot project,
including a test involving over
20,000 students across the
SWISS educational system,
generating enthusiasm and
constructive feedback from the
voters of tomorrow.
State of Geneva
e-VOTING INITIATIVE
Switzerland
References
R f
8/2/2019 mobilepki
45/48
The World Internet Security Company
ExecutiveSummary
BusinessChallenge
ValueDelivered & Benefit
for the client
Gemini Observatory needed to
increase their network, systems
and communication security.
Assisting the Gemini technical
administrator to implement the
BB and configuring the PKI
infrastructure.
Fast PKI implementation
Greater data confidentiality
Ease of use
Gemini Observatory
Gemini is an internationalpartnership managed by the
Association of Universities forResearch in Astronomy under acooperative agreement with theNational Science Foundation.
USA - Hawaii
References
8/2/2019 mobilepki
46/48
The World Internet Security Company
Agenda
On Wisekey PKI today:
- challenges
- PKI & PKO- DNI-e
Mass deployments tools:- Wisekey CertfyID Blackbox
Wisekey references
Conclusions
8/2/2019 mobilepki
47/48
The World Internet Security Company
Conclusions
Both PKO and classical PKI solutions willbecome prevalent in our communications andcomputing infrastructures
Tools such as Wisekey CertifyID Blackbox will
contribute to this deployment by offeringeconomical and easy-to-integrate PKI basedsolutions
Whats next?
Watch out for quantum computing schemes!
And very interested in learning from advances atforums such as this Conference!!
8/2/2019 mobilepki
48/48
The World Internet Security Company
WISeKey S.A.
WISeKey S.A - World Trade Center II - 29, route de Pr-Bois CP 885 1215 Geneva, Switzerland
Tel: +41 22 594 30 00
WISeKey ELA S.L.
Avda. Txorierri,9, 48160 Derio & P Castellana 135, 28046 Madrid
Tel: +34 944 545 071 & +34 917 906 868
e-mail: [email protected] - www.wisekey.com