extending the reach of public key technology joe kovara chief technology officer
DESCRIPTION
Center for Applied Cryptographic Research Simon Fraser University Vancouver, BC June 9, 1999. Extending the Reach of Public Key Technology Joe Kovara Chief Technology Officer. Objectives. Obtain PK benefits Sooner rather than later At an acceptable rate of change $ per unit time - PowerPoint PPT PresentationTRANSCRIPT
1
Extending the Reach ofPublic Key Technology
Joe KovaraChief Technology Officer
Center forAppliedCryptographicResearch
Simon Fraser UniversityVancouver, BCJune 9, 1999
ObjectivesObjectives
• Obtain PK benefits– Sooner rather than later– At an acceptable rate of change
$ per unit time
• Reduce PK and non-PK gap– Align with what we have today– Reduce the gap in the future
• Approach– Adapt the technology first– Adapt the rest later
Traditional Public Key ViewTraditional Public Key View
PK Deployment ObstaclesPK Deployment Obstacles
Administration: Policy Enforcement
Key Escrow
Registration: Bootstrapping
Revocation: Scale
Applications
Key Storage: Protection
Portability
Performance
?
Then What?Then What?
MVS
Windows
Unix
Novell
Kerberos 5
Kerberos 4
Passticket
Proprietary
Legacy Other Systemsand Technologies
New Opportunities
Consumers
More efficient access
TrustBroker
More efficient delivery
Producers
Lower Risk
Smartcards
Brokering TrustBrokering Trust
Tokens
Public Key
GSS-API/K5
MVSPassticket
Web
Kerberos4& 5
Legacy
•SimpleSimple•FamiliarFamiliar•Secure..Secure.... ……or more secure...or more secure...
Initial SignonInitial Signon
SmartcardSmartcard• DatakeyDatakey• SchlumbergeSchlumberge• ......
Public KeyPublic Key• EntrustEntrust• NetscapeNetscape• MicrosoftMicrosoft• ......
TokenToken• VascoVasco• SDISDI• SecureSecure• ......
Budget and need driven
Public Key
GSS-API/K5
MVS TrustTicket
WebAgent
Kerberos 4 & 5
Legacy
• Web• Email• ...
• SAP/R3• Oracle• Windows 2000• ...
• MVS 3270– RACF– ACF/2– Top Secret
• Non-PK Web
• Windows 2000• telnet• ftp• r-utilities• ...
• Other applications
Application SignonApplication Signon
Tru
stB
roke
rC
redenti
als
Bro
ker
Application driven