Implementing a PKI
-
Upload
jacob-ruiz -
Category
Documents
-
view
15 -
download
1
description
Transcript of Implementing a PKI
© Southampton City Council Sean Dawtry – Southampton City Council
Implementing a PKI
The Southampton Pathfinder for Smart Cards in public services
© Southampton City Council Sean Dawtry – Southampton City Council
Agenda• Overview of SmartPath
• Principles
• Project Scope
• The Process
• How Does it Work
• Progress
• Major Issues
• The Future
© Southampton City Council Sean Dawtry – Southampton City Council
Overview
• Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery.
• Though Development of PKI
• Build Around Existing SmartCities Scheme
• Available from Kiosks, PCs in Libraries
• 6000 Citizens
© Southampton City Council Sean Dawtry – Southampton City Council
Principles
• Bridge Digital Divide
• Through SmartCard
• Public Access Points
• Needed Real World Application– Housing Repairs
• Portability and Interoperability– Java 2 Enterprise Edition– XML
© Southampton City Council Sean Dawtry – Southampton City Council
Scope
• Business Process Development– SmartCities– Housing– PKI/Certificate Management
• Infrastructure Development
• System Design
• Integration– With Back Office– SmartCities
• Secure Portal
• Intuitive User Interface
© Southampton City Council Sean Dawtry – Southampton City Council
Process
• Select Systems Integrator– S-CAT
• Phase One– Logical Architecture– Supplier Selection– High Level Physical Architecture
• Phase Two– Define Physical Infrastructure – Integration Definition– Public Consultation
© Southampton City Council Sean Dawtry – Southampton City Council
Process• Phase 2
– Design of Processes• Housing repairs• SmartCities Registration• Certificate Management
• Phase 3– Software Development
– Infrastructure Installation
– Integration
– Testing
– Implementation
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Registration– Certificate Request Posted from SmartCities to FTP
Server
– Certificate Server Regularly Polls for Requests
– FTP Request to Certificate Server
– Check in CRM to Confirm Housing Tenant
– Certificate and User Account Created
– FTP Back to SmartCities
– Card Encoded with Certificate Ready for Use
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Login Process– Card Inserted Inserted Reader
– PIN Unlocks Necessary Keys
– Certificate Copied From the Card to Cryptographic Store in Microsoft IE 5
– Java Applet Synchronises Certificate with User Account
– Confirmation of Account Entry in Security/Policy Server
– Access to Specified Resources via Proxy Server through Firewall• Housing Repairs
– Upon Completion Cryptographic Store is Flushed
– Ready For Next User
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Lost/Stolen/Blacklisted Cards– Card Loss Report– SmartCities Creates a ‘Hotlist’– ‘Hotlist’ Sent to SmartPath– Checked – Certificate and Account Revoked– New Card Created if Necessary– Registration Process Begins
© Southampton City Council Sean Dawtry – Southampton City Council
Progress
• Currently in Final Phase of Testing
•Due to Complete 29th April
•Delays Due to•Need to Replace Security Infrastructure Supplier
•Issues Relating to Card/Browser Synchronisation
•Key Member of Staff on Jury Service for 2 Weeks
© Southampton City Council Sean Dawtry – Southampton City Council
Major Issues
• Coordinating Multiple Partners
• Level of Work Required on Certificate Policies– Certificate Policy – Certificate Practice Statement
• Integration Between Smart cards and Web Browser ‘Don’t Believe the Hype’
© Southampton City Council Sean Dawtry – Southampton City Council
The Future
• Develop Key Components as a Product that Could Implemented Elsewhere
• Share Documents – Certificate Practice Statement– Certificate Policy– Design Documents
• Develop as a National model
• Integrate With UK-Online
• Obtain T-Scheme Approval
© Southampton City Council Sean Dawtry – Southampton City Council