Implementing a PKI
-
Upload
jacob-ruiz -
Category
Documents
-
view
19 -
download
1
description
Transcript of Implementing a PKI
![Page 1: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/1.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Implementing a PKI
The Southampton Pathfinder for Smart Cards in public services
![Page 2: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/2.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Agenda• Overview of SmartPath
• Principles
• Project Scope
• The Process
• How Does it Work
• Progress
• Major Issues
• The Future
![Page 3: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/3.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Overview
• Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery.
• Though Development of PKI
• Build Around Existing SmartCities Scheme
• Available from Kiosks, PCs in Libraries
• 6000 Citizens
![Page 4: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/4.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Principles
• Bridge Digital Divide
• Through SmartCard
• Public Access Points
• Needed Real World Application– Housing Repairs
• Portability and Interoperability– Java 2 Enterprise Edition– XML
![Page 5: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/5.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Scope
• Business Process Development– SmartCities– Housing– PKI/Certificate Management
• Infrastructure Development
• System Design
• Integration– With Back Office– SmartCities
• Secure Portal
• Intuitive User Interface
![Page 6: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/6.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Process
• Select Systems Integrator– S-CAT
• Phase One– Logical Architecture– Supplier Selection– High Level Physical Architecture
• Phase Two– Define Physical Infrastructure – Integration Definition– Public Consultation
![Page 7: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/7.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Process• Phase 2
– Design of Processes• Housing repairs• SmartCities Registration• Certificate Management
• Phase 3– Software Development
– Infrastructure Installation
– Integration
– Testing
– Implementation
![Page 8: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/8.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Registration– Certificate Request Posted from SmartCities to FTP
Server
– Certificate Server Regularly Polls for Requests
– FTP Request to Certificate Server
– Check in CRM to Confirm Housing Tenant
– Certificate and User Account Created
– FTP Back to SmartCities
– Card Encoded with Certificate Ready for Use
![Page 9: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/9.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Login Process– Card Inserted Inserted Reader
– PIN Unlocks Necessary Keys
– Certificate Copied From the Card to Cryptographic Store in Microsoft IE 5
– Java Applet Synchronises Certificate with User Account
– Confirmation of Account Entry in Security/Policy Server
– Access to Specified Resources via Proxy Server through Firewall• Housing Repairs
– Upon Completion Cryptographic Store is Flushed
– Ready For Next User
![Page 10: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/10.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
How Does It Work
• Lost/Stolen/Blacklisted Cards– Card Loss Report– SmartCities Creates a ‘Hotlist’– ‘Hotlist’ Sent to SmartPath– Checked – Certificate and Account Revoked– New Card Created if Necessary– Registration Process Begins
![Page 11: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/11.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Progress
• Currently in Final Phase of Testing
•Due to Complete 29th April
•Delays Due to•Need to Replace Security Infrastructure Supplier
•Issues Relating to Card/Browser Synchronisation
•Key Member of Staff on Jury Service for 2 Weeks
![Page 12: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/12.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
Major Issues
• Coordinating Multiple Partners
• Level of Work Required on Certificate Policies– Certificate Policy – Certificate Practice Statement
• Integration Between Smart cards and Web Browser ‘Don’t Believe the Hype’
![Page 13: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/13.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council
The Future
• Develop Key Components as a Product that Could Implemented Elsewhere
• Share Documents – Certificate Practice Statement– Certificate Policy– Design Documents
• Develop as a National model
• Integrate With UK-Online
• Obtain T-Scheme Approval
![Page 14: Implementing a PKI](https://reader036.fdocuments.net/reader036/viewer/2022072014/56812ca5550346895d914df2/html5/thumbnails/14.jpg)
© Southampton City Council Sean Dawtry – Southampton City Council