Presentation for EFPE - Creating security services for business processes

448 views
333 views

Published on

The foundation of building the Cloud of Trust is the Trust Service, which is a broker of trust services, which provides two types of services:
• Signing services – providing safeguards for the created documents
• Services of executing the business process – providing the evidence from the process
The role of Trust Services is to aggregate in one place a variety of signing services and business process support and the exchange of trust with the other Trust Service services.
Beside the services mentioned above, the cloud of trust consists of:
• Certificate Services – including delivery of certificates and managing they’re lifecycle.
• Control Services – providing confirmations and safeguards for signing services.
• Attribute Services – which are delivering attributes needed by the business processes.
• Trusted Repository – storing and sharing evidence from realised business processes.
All services that make up the Cloud of Trust are connected one with another, providing evidence from the realised business processes that is needed to achieve the business goal of the participants.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
448
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Presentation for EFPE - Creating security services for business processes

  1. 1. ©2013 Trusted Information Consulting Sp. z o.o.Trust services for businessprocessesMichał TaborTrusted Information ConsultingMiędzyzdroje, EFPE 2013
  2. 2. ©2013 Trusted Information Consulting Sp. z o.o.AgendaCloud of TrustComponents ofthe cloud
  3. 3. ©2013 Trusted Information Consulting Sp. z o.o.MotivationDeliver electronic transactionsservices suitable the businessExploit the potential of experience inbuilding PKILearn from mistakes:– Solutions not understandable for society– Unfitted business model
  4. 4. ©2013 Trusted Information Consulting Sp. z o.o.Doing businessEmployee - consultantEmployee wants to provide work and receive salaryEmployerEmployer wants to have job done and have evidence foraccounting purposesNeed ofcontract
  5. 5. ©2013 Trusted Information Consulting Sp. z o.o.Doing businessEmployee - consultantEmployee wants to provide work and receive salaryEmployerEmployer wants to have job done and have evidence foraccounting purposesNeed ofcontractProcess of establishingcontractTrustworthycontractMeets needsand mitigatesriskMeets needsand mitigatesrisk
  6. 6. ©2013 Trusted Information Consulting Sp. z o.o.Process of establishingcontractDoing businessEmployee - consultantEmployerNeed ofcontractBusiness processTrustworthycontract
  7. 7. ©2013 Trusted Information Consulting Sp. z o.o.Business processPKI SIGNINGEmployee - consultantEmployerNeed ofcontractTrustworthycontract
  8. 8. ©2013 Trusted Information Consulting Sp. z o.o.Business processDoing businessEmployee - consultantEmployerNeed ofcontractTrustworthycontract?Meets needs andmitigates riskMeets needs andmitigates risk?
  9. 9. ©2013 Trusted Information Consulting Sp. z o.o.Business processDoing businessEmployee - consultantEmployerNeed ofcontractTrustworthycontractMeets needs andmitigates riskMeets needs andmitigates riskCloud of trust
  10. 10. ©2013 Trusted Information Consulting Sp. z o.o.Cloud of TrustWorkflow definitionUser needsdefinitionWorkflowsUser needs
  11. 11. ©2013 Trusted Information Consulting Sp. z o.o.Cloud of TrustRisk mitigationUserCommitmentVerificationAuthorizationConfirmationUserAuthenticationeSignatureTrustSecurityWorkflowsUser needsEvidence
  12. 12. ©2013 Trusted Information Consulting Sp. z o.o.Cloud of TrustRisk mitigationUserCommitmentVerificationAuthorizationConfirmationUserAuthenticationUserAuthenticationTrustSecurityWorkflowsUser needsEvidence providers
  13. 13. ©2013 Trusted Information Consulting Sp. z o.o.Trust service
  14. 14. ©2013 Trusted Information Consulting Sp. z o.o.TRUSTED SERVICES
  15. 15. ©2013 Trusted Information Consulting Sp. z o.o.WORKFLOW SERVICEProcess controlSignatures collectionOther evidence collectionDocument disseminationRegistred emailTrade portal
  16. 16. ©2013 Trusted Information Consulting Sp. z o.o.DOCUMENT REPOSITORYAuthenticityIntegrityLong term preservationTranslation betweenmedia, formatsSmart paperNotary service
  17. 17. ©2013 Trusted Information Consulting Sp. z o.o.SIGNATURE SERVICECollects signature evidence– Authentications– Authorisations– Cerificates– Attributes– TimeSignature creation assistanceServer SigningMobile SigningSignature application for standard PKIPKI 2.0 Lightweight CertificateSignature
  18. 18. ©2013 Trusted Information Consulting Sp. z o.o.ATTRIBUTE SERVICEPrivate dataRegisters and databasesState based attributesDeclarationsExternal attributeservicesBank confirmationsTrusted profileSTORK attributesexchange
  19. 19. ©2013 Trusted Information Consulting Sp. z o.o.CONTROLS SERVICEAuthenticationAuthorisation to signature service usageWorkflow based controlsAutorisation to attributesusageCards, Keys, Passwords, SMSes, …SAML AuthorisationSigning time frame, IP, workstationrestrictions, holds, …
  20. 20. ©2013 Trusted Information Consulting Sp. z o.o.SIGNING ENVIRONMENT
  21. 21. ©2013 Trusted Information Consulting Sp. z o.o.SIGNATURE SERVICE
  22. 22. ©2013 Trusted Information Consulting Sp. z o.o.MULTIPLE SERVICES
  23. 23. ©2013 Trusted Information Consulting Sp. z o.o.Trust exchange
  24. 24. ©2013 Trusted Information Consulting Sp. z o.o.Thank you for your attentionMichał Tabormichal.tabor@pki2.euhttp://twitter.com/Michal_Taborhttp://pki2.eu

×