SlideShare a Scribd company logo

E collaborationscottrea

Download as PPT, PDF
Collaborative Health Consortium
Collaborative Health Consortium
Technology
1 of 18
Direct Trust Infrastructure : The Technical Details Presented by: Scott Rea 02/23/2012 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
Contents Slide Title 3 Direct Trust Framework 4 Public Key Infrastructure (PKI) 7 Public & Private Keys 9 Digital Certificates 10 Encryption 11 Digital Signatures 12 Authentication 13 Certification Authority 14 Registration Authority 15 Issuance Process 16 CA – RA Relationship 17 Transactions
Direct Trust Framework • The Direct Trust Framework is built on a set of standards that combines technology with policies on how and when the technology is utilized/applied, who the participants are, and what their roles and responsibilities are in the system • Technology by itself is not sufficient to solve “Trust” issues • The technology utilized in this case is Public Key Infrastructure (PKI)
What is PKI? • Public Key Infrastructure • Comprehensive security technology and policies using cryptography and standards to enable users to: – Identify (authenticate) themselves to network services, access policies, and each other to prove source of origin and destination. – Digitally sign electronic documents, email and other data to provide authorization and prove integrity. – Encrypt email, data, and other documents to prevent unauthorized access.
Why PKI? • Uniform way to address securing many different types of applications • Enables reliable authentication, digital signing and encryption • Overcomes many weaknesses of using password based protocols on open networks • Facilitates easy setup of shared secrets between previously unknown parties • Strong and proven underlying security technology • Widely included in technology products
Underlying Key Technology • A pair of asymmetric keys is used, one to encrypt, the other to decrypt. • Each key can only decrypt data encrypted with the other. • Invented in 1976 by Whit Diffie and Martin Hellman • Commercialized by RSA Security • Recently other more efficient schemes emerging e.g. ECC Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only)
Public and Private Keys • PKI is based on the use of a pair of related numbers called “keys” • They are generated in such a way that knowing one, does not give you any knowledge of the other, but using one requires the other to complete a transaction • The "public" key is placed into a certificate which published far and wide for all to use. • The "private" key is only used by its owner and MUST be kept a secret. • No need to exchange a secret "key" ahead of time by some other channel.
Applications of PKI • Authentication and Authorization of end points in an internet transaction – e.g. users and servers, server to server, user to user – This is the basis for the SSL protocol used to secure web connections using https. • Secure Messaging – e-mail (signed and encrypted) – Secure instant messaging • Electronic signatures – Documents, data, agreements – Prescriptions, Insurance authorizations, case notes • Data encryption – Medical records, Diagnostic datasets, Business documents, Financial data, databases, executable code • Network data protection (VPN, wireless)
What is a certificate? • Signed data structure (x.509 standard) binds some information to a public key. • Trusted entity, called a Certification Authority (CA) asserts validity of information in the certificate, enforces policies for issuing certificates. • Certificate information is usually a personal identity, a server name, or a service identifier, with authorizations for how the keys should be used. • Think of a certificate with its keys as an electronic: – ID card, – encoder/decoder device, and – official seal or notary-style stamp.
Encryption • Asymmetric encryption prevents need for shared secrets. • Anyone encrypts with public key of recipient. • Requires some mechanism for discovering intended recipient’s public key • Only the recipient can decrypt with their private key. • Private key is secret, so “bad guys” can’t read encrypted data. Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only)
Digital Signatures • Compute message digest, encrypt with your private key. • Reader decrypts with your public key. • Re-compute the digest and verify match with original – guarantees no one has modified signed data. • Only signer has private key, so no one else can spoof their digital signature. Compute digest, sign & date, encrypt (possessor of private key only) Plain Text Encrypted Text Verify signature, check digest (anyone with public key)
Authentication • A CA - Certification Authority, signs a certificate attesting that the public key belongs to the entity named in the certificate • Certificate Policy indicates what steps are taken to verify identity and how the CA systems operate to ensure security and integrity • CA is a Trusted Third Party providing a seal of authenticity • Use of certificate provides reliability and non-repudiation in the identity of the source or destination of a transaction public p u bl ic
What is a certificate authority? • An organization that creates, publishes, and revokes certificates. • Verifies the information in the certificate. • Protects general security and policies of the system and its records. • Allows you to check certificates so you can decide whether to use them in business transactions. • Has one or more trusted Roots, called a trust anchor embedded in applications
What is a Registration Authority? • An organization that collects and verifies the identity information that will be used in a certificate based on published standards. • Represents a Certification Authority for any face- to-face validation of identity • Must be authorized by the relevant Certification Authority for this purpose – Audit of processes required – Archival of evidence data required
Issuance Process Certificate Authority (CA) Identity/Trust Certificate Verification Validation Service Certificate Signing Revocation Services Services The CA and RA enforce 6. Certificate Signing 7. Direct Organization Request Certificate the policies specified in the DirectTrust.org and FBCA 2. Request Direct Certificate Policies (CPs). Organization Assume has Digital Identity Certificate Registration Authority (RA) Certificate 3. Credentials and Documentation Compile/Validate Identity and Trust HCO Documentation Representative  Representative FBCA Credentials  Representative Healthcare Authorization Organization (HCO)  Legal Entity 4. Direct 8. Direct Organization Documents Organization 5. Public Domain Key Certificate  Membership/Trust Agreement  HIPAA status Domain Name System (DNS) 1. Enroll with HISP 9. Direct Address/ Org Certificate Health Information Service Provider (HISP) LDAP Name System Source: DirectTrust.org February, 2012
CA – RA Relationship DirectTrust.org FBCA Certificate Policy Certificate Policy Certificate Authority (CA) Audit Identity/Trust Certificate Verification Validation Service Certification Practices Statement Certificate Signing Revocation Services Services Audit Registration Practices Audit Statement RA Agreement Registration Authority (RA) Compile/Validate Identity and Trust Documentation Source: DirectTrust.org February, 2012
Transactions Certificates vetted to FBCA HIPAA Covered Entity Medium LoA standard Assertion governed by ensures strongest binding DirectTrust CP between PKI keys and identity listed in the cert PKI Encryption ensures confidentiality in messages PKI Digital Signatures ensures integrity and reliability of messages PKI Authentication provides authenticity and trust of message reaching intended recipients
Questions? • Scott Rea, CISSP VP GOV/EDU Relations and Sr. PKI Architect DigiCert, Inc. Lindon UT 84042 • Scott@DigiCert.com • (801) 701-9636 • http://www.digicert.com/news/bios-scott-rea.htm • http://www.directtrust.wikispaces.com • http://www.DigiCert.com/

Recommended

Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
KrutiShah114
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
CheapSSLUSA
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
P2PSystem
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 
Certification authority
Certification authorityCertification authority
Certification authority
proser tech
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
Alex de Jong
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
bluntm64
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 

Recommended

Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authority
KrutiShah114
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
CheapSSLUSA
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
P2PSystem
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 
Certification authority
Certification authorityCertification authority
Certification authority
proser tech
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
Alex de Jong
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
bluntm64
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
Theo Gravity
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
Information Security Awareness Group
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
Tony Fabeen
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
Editor IJARCET
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
svm
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET Journal
 
PKI in Korea
PKI in KoreaPKI in Korea
PKI in Korea
The World Bank
 
Digital signature
Digital signatureDigital signature
Digital signature
Yash Karanke
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business
Jinhwan Shin
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
priyanka Garg
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2
Lucas Gritziotis
 
Aws jvaria e_collaborationforum
Aws jvaria e_collaborationforumAws jvaria e_collaborationforum
Aws jvaria e_collaborationforum
Collaborative Health Consortium
 
David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration ForumDavid Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
Collaborative Health Consortium
 

More Related Content

What's hot

PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
Editor IJARCET
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2
Lucas Gritziotis
 

What's hot (20)

Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
PKI in Korea
PKI in KoreaPKI in Korea
PKI in Korea
 
Digital signature
Digital signatureDigital signature
Digital signature
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2DS-Entrust-SSL-Document-Signing-APR16-WEB2
DS-Entrust-SSL-Document-Signing-APR16-WEB2
 

Viewers also liked

David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration ForumDavid Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
Collaborative Health Consortium
 
Direct Scalable Trust Forum
Direct Scalable Trust ForumDirect Scalable Trust Forum
Direct Scalable Trust Forum
Brian Ahier
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider Directories
Brian Ahier
 
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Brian Ahier
 

Viewers also liked (7)

Aws jvaria e_collaborationforum
Aws jvaria e_collaborationforumAws jvaria e_collaborationforum
Aws jvaria e_collaborationforum
 
David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration ForumDavid Kibbe of DirectTrust.org at 2012 eCollaboration Forum
David Kibbe of DirectTrust.org at 2012 eCollaboration Forum
 
Direct Scalable Trust Forum
Direct Scalable Trust ForumDirect Scalable Trust Forum
Direct Scalable Trust Forum
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider Directories
 
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
 

Similar to E collaborationscottrea

I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
JUSTSTYLISH3B2MOHALI
 
Explain the role of the certificate authority and registration autho.pdf
Explain the role of the certificate authority and registration autho.pdfExplain the role of the certificate authority and registration autho.pdf
Explain the role of the certificate authority and registration autho.pdf
ashokarians
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptx
RAMESHMRA21130030110
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
CSCJournals
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
Editor IJARCET
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
Keynectis
 

Similar to E collaborationscottrea (20)

Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
Explain the role of the certificate authority and registration autho.pdf
Explain the role of the certificate authority and registration autho.pdfExplain the role of the certificate authority and registration autho.pdf
Explain the role of the certificate authority and registration autho.pdf
 
Cryptography in user authentication
Cryptography in user authenticationCryptography in user authentication
Cryptography in user authentication
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptx
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
Everything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdfEverything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdf
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accurately
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
PKI - The Backbone of Digital Signatures - DrySign by Exela
PKI - The Backbone of Digital Signatures - DrySign by ExelaPKI - The Backbone of Digital Signatures - DrySign by Exela
PKI - The Backbone of Digital Signatures - DrySign by Exela
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
The world of encryption
The world of encryptionThe world of encryption
The world of encryption
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a Service
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 

More from Collaborative Health Consortium

Himss e collaboration forum closing session (kuraitis, shah) final
Himss e collaboration forum closing session (kuraitis, shah) finalHimss e collaboration forum closing session (kuraitis, shah) final
Himss e collaboration forum closing session (kuraitis, shah) final
Collaborative Health Consortium
 

More from Collaborative Health Consortium (15)

John Freedman - All-payer claims databases - CHC Pilots & Collaborations
John Freedman - All-payer claims databases - CHC Pilots & CollaborationsJohn Freedman - All-payer claims databases - CHC Pilots & Collaborations
John Freedman - All-payer claims databases - CHC Pilots & Collaborations
 
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
 
Dave Chase, Avado CEO, presents to CHC
Dave Chase, Avado CEO, presents to CHCDave Chase, Avado CEO, presents to CHC
Dave Chase, Avado CEO, presents to CHC
 
E-Innovations to Support Primary Care
E-Innovations to Support Primary CareE-Innovations to Support Primary Care
E-Innovations to Support Primary Care
 
From Silo's to Legos
From Silo's to LegosFrom Silo's to Legos
From Silo's to Legos
 
Ahier himss 2012 - direct project overview presentation
Ahier himss 2012 - direct project overview presentationAhier himss 2012 - direct project overview presentation
Ahier himss 2012 - direct project overview presentation
 
Salesforce ecollab himss2 copy
Salesforce ecollab himss2 copySalesforce ecollab himss2 copy
Salesforce ecollab himss2 copy
 
Nobel payer panel e collaborationforum 2.23.12
Nobel payer panel e collaborationforum 2.23.12Nobel payer panel e collaborationforum 2.23.12
Nobel payer panel e collaborationforum 2.23.12
 
E collaborationforumjoemiller (jmiller v1)
E collaborationforumjoemiller (jmiller v1)E collaborationforumjoemiller (jmiller v1)
E collaborationforumjoemiller (jmiller v1)
 
120223 e collaborationforum ppt_migliori
120223 e collaborationforum ppt_migliori120223 e collaborationforum ppt_migliori
120223 e collaborationforum ppt_migliori
 
Kolodner2 e collaborationforum
Kolodner2 e collaborationforumKolodner2 e collaborationforum
Kolodner2 e collaborationforum
 
E collaborationforum ppt_jmandel
E collaborationforum ppt_jmandelE collaborationforum ppt_jmandel
E collaborationforum ppt_jmandel
 
Blatt e collaborative himss 2012 final
Blatt e collaborative himss 2012 finalBlatt e collaborative himss 2012 final
Blatt e collaborative himss 2012 final
 
Himss e collaboration forum closing session (kuraitis, shah) final
Himss e collaboration forum closing session (kuraitis, shah) finalHimss e collaboration forum closing session (kuraitis, shah) final
Himss e collaboration forum closing session (kuraitis, shah) final
 
Dave Whitlinger - NYeHC - eCollaborationForum 2012 - 02/23/12
Dave Whitlinger - NYeHC - eCollaborationForum 2012 - 02/23/12Dave Whitlinger - NYeHC - eCollaborationForum 2012 - 02/23/12
Dave Whitlinger - NYeHC - eCollaborationForum 2012 - 02/23/12
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

E collaborationscottrea

  • 1. Direct Trust Infrastructure : The Technical Details Presented by: Scott Rea 02/23/2012 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
  • 2. Contents Slide Title 3 Direct Trust Framework 4 Public Key Infrastructure (PKI) 7 Public & Private Keys 9 Digital Certificates 10 Encryption 11 Digital Signatures 12 Authentication 13 Certification Authority 14 Registration Authority 15 Issuance Process 16 CA – RA Relationship 17 Transactions
  • 3. Direct Trust Framework • The Direct Trust Framework is built on a set of standards that combines technology with policies on how and when the technology is utilized/applied, who the participants are, and what their roles and responsibilities are in the system • Technology by itself is not sufficient to solve “Trust” issues • The technology utilized in this case is Public Key Infrastructure (PKI)
  • 4. What is PKI? • Public Key Infrastructure • Comprehensive security technology and policies using cryptography and standards to enable users to: – Identify (authenticate) themselves to network services, access policies, and each other to prove source of origin and destination. – Digitally sign electronic documents, email and other data to provide authorization and prove integrity. – Encrypt email, data, and other documents to prevent unauthorized access.
  • 5. Why PKI? • Uniform way to address securing many different types of applications • Enables reliable authentication, digital signing and encryption • Overcomes many weaknesses of using password based protocols on open networks • Facilitates easy setup of shared secrets between previously unknown parties • Strong and proven underlying security technology • Widely included in technology products
  • 6. Underlying Key Technology • A pair of asymmetric keys is used, one to encrypt, the other to decrypt. • Each key can only decrypt data encrypted with the other. • Invented in 1976 by Whit Diffie and Martin Hellman • Commercialized by RSA Security • Recently other more efficient schemes emerging e.g. ECC Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only)
  • 7. Public and Private Keys • PKI is based on the use of a pair of related numbers called “keys” • They are generated in such a way that knowing one, does not give you any knowledge of the other, but using one requires the other to complete a transaction • The "public" key is placed into a certificate which published far and wide for all to use. • The "private" key is only used by its owner and MUST be kept a secret. • No need to exchange a secret "key" ahead of time by some other channel.
  • 8. Applications of PKI • Authentication and Authorization of end points in an internet transaction – e.g. users and servers, server to server, user to user – This is the basis for the SSL protocol used to secure web connections using https. • Secure Messaging – e-mail (signed and encrypted) – Secure instant messaging • Electronic signatures – Documents, data, agreements – Prescriptions, Insurance authorizations, case notes • Data encryption – Medical records, Diagnostic datasets, Business documents, Financial data, databases, executable code • Network data protection (VPN, wireless)
  • 9. What is a certificate? • Signed data structure (x.509 standard) binds some information to a public key. • Trusted entity, called a Certification Authority (CA) asserts validity of information in the certificate, enforces policies for issuing certificates. • Certificate information is usually a personal identity, a server name, or a service identifier, with authorizations for how the keys should be used. • Think of a certificate with its keys as an electronic: – ID card, – encoder/decoder device, and – official seal or notary-style stamp.
  • 10. Encryption • Asymmetric encryption prevents need for shared secrets. • Anyone encrypts with public key of recipient. • Requires some mechanism for discovering intended recipient’s public key • Only the recipient can decrypt with their private key. • Private key is secret, so “bad guys” can’t read encrypted data. Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only)
  • 11. Digital Signatures • Compute message digest, encrypt with your private key. • Reader decrypts with your public key. • Re-compute the digest and verify match with original – guarantees no one has modified signed data. • Only signer has private key, so no one else can spoof their digital signature. Compute digest, sign & date, encrypt (possessor of private key only) Plain Text Encrypted Text Verify signature, check digest (anyone with public key)
  • 12. Authentication • A CA - Certification Authority, signs a certificate attesting that the public key belongs to the entity named in the certificate • Certificate Policy indicates what steps are taken to verify identity and how the CA systems operate to ensure security and integrity • CA is a Trusted Third Party providing a seal of authenticity • Use of certificate provides reliability and non-repudiation in the identity of the source or destination of a transaction public p u bl ic
  • 13. What is a certificate authority? • An organization that creates, publishes, and revokes certificates. • Verifies the information in the certificate. • Protects general security and policies of the system and its records. • Allows you to check certificates so you can decide whether to use them in business transactions. • Has one or more trusted Roots, called a trust anchor embedded in applications
  • 14. What is a Registration Authority? • An organization that collects and verifies the identity information that will be used in a certificate based on published standards. • Represents a Certification Authority for any face- to-face validation of identity • Must be authorized by the relevant Certification Authority for this purpose – Audit of processes required – Archival of evidence data required
  • 15. Issuance Process Certificate Authority (CA) Identity/Trust Certificate Verification Validation Service Certificate Signing Revocation Services Services The CA and RA enforce 6. Certificate Signing 7. Direct Organization Request Certificate the policies specified in the DirectTrust.org and FBCA 2. Request Direct Certificate Policies (CPs). Organization Assume has Digital Identity Certificate Registration Authority (RA) Certificate 3. Credentials and Documentation Compile/Validate Identity and Trust HCO Documentation Representative  Representative FBCA Credentials  Representative Healthcare Authorization Organization (HCO)  Legal Entity 4. Direct 8. Direct Organization Documents Organization 5. Public Domain Key Certificate  Membership/Trust Agreement  HIPAA status Domain Name System (DNS) 1. Enroll with HISP 9. Direct Address/ Org Certificate Health Information Service Provider (HISP) LDAP Name System Source: DirectTrust.org February, 2012
  • 16. CA – RA Relationship DirectTrust.org FBCA Certificate Policy Certificate Policy Certificate Authority (CA) Audit Identity/Trust Certificate Verification Validation Service Certification Practices Statement Certificate Signing Revocation Services Services Audit Registration Practices Audit Statement RA Agreement Registration Authority (RA) Compile/Validate Identity and Trust Documentation Source: DirectTrust.org February, 2012
  • 17. Transactions Certificates vetted to FBCA HIPAA Covered Entity Medium LoA standard Assertion governed by ensures strongest binding DirectTrust CP between PKI keys and identity listed in the cert PKI Encryption ensures confidentiality in messages PKI Digital Signatures ensures integrity and reliability of messages PKI Authentication provides authenticity and trust of message reaching intended recipients
  • 18. Questions? • Scott Rea, CISSP VP GOV/EDU Relations and Sr. PKI Architect DigiCert, Inc. Lindon UT 84042 • Scott@DigiCert.com • (801) 701-9636 • http://www.digicert.com/news/bios-scott-rea.htm • http://www.directtrust.wikispaces.com • http://www.DigiCert.com/

Editor's Notes

  1. Why use PKI? Effective security has become crucial to extend electronic communication and business processes beyond the current state of the art. Legislative mandates.