SlideShare a Scribd company logo

GlobalSign's Hosted OCSP for IoT PKIs

Download as PPTX, PDF
GlobalSign
GlobalSign

Learn about the GlobalSign Online Certificate Status Protocol (OCSP) service for IoT PKIs. As a CA agnostic service it can accommodate certificates provisioned with in-house PKIs or other commercial CAs. It performs certificate checks, functions as a certificate inventory and enables OCSP revocation with high availability and performance.

Technology
1 of 9
GlobalSign IoT Overview Diane Vautier – December 31, 2019 IoT Hosted OCSP
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 2 • Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. ~ Wikipedia • Hosted means it’s part of a cloud infrastructure, operated by a third-party (GlobalSign), rather than self-managed, on-premise. • It is part of a Validation Authority (VA). – A VA is a key component of Public Key Infrastructure (PKI) – A VA receives a request for the revocation status of a digital certificate, checks the status - good, revoked or unknown - and responds to the requester with that information. What is Hosted OCSP?
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 3 • Certificate Status Check – At it’s core, GlobalSign’s Hosted OCSP service functions to check the status of digital certificates. Working with reputable third-party content delivery network providers such as CloudFlare, Fastly, Tencent (China) and Alibaba (China), we’re able to deliver that service with high availability and performance. • Certificate Inventory – GlobalSign’s solution is also a certificate inventory, offering a way to consolidate disparate certificate types from disparate CAs, and even from decommissioned CAs (to eliminate orphaned certificates). – Provides basic management of those certificates to query validation expiry, issuing CA and other key identifiers. • Certificate Revocation – The combination of our OCSP servers/responders, working in conjunction with our certificate inventory, enables customers to change the status of a certificate in the inventory, thus revoking its good standing. More than a Certificate Status Check
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 4 • Firms that operate a locally-hosted PKI and/or CA • Original Equipment Manufacturers (OEMs) of IoT connected devices • Electronics Manufacturing Services (EMS) firms • Semiconductor manufacturers Who Uses Hosted OCSP?
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 5 • PKI complexity and lack of expertise • Long certificate validity periods • Disparate certificate types and CAs • High on-premise operational expenses • Meet recommended standards • Ease and speed of implementation Challenges of On-Premise
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 6 • Simplified PKI management • Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle • Manage all types of certificates, regardless of type or issuer (CA Agnostic) • Minimize operational expense of locally-hosted PKIs • Adhere to IETF’s RFC 6960 • RESTful API speeds integration for fast certificate upload • Ensure certificate revocation after the device leaves the production floor Benefits of GlobalSign’s Hosted OCSP
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 7 How it Works Three Key Steps: 1. Upload existing certificates 2. Select digital signing method 3. Enable OCSP Responder
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 8 • How OCSP and CRL are alike – In cryptography and PKI, both CRLs and OCSPs maintain lists of digital certificates (X. 509) that have been revoked by the issuing CA before their scheduled expiration date and can no longer be trusted. – Certificates are revoked for a number of reasons including an improper certificate issuance, certificate replacement, certificate issuer ceasing operation, the certificate holder didn’t pay a bill, or the private key was compromised. • Online Certificate Status Protocol (OCSP) – OCSP is dynamic, delivering more accurate, faster responses, which reduces attack surface. – The OCSP server is queried like a database for a specific certificate entry, not downloaded in its entirety. The OCSP response is signed (either directly by the original CA/ICA or with a delegated signing certificate) and contains a status for the certificate. This process increases performance and reduces latency over CRL. – Adheres to RFC 6960. – Scalable to high volume. • Certificate Revocation List (CRL) – CRLs are relatively static (scheduled, periodic updates), which exposes an attack surface between updates. – Requests to CRLs must download the entire list and then search it. Over time, the CRLs grow as the number of certificates are revoked and this results in large CRLs and increased latency during the TLS handshake. – Adheres to RFC 5280. – Limited in scalability. Why OCSP over CRL?
Thank you About GlobalSign GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud service providers and IoT innovators around the world to secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). DIANE VAUTIER Product Marketing Manager, IoT diane.vautier@globalsign.com @dvautier GlobalSign IoT: the Custom PKI Experts

Recommended

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...R3
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 

Recommended

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...R3
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsR3
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-idsecconf
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...R3
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.ManageEngine, Zoho Corporation
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 

More Related Content

What's hot

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsR3
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-idsecconf
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...R3
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.ManageEngine, Zoho Corporation
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 

What's hot (20)

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted Computing
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM Presentation
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted Computing
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 

Similar to GlobalSign's Hosted OCSP for IoT PKIs

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?APNIC
 
Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Oracle Developers
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle Developers
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For EducationSanjeev Raman
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructuredaxtindavon
 
IWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlWarren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain PlatformJuarez Junior
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 

Similar to GlobalSign's Hosted OCSP for IoT PKIs (20)

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptx
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?
 
Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructure
 
IWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down Under
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and Degrees
 
Alpha Education
Alpha EducationAlpha Education
Alpha Education
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204d
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
 

More from GlobalSign

GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign
 
A Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateA Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateGlobalSign
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...GlobalSign
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 

More from GlobalSign (7)

GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and Portal
 
A Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateA Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL Certificate
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

GlobalSign's Hosted OCSP for IoT PKIs

  • 1. GlobalSign IoT Overview Diane Vautier – December 31, 2019 IoT Hosted OCSP
  • 2. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 2 • Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. ~ Wikipedia • Hosted means it’s part of a cloud infrastructure, operated by a third-party (GlobalSign), rather than self-managed, on-premise. • It is part of a Validation Authority (VA). – A VA is a key component of Public Key Infrastructure (PKI) – A VA receives a request for the revocation status of a digital certificate, checks the status - good, revoked or unknown - and responds to the requester with that information. What is Hosted OCSP?
  • 3. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 3 • Certificate Status Check – At it’s core, GlobalSign’s Hosted OCSP service functions to check the status of digital certificates. Working with reputable third-party content delivery network providers such as CloudFlare, Fastly, Tencent (China) and Alibaba (China), we’re able to deliver that service with high availability and performance. • Certificate Inventory – GlobalSign’s solution is also a certificate inventory, offering a way to consolidate disparate certificate types from disparate CAs, and even from decommissioned CAs (to eliminate orphaned certificates). – Provides basic management of those certificates to query validation expiry, issuing CA and other key identifiers. • Certificate Revocation – The combination of our OCSP servers/responders, working in conjunction with our certificate inventory, enables customers to change the status of a certificate in the inventory, thus revoking its good standing. More than a Certificate Status Check
  • 4. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 4 • Firms that operate a locally-hosted PKI and/or CA • Original Equipment Manufacturers (OEMs) of IoT connected devices • Electronics Manufacturing Services (EMS) firms • Semiconductor manufacturers Who Uses Hosted OCSP?
  • 5. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 5 • PKI complexity and lack of expertise • Long certificate validity periods • Disparate certificate types and CAs • High on-premise operational expenses • Meet recommended standards • Ease and speed of implementation Challenges of On-Premise
  • 6. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 6 • Simplified PKI management • Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle • Manage all types of certificates, regardless of type or issuer (CA Agnostic) • Minimize operational expense of locally-hosted PKIs • Adhere to IETF’s RFC 6960 • RESTful API speeds integration for fast certificate upload • Ensure certificate revocation after the device leaves the production floor Benefits of GlobalSign’s Hosted OCSP
  • 7. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 7 How it Works Three Key Steps: 1. Upload existing certificates 2. Select digital signing method 3. Enable OCSP Responder
  • 8. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 8 • How OCSP and CRL are alike – In cryptography and PKI, both CRLs and OCSPs maintain lists of digital certificates (X. 509) that have been revoked by the issuing CA before their scheduled expiration date and can no longer be trusted. – Certificates are revoked for a number of reasons including an improper certificate issuance, certificate replacement, certificate issuer ceasing operation, the certificate holder didn’t pay a bill, or the private key was compromised. • Online Certificate Status Protocol (OCSP) – OCSP is dynamic, delivering more accurate, faster responses, which reduces attack surface. – The OCSP server is queried like a database for a specific certificate entry, not downloaded in its entirety. The OCSP response is signed (either directly by the original CA/ICA or with a delegated signing certificate) and contains a status for the certificate. This process increases performance and reduces latency over CRL. – Adheres to RFC 6960. – Scalable to high volume. • Certificate Revocation List (CRL) – CRLs are relatively static (scheduled, periodic updates), which exposes an attack surface between updates. – Requests to CRLs must download the entire list and then search it. Over time, the CRLs grow as the number of certificates are revoked and this results in large CRLs and increased latency during the TLS handshake. – Adheres to RFC 5280. – Limited in scalability. Why OCSP over CRL?
  • 9. Thank you About GlobalSign GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud service providers and IoT innovators around the world to secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). DIANE VAUTIER Product Marketing Manager, IoT diane.vautier@globalsign.com @dvautier GlobalSign IoT: the Custom PKI Experts

Editor's Notes

  1. Firms that operate a locally-hosted PKI and/or CA looking to outsource certificate validation and revocation (validation authority) services Original Equipment Manufacturers (OEMs) of IoT connected devices that produce numerous product lines, operate multiple production facilities, or have begun the digital transformation to incorporate IIoT into their production processes and IoT connected products. For OEMs, outsourcing certificate management and revocation optimizes production capacity and frees up resources to concentrate on manufacturing core competencies. Electronics Manufacturing Services (EMS) firms producing secure devices but that want to outsource certificate management after the product leaves the facility to minimize certificate management expenses while still maintaining secure device certificate management. EMS firms can more easily segment customer production runs and manage the full life of device identity certificates for periods meeting or exceeding the certificate validation period, eliminating orphaned certificates as a result of decommissioned PKIs. Semiconductor manufacturers that promote security by design by delivering certs on chips, but don’t want to maintain certificate inventories or maintain costly certificate validation and revocation services after programming. With Hosted OCSP, Semiconductor manufacturers have a unique opportunity to offer customers the ultimate in security by design. In addition to digital certificates on a chip, they can offer a means to manage the lifecycle of the chip identity and thus the device it goes into, throughout the lifecycle of the chip and the device.
  2. PKI complexity and lack of expertise. The complexity, expense and expertise needed to establish, operate and maintain a highly-trusted, IoT Public Key Infrastructure (PKI) can be daunting. Since it is an emerging technology, there is a lack of expertise, causing companies to stretch the capabilities of in house IT beyond their capabilities and know how. Long Certificate Validity Periods. IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover, and changing technology standards. Disparate certificate types and CAs. Hosted OCSP is CA agnostic, so whether you provisioned your device certificates on an internal, locally-hosted PKI or obtained them from a CA other than GlobalSign, all existing IoT device certificates can be accommodated and managed throughout their lifecycles. High operational expenses to maintain on-prem VA (and other PKI components). IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover, and changing technology standards. Outsourcing these functions delivers real-time efficiencies without the exposure of financial, technology and personnel commitment. Ease and speed of implementation. Speed adoption and operation A RESTful API speeds integration with your on-premise PKI. Certificates are stored in our secure certificate inventory. Cloud-based OCSP servers handle high volumes of concurrent users and OCSP responders push notifications to our content delivery network (CDN) to reduce network latency. Our reputable CDNs include top networks such as CloudFlare, Fastly, Tencent and Alibaba.
  3. Simplified PKI management The addition of professionally recognized (and certified) certificate revocation (VA) to on-premise CAs (eliminates need for staffing) The tools and expertise to do the job right Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle Accommodates status checks for long validity certificates where maintaining a VA is not operationally feasible or financially prudent Accommodates decommissioned ICAs – eliminates the existence of orphaned certificates Manage all types of certificates, regardless of type or issuer (CA Agnostic) We’re certificate type and CA Agnostic whether you provisioned your device certificates on an internal, locally-hosted PKI or obtained them from a Certificate Authority (CA) other than GlobalSign, all existing IoT device certificates can be accommodated and managed throughout their lifecycles. Minimize operational expense of locally-hosted PKIs IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover and changing technology standards. Outsourcing these functions delivers real-time efficiencies while minimizing the exposure of financial, technology and personnel commitments. Adhere to IETF’s RFC 6960 RESTful API speeds integration for fast certificate upload Certificates are stored in our secure certificate inventory. Cloud-based OCSP servers handle high volumes of concurrent users and OCSP responders push notifications to our content delivery network (CDN) to reduce network latency. Our reputable CDNs include such top vendors as CloudFlare, Fastly, Tencent and Alibaba. Ensure the ability to revoke the certificate after the chip/device leaves the production floor Benefits of device identity is a competitive advantage that you can offer to customers. Limits production of (extra) gray market devices Delivers security even before the product is shipped, during shipment, and at deployment
  4. • Upload existing certificates to the GlobalSign Certificate Inventory using our Inventory API • Select the method to digitally sign responses from the GlobalSign OCSP Responder • With a Customer OCSP Delegated Signing Certificate through a self-managed PKI • With a GlobalSign OCSP Delegated Signing Certificate via the IoT Identity Platform • With a Direct Signing certificate from a copy of the customer’s CA within the GlobalSign cloud • Enable GlobalSign’s authorized OCSP Responder for requests and responses through our reputable third-party content delivery network