Transcript Slide 1
Secure Communication Architectures
[email protected]
1. The key for building a secure communication
architecture is to define what security means to
the specific contest .
2. Once that has been defined, everything that goes
on with the network can be evaluated with
respect to that policy.
3. Projects and systems can then be broken down
into their components.
4. And finally, it’s important to decide whether what
is proposed will conflict with specific security
policies and practices.
SM-PAYSOC
Security in payment services
scenario
SM-PAYSOC results
•
Design and develop a new genaration of userfriendly and personalised services for citizens as
well as student, businessmen and bank
customers accessible anywhere and anytime
with any technology in realising a mobile and
trusted secure access to different services.
SM-PAYSOC Architecture
Secure Service Centre
middleware performs
all the security
services.
VHE middleware
performs the service
adaptation process,
managing user
profiling issues and
personalizing
services on the basis
on terminal type (pc,
kiosk, and PDA) and
user interface
preferences
VHE=Virtual Home Environment
SB=Service Broker
UM=User Modeller
VASP=Value Added Service Providers
SM-PAYSOC: Key Security Concepts
The key security concepts regarding SM-PAYSOC
are the following:
• To protect the user’s payment sensitive data;
• To grant the integrity of payment data between
the VASP and the terminal;
• To grant the integrity and non-repudiation of
the transaction.
JWeb
Security in judicial
scenario
Security in JWeB communication
In JWeb project, the Security Module assures strong
authentication of both data flow and actors and at the same time
protecting sensitive data, infrastructure resources and user
terminal.
The Security plays a transversal role in the JWeb architecture:
It gives the credentials to a JWeb user certificating its own
keys and registering him/her in the JWeb environment;
It manages the authentication of the user through an
authentication mechanism based on the X.509 v3 certificates;
It provides network security services by VPN links inside the
JWeb architecture.
Security in JWeB communication
PKI – Public Trusted Infrastructure
Certification Authority
Registration Authority;
End Entity.
CARD INITIALIZATION & BIOMETRIC ENROLMENT
Secure Messaging;
Digital Signature;
Document Integrity;
Secure Access to Private Info;
Non Repudiation.
Security in JWeB communication
Secure VPN (S-VPN)
Link Protection on public network
Strong Authentication of Users and
devices;
Seamless security that is easy to
deploy and has a minimal impact to
the user;
Confidentiality and Privacy.
Security in JWeB communication
S-VPN is strictly connected to the PKI services since it
is based on X509v3 certificates use and public
cryptography.
JWeb end entity can be easily added and removed
from the platform keeping a strong security.
Usage of CRL (Certificate Revocation List) assures that
removed users can’t access the system.
No shared secrect will be kept by user, but the
security is assured by “something that is owned”
(Private Key and Fingerprint) so no-repudiation
services can be guarantee.
JWeb: Key Security Concept
•
The key security concept regarding JWeb is the following:
The security is addressed not only for protection purposes, limited to control
access, bidirectional authentication between the user and the
infrastructure and confidentiality of the communication, but also for
strong authentication, certification and digital signature at service
layer. To this extent libraries have been conceived for terminal side. The
cited libraries provide support, exploiting the strong security features
provided by the secure and powerful chip with biometric authentication.
Only the owner of smart card will be able to use the certificates and the
information stored in the smart card by using his fingerprints.
Conclusion
In the last years, the strong increase of illegal migration, trafficking of drugs,
weapons and human beings and overall the advent of terrorism has made
necessary a strong collaboration in judicial processes of different EU
member states.
The importance of the use of the collaboration keeps in consideration
criminal investigative purpose based on the ability to:
• identify, without doubt, the collegues involved in judicial affairs or in
police investigation before starting exchanging “critical” information.
• ensure the protection of judicial document exchange both in the
production phase and in the distribution phase, since it fundamental to
have a secure identification of the data origin and the avoidance of
unauthorized data modifications while the document is exchanged .
So, a Secure Communication Architecture has to support and to guaranty
critical functionality at three different levels:
• the authentication of the user;
• the security of the documents managed by the platform;
• the protection of the judicial infrastructure.
Thank you for Your Attention
[email protected]