Transcript Slide 1
Secure Communication Architectures [email protected] 1. The key for building a secure communication architecture is to define what security means to the specific contest . 2. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. 3. Projects and systems can then be broken down into their components. 4. And finally, it’s important to decide whether what is proposed will conflict with specific security policies and practices. SM-PAYSOC Security in payment services scenario SM-PAYSOC results • Design and develop a new genaration of userfriendly and personalised services for citizens as well as student, businessmen and bank customers accessible anywhere and anytime with any technology in realising a mobile and trusted secure access to different services. SM-PAYSOC Architecture Secure Service Centre middleware performs all the security services. VHE middleware performs the service adaptation process, managing user profiling issues and personalizing services on the basis on terminal type (pc, kiosk, and PDA) and user interface preferences VHE=Virtual Home Environment SB=Service Broker UM=User Modeller VASP=Value Added Service Providers SM-PAYSOC: Key Security Concepts The key security concepts regarding SM-PAYSOC are the following: • To protect the user’s payment sensitive data; • To grant the integrity of payment data between the VASP and the terminal; • To grant the integrity and non-repudiation of the transaction. JWeb Security in judicial scenario Security in JWeB communication In JWeb project, the Security Module assures strong authentication of both data flow and actors and at the same time protecting sensitive data, infrastructure resources and user terminal. The Security plays a transversal role in the JWeb architecture: It gives the credentials to a JWeb user certificating its own keys and registering him/her in the JWeb environment; It manages the authentication of the user through an authentication mechanism based on the X.509 v3 certificates; It provides network security services by VPN links inside the JWeb architecture. Security in JWeB communication PKI – Public Trusted Infrastructure Certification Authority Registration Authority; End Entity. CARD INITIALIZATION & BIOMETRIC ENROLMENT Secure Messaging; Digital Signature; Document Integrity; Secure Access to Private Info; Non Repudiation. Security in JWeB communication Secure VPN (S-VPN) Link Protection on public network Strong Authentication of Users and devices; Seamless security that is easy to deploy and has a minimal impact to the user; Confidentiality and Privacy. Security in JWeB communication S-VPN is strictly connected to the PKI services since it is based on X509v3 certificates use and public cryptography. JWeb end entity can be easily added and removed from the platform keeping a strong security. Usage of CRL (Certificate Revocation List) assures that removed users can’t access the system. No shared secrect will be kept by user, but the security is assured by “something that is owned” (Private Key and Fingerprint) so no-repudiation services can be guarantee. JWeb: Key Security Concept • The key security concept regarding JWeb is the following: The security is addressed not only for protection purposes, limited to control access, bidirectional authentication between the user and the infrastructure and confidentiality of the communication, but also for strong authentication, certification and digital signature at service layer. To this extent libraries have been conceived for terminal side. The cited libraries provide support, exploiting the strong security features provided by the secure and powerful chip with biometric authentication. Only the owner of smart card will be able to use the certificates and the information stored in the smart card by using his fingerprints. Conclusion In the last years, the strong increase of illegal migration, trafficking of drugs, weapons and human beings and overall the advent of terrorism has made necessary a strong collaboration in judicial processes of different EU member states. The importance of the use of the collaboration keeps in consideration criminal investigative purpose based on the ability to: • identify, without doubt, the collegues involved in judicial affairs or in police investigation before starting exchanging “critical” information. • ensure the protection of judicial document exchange both in the production phase and in the distribution phase, since it fundamental to have a secure identification of the data origin and the avoidance of unauthorized data modifications while the document is exchanged . So, a Secure Communication Architecture has to support and to guaranty critical functionality at three different levels: • the authentication of the user; • the security of the documents managed by the platform; • the protection of the judicial infrastructure. Thank you for Your Attention [email protected]