|
|
|
|
HP-WISEKEY TRUSTED PKI [Download the complete brief in PDF
Format] HP/WISeKey "Trusted PKI"
solution brief Reliability of data relies upon its integrity, which means that it cannot be manipulated during communication, and that data can be unmistakably associated with a clearly defined origin. None of these ingredients indiscriminately required for conducting transactions, has previously been provided in the electronic environment with the exception of closed networks. The "Public Key Infrastructure" (PKI) technology addresses and solves this problem, being the fastest growing and most widely recognized technology for securing both World Wide Web (WWW) and Internet-based Messaging. It provides that level of security for the open Internet that was originally available only through closed user groups. PKI is an infrastructure that includes a set of hardware, software, people, processes and policies aimed at creating, managing, storing, distributing and revoking digital certificates based on the use of asymmetric cryptography - these certificates being used as "e-passports" for any Internet-related business process. The "HP/WISeKey Trusted PKI" solution is such a complete infrastructure. It is designed and built alongside WISeKey's legal framework and Certificate Practise Statement (CPS) and links to WISeKey's Root Certification Authority (CA) and Certificate Validation Service (VA), while the actual design, implementation and support is delivered by HP worldwide, using HPs market-leading product and service offering and delivered alongside a proven methodology. For the sake of mitigated implementation risk and accelerated, predictable "Time-to-service", it is based on pre-integrated HP and 3rd party products, complemented by all those services necessary to make PKI fully operational.
HP implementation HPs philosophy has been "to turn PKI technology into a trusted security service" by adding value to the standard PKI product suite and make it a "Trusted PKI": Additional solution components turn the PKI into a highly available, highly responsive, "trusted" and protected, simply speaking "enterprise class" IT service. Integrated HP security and management software products
complement the HP PKI products to increase the operational robustness
of your infrastructure. Offering the complete solution at fixed price will avoid budget risks during implementation and will enable you to conduct reasonable ROI studies prior to the engagement. Using pre-integrated solution components allows HP to deliver the solution at the same level of quality worldwide. WISeKey compliancy WISeKey™ is a privately owned company based in
Geneva, Switzerland that provides Root Certification Authority
services to Certification Authorities worldwide. The trustworthiness of WISeKey's services is based on their carefully orchestrated security practices and procedures used exclusively for the issuance of high-security certificates to Certification Authorities and other entities that form part of the operational services of the globally interoperable PKI below it. As part of WISeKey's security procedures, the Global Root Private Cryptographic Key used to issue certificates is stored in an off-line high-security facility deep in the Swiss Alps, operational since December 1999. With such high-security infrastructure in place, WISeKey has signed a partnership agreement with the International Telecommunications Union (ITU) to promote the deployment of PKI in 188 countries to enable them to participate in the E-Commerce growth. Through the provision of an internationally recognized PKI technology, WISeKey enables companies worldwide to securely develop their Internet strategies without being restricted by national borders any longer and benefit from it within their B2B, B2C and B2G communication and transactions. HP and WISeKey closely cooperate in designing, implementing and supporting "HP/WISeKey Trusted PKI" solutions worldwide alongside defined WISeKey guidelines and policies. Business Benefits 1. Proven, accepted trust model, backed by WISeKey policies and procedures that act as foundation for the infrastructure implementation. 2. Limited implementation risk due to Best-of-breed products (HP security software, HP Open-View, Baltimore and Oracle products).
3. More Than "Just A PKI"! The "HP/WISeKey
Trusted PKI" solution includes
4. Auditable: It will be easier to audit and to control tightly whether processes and people stick to the Certification Practice Statement (CPS), Certificate Policy (CP) and other established policies. 5. No issues with scalability! The solution is designed for in-frastructures that may span countries or continents. It targets user groups with a need for at least 5,000 concurrent certificates, scaling up to millions of certificates for the purpose of E-Commerce, e-government etc. 6. Rapid implementation with predictable, accelerated "Time-to-service", when compared to other suppliers. 7. Can be offered, "fixed-price" to limit commercial risks. Delivered alongside the HP/WISeKey PKI Methodology The implementation follows the HP/WISeKey PKI methodology that is derived from Baltimore's proven KeySteps™ and incorporates specific WISeKey requirements.
In HPs design, all sensitive infrastructure components are protected by strong security measures, including the use of hardened platforms. This turns standard PKI services into protected and secure (= trusted) enterprise class security services, increasing operational robustness and resistance to security threats, attacks, and incidents thus providing PKI users and system implementers with multiple added levels of protection. The solution provides capabilities to meet Service Level Agreements (SLAs) for service protection in ways that competitive PKI infrastructures cannot match. In addition, it dramatically reduces the effort to audit the PKI during its implementation process as well as during ongoing operations.In certain regulatory environments, the PKI protection can make it easier and more affordable to meet specific legal requirements, since there is protection against a wide range of risks built into the architecture. Managed PKI The HP PKI solution with management by HP OpenView improves the quality of service in the standard PKI certificate lifecycle: registration, validation, generation, publication, revocation, and expiration. The solution is offered with PKI operations management, using HP OpenView Vantage-Point/Operations and providing new levels of managed security service for users and administrators. A well managed PKI will help to achieve a high level of service availability and responsiveness as well as a lower total cost of ownership. The solution provides integrated management of all PKI services, including registration and certification components as well as infrastructure components like firewalls and network devices. The whole management infrastructure will be configured in a highly secure way. It will provide a single operations console for events and alarms from different centralized services: basic system configuration, system security, database and PKI application monitoring. Additionally the management solution will include performance monitoring and reporting based on VantagePoint/Performance to collect and visualize performance data concerning the core PKI components. This allows having an end-to-end performance (or "service responsiveness") view of the whole PKI service. Enhanced PKI availability The Enhanced PKI availability solution integrates capabilities to enhance the uptime of the databases and systems used within the infrastructure using HP MC/ServiceGuard. The solution also provides mechanisms to replicate the Certificate Authority and Registration Authority servers. To achieve high levels of data availability, integration with HP Omniback is provided. Typically, the databases and the CA run on a cluster
of two HP 9000 servers with redundant hardware components and MC/ServiceGuard
to manage the cluster. By integrating HP Omniback, this solution provides sophisticated backup and restore processes for the data stored on servers located within the protected environment. HP can provide added customizations to further decrease the risk of unplanned downtimes. Examples of added customizations that can complement and extend the solution include: Replication of the firewall and using HP VirtualVault, which shield the secure CA network from the corporate intranet. Replication of the gateway and the WebRAO server, which connect the PKI system with internal or public validation services. Integration of Cisco LocalDirector for load balancing of traffic when using replicated servers. Solution Components The solution integrates the following HP, Baltimore and Oracle products:
All sensitive components are placed in a secure "bunker" room with specific access control mechanisms and run in a protected network. HP e-Firewall shields this network from potentially insecure networks. Availability and Ordering Information The "HP/WISeKey Trusted PKI" solution is a combination of pre-integrated standard hardware and software, solution-specific software and solution-specific services. It is available worldwide effective April 1st, 2001. The detailed solution design is determined based on the outcome of the target infrastructure analyzis and requirement specification phase. Export restrictions are identical with those for the PKI softwae and hardware components. More information For more information, please contact WISeKey directly
at Alternatively, you may wish to contact your HP Principal
Consultant, any local HPC representative, or Walter Wedl, mailto:walter_wedl@hp.com,
and phone +49.7031.14.4153. "HP/WISeKey Trusted PKI" Solution Brief, as of July 2001. Technical information in this document is subject
to change without notice. Reproduction, adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws. |
|
|
Corporate Solutions | |
|
|||
|
|
|
