PKI requirement drivers

1
PKI requirement drivers
2
Basic driver

• The choice of authentication, privacy and
  non-repudiation services are determined by
• Environmental factors
• diverse application usage
• understanding and acceptance of procedures,
  software, etc. by all parties involved

3
Application usage

• Application environment
• software support for PKI DBMS, forms, etc.
• platform support for PKI browser, OS
• PKI requirements
• cost per user, per PKI transaction
• surety of authentication
• degree of privacy
• period of non-repudiation

4
PK authentication service

• Human processes
• PKI registration, cross-certification
• operations of PKI by individuals, organizations
• Software and its use
• configuration of PKI (certification paths,
  cryptography, etc.)
• demands made of PKI by applications

5
PK authentication contd

• Human processes
• surety of registration procedure
• surety of name assignment
• cross-certification (key exchange registration)
• usage of software in daily operations by
  end-users (training requirements)
• emergency encryption-key access procedures
• addressed by PKI, policy guidance groups

6
PK software use

• software and its use
• configuration of PKI
• surety of software, algorithms
• certification path properties
• support services directory service
• demands made of PKI by applications

7
PK authentication contd

• Surety of software, algorithms
• FIPS
• key length choices, offline requirements
• Certification path properties
• directory service requirements
• policy guidance group sets guidelines
• PKI group defines certification path, chooses
  key-length, etc.

8
PK authentication contd

• Demands made by applications
• software environments required
• platform support required
• cost factors per user, per transaction
• surety of authentication
• degree of privacy
• duration of non-repudiation

9
Application demands

• Surety of authentication
• equivalent of face to face
• trusted intermediary
• trusted organization (top of shared hierarchy is
  trusted)
• what semantics do applications require?

10
Demands contd

• degree of privacy
• limitations on
• who may recover encryption keys (me, supervisor,
  only need-to-know)
• where they are held (remote vs. local archival)
• influences encryption-key access procedures
• what degree of privacy do applications require?

11
Demands contd

• Basis of non-repudiation
• software properties (e.g. FIPS, certification
  path)
• PKI registration procedures
• signature verification procedures
• record-keeping requirements (audit journals,
  etc.)
• driven by legal requirements - agreements on
  suitable choices

12
Demands contd

• Duration of non-repudiation
• until end of transaction
• fiscal year
• term of contract
• 700 years
• driven by records management requirements