The EIDI Application Per Hägerö

June 10, 20152

The EIDI Application

The EIDI Application Per Hägerö

June 10, 20153

The neXus Dynamic Identity Platform The EIDI Application Use Cases for the EIDI Application

Agenda

The EIDI Application Per Hägerö

June 10, 20154

The Dynamic Identity Platform

Dynamic Identity Platform

The EIDI Application Per Hägerö

June 10, 20155

The Electronic Identity Infrastructure is an application targeted at providing life-cycle management of identities and

credentials for organizations that has large scale

credentials that works across organizational and country boarders

a set up of security capabilities including encryption, signatures and authentication

The eIDI Application

Dynamic Identity Platform

The EIDI Application Per Hägerö

June 10, 20156

The EIDI Application is based on Public Key Infrastructure (PKI) which built on using asymmetric keys and so called certificates Asymmetric encryption uses two keys, a key

pair, as opposed to symmetric encryption which uses one key. The keys are called private and public.

Certificates provides identifiable information, forgery resistant and can be verified because is normally issued by a 3rd party

The foundation

Dynamic Identity Platform

The EIDI Application Per Hägerö

June 10, 20157

Certificate Management System, a work-flow driven system that is the interface for a user, device or another object to request and manage certificates and keys

Certification Authority (CA), the issuer of certificates

Key Management Server, manages key archiving

OCSP Server, provides a validation point of the validity of certificates

PKI Client (Middleware), enables PKI services on the client

EIDI Application Components

Dynamic Identity Platform

The EIDI Application Per Hägerö

June 10, 20158

Trusted Third Parties Enterprises Organizations

EIDI Application Deployments

Dynamic Identity Platform

The EIDI Application Per Hägerö

June 10, 20159

PKI enables the use of scalable encryption where asymmetric and symmetric keys are combined

In this scenario the symmetric key is generated is encrypted with the public key of the recipient by the sender. The recipient then decrypts the symmetric key using it’s private key

Use Cases: Encryption

The EIDI Application Per Hägerö

June 10, 201510

In the digital signature scenario it’s the other way around, the sender performs a hash of data that should be signed then encrypts the data with the senders private key.

The recipient the decrypts the data with the public key of the sender. Since the public key is present in a certificate its possible to not just verify the integrity of the signed data it is also possible to get more identifiable information such as name, e-mail address etc. of the sender

Use Cases: Digital Signatures

The EIDI Application Per Hägerö

June 10, 201511

PKI provides a solution to encrypt the communication between the communicating parties

It also gives a mutual authentication of the communicating parties that ensures that only the intended entities can decipher the communication and prevents data loss

Use Cases: Secure Access

The EIDI Application Per Hägerö

June 10, 201512

PKI are ideal to identify mobile devices as they can be deployed as a seamless step-up authentication to mobile services such as E-mail synchronization

Use Cases: Mobile Access

The EIDI Application Per Hägerö

June 10, 201513

PKI is ideal when it comes to providing identities for Internet of Things where the devices or things have the cryptographic capabilities

It provides a scalable identity that can be used online and offline and can be used for all security purposes

Use Cases: Internet of Things