TTM™ for Users, Groups, Identification & Validation

The following is an example of a TTM™ Service that is most frequently offered to Digi-CA™ Administrators and owners. In setting up the TTM™, the following procedural issues are agreed in advance with the Digi-CAST1™ Advisory Team that help you to design the CA system that best meets your requirements:

• Users & User Groups

• The number of individual end users is estimated and agreed. In instances where the end users are members of Groups (e.g. an employee of an organisation where it is the organisation that is the ‘user’ and the end user is a sub set of that user organisation), then it may be necessary to agree if these Groups can act as Registration Authority [RA] Administrators for the purpose of enabling that organisations users to be validated by the sub licensed RA for that specific Group. The design of the Digi-CA™ system makes it possible to have endless RA systems connecting to a single Digi-CA™ system once this is agreed during the configuration and setup phase for your system.

• Identification Methods

• What methods will be used to identify each end user or, in the case of a Group, the RA Administrator? Reading about on line identity [1] will help in gaining a clearer understanding of this area of expertise and here are two examples at ‘different ends of the spectrum’:

• This organisation has a reasonably high degree of certainty regarding the identity of its end users and groups and is therefore satisfied with the identifying the end entities by simply getting them to confirm their name, email address, phone number and perhaps a user ID. Using these four pieces of information, the organisation is satisfied that the risk of issuing a Certificate to a mistaken identity is sufficiently low to make it virtually ‘risk free’.

• This second organisation must conclusively prove the end user identity and must do so with absolute security. In this instance, the end user is sent a Smart Card [Digi-Card™] and reader, or USB Token [Digi-Token™], and a PIN number in a specially delivered and signed for envelope. Upon receipt of the PIN, the end user must telephone the TTM™ Activation Desk and request the enrolment email. Once the correct data, including the PIN, is entered in the form (10-15 different fields with detailed and user specific information), the Certificate is issued and activated directly on the Digi-Card™/Digi-Token™ and is protected using a second PIN generated by the end user.

Discussion and advice from the Digi-CAST1™ Team [2] is recommended to select the most appropriate and practical identification method for your organisation.

• Validation Procedure

• The method that will be used to identify end users is agreed; how each application is processed and validated prior to issue is agreed; and both of these are documented by the Digi-CAST1™ Team. This validation procedure forms part of the Certificate Policy [CP] for the TTM™ for your organisation.

  In the event of a validation failure, a procedure must be in place that adequately addresses revalidation or complete request termination. This is again discussed with your organisation’s Administrator or Manager and may be documented so that no action is required by personnel in your organisation because the TTM™ Team are instructed to adhere strictly to the documented instructions.