TTM™ for Users, Groups, Identification & Validation

The following is an example of a TTM™ Service that is most frequently offered to Digi-CA™ Administrators and owners. In setting up the TTM™, the following procedural issues are agreed in advance with the Digi-CAST1™ Advisory Team that help you to design the CA system that best meets your requirements:

• Users & User Groups

• The number of individual end users is estimated and agreed. In instances where the end users are members of Groups (e.g. an employee of an organisation where it is the organisation that is the ‘user’ and the end user is a sub set of that user organisation), then it may be necessary to agree if these Groups can act as Registration Authority [RA] Administrators for the purpose of enabling that organisations users to be validated by the sub licensed RA for that specific Group. The design of the Digi-CA™ system makes it possible to have endless RA systems connecting to a single Digi-CA™ system once this is agreed during the configuration and setup phase for your system.

• Identification Methods

• What methods will be used to identify each end user or, in the case of a Group, the RA Administrator? Reading about on line identity [19] will help in gaining a clearer understanding of this area of expertise and here are two examples at ‘different ends of the spectrum’:

• This organisation has a reasonably high degree of certainty regarding the identity of its end users and groups and is therefore satisfied with the identifying the end entities by simply getting them to confirm their name, email address, phone number and perhaps a user ID. Using these four pieces of information, the organisation is satisfied that the risk of issuing a Certificate to a mistaken identity is sufficiently low to make it virtually ‘risk free’.

• This second organisation must conclusively prove the end user identity and must do so with absolute security. In this instance, the end user is sent a Smart Card [Digi-Card™] and reader, or USB Token [Digi-Token™], and a PIN number in a specially delivered and signed for envelope. Upon receipt of the PIN, the end user must telephone the TTM™ Activation Desk and request the enrolment email. Once the correct data, including the PIN, is entered in the form (10-15 different fields with detailed and user specific information), the Certificate is issued and activated directly on the Digi-Card™/Digi-Token™ and is protected using a second PIN generated by the end user.

Discussion and advice from the Digi-CAST1™ Team [20] is recommended to select the most appropriate and practical identification method for your organisation.

• Validation Procedure

• The method that will be used to identify end users is agreed; how each application is processed and validated prior to issue is agreed; and both of these are documented by the Digi-CAST1™ Team. This validation procedure forms part of the Certificate Policy [CP] for the TTM™ for your organisation.

  In the event of a validation failure, a procedure must be in place that adequately addresses revalidation or complete request termination. This is again discussed with your organisation’s Administrator or Manager and may be documented so that no action is required by personnel in your organisation because the TTM™ Team are instructed to adhere strictly to the documented instructions.

TTM™ & Certificate Delivery Methods

There are many ways to deliver a Certificate to the end user and the Digi-CAST1™ [20] Team will advise you on the most appropriate and practical method for your organisation. Here are some examples (from this list it is possible to ‘mix & match’ methods or to create one specific to your requirements, as necessary):

• The Process Method

• The Process Method is perhaps the preferred option for most organisations. This is because the Process Method ensures that the User’s Private Key remains with the end user at all times. Because the responsibility for securing and controlling all the access to the user’s Private Key remains absolutely with each end user, there can be no doubt that any transaction that occurs with that user’s Certificate must have the consent and knowledge of that end user.

• Using a web browser like Microsoft Internet Explorer [MS IE] 6.0, a Digi-Card™, Digi-Token™ or any other suitable CSP storage device, the Process Method generates the User’s Private Key directly on the device and it never leaves that user. When requesting the Certificate (by completing the on line enrolment application form), the device generates the Certificate Signing Request [CSR] and the form data entered is combined with the CSR before being transferred to the Digi-CA™. The transfer occurs over a HyperText Transfer Protocol Secured [HTTPS] and the Digi-CA™ Engine signs it and creates the x.509 Certificate. An email is then sent to the user to collect the Certificate by clicking on a unique URL within an email, using the TCP/IP Protocol and the Certificate is then automatically installed on the user’s device.

• The Package Method

• An alternative to the Process Method, is the the Package Method. Using the Package Method, the Public and Private Keys are generated at the RA or Administrator’s PC. The Public Key is signed by the Digi-CA™ Engine and the entire Certificate is packaged in a single file and either sent to the end user or it is installed on a Digi-Card™, Digi-Token™ or any other suitable Certificate storage device. This package is also referred to as a PKCS#12, a .pxf or a .p12 Private Key Container Package.

• Using the Package Method, Certificates can be delivered as email attachments and are installed by simply double clicking the email attachment and a wizard installs the Certificate.

• Using a CD/DVD/USB Flash device/other suitable storage device, the Certificate can be physically delivered and separate from any IT network.

•  Package Method Certificates can also be downloaded directly from the Digi-CA™ publicly accessible Registration Authority Registration Service [RA RS] website module of the Digi-CA™, using unique, encrypted, single use URLs.

TTM™ for Certificate Revocation, Suspension & Renewal Policies

The following is an example of a TTM™ Service that is most frequently offered to Digi-CA™ Administrators and owners. In setting up the TTM™, the following procedural issues are agreed in advance with the Digi-CAST1™ Advisory Team that help you to design the CA system that best meets your requirements:

• Certificate Revocation

• The Certificate Policy [CP] for your Digi-CA™ is the document that is drafted by the Digi-CAST1™ Team and agreed with you prior to the system being set to Production Status. It is the CP that takes all of the above information and combines them into a single ‘rule book’ for your Digi-CA™. The CP will also document the conditions for revoking a Certificate. Once the Certificate is revoked it is no longer valid and is effectively, useless. The only way to reactivate the user is to issue a new Certificate. Once the CP is published, the Digi-CA™ is activated and the TTM™ assume control of the system, on your behalf, by following the CP exactly as documented.

• Certificate Suspension

• There are many instances where the revocation of a Certificate is considered ‘too harsh’ and suspension is considered more practical. The CP will include for Certificate Suspension, is documented by the Digi-CAST1™ Team and once agreed with you, the Digi-CA™ is configured accordingly in addition to the TTM™ Team following the CP exactly as documented.

• Certificate Suspension

• The Certificate Policy [CP] will include for Certificate Renewal and is documented by the Digi-CAST1™ Team. Once this is agreed with you, the Digi-CA™ is configured accordingly and the TTM™ Team following the CP exactly as written.

TTM™ for Data Exchange & User Dataset Management

There are two components to the exchange of data, the initial set up of the system from an agreed User Dataset and the continued updating of this Dataset. This first User Dataset is prepared by you and submitted to the TTM™ Team. Once examined, configured according and agreed, this becomes the ‘Original User Dataset’. Then there is mechanism agreed for the subsequent updating of the Original User Dataset to ensure consistent accuracy. This Dataset is the list of end users that the system will be configured with from the first day of operation:

• Initial Setup

• In the initial setup of of the Digi-CA™ system, it will begin with an Original User Dataset of end users. This can be data in any industry standard format, the most common of which are .CSV files, SQL Data or LDAP connections. Regardless of how your data is currently organised, the Digi-CAST1™ Team will advise on the best method for preparing the Original User Dataset.

• Dataset Synchronisation

• Subsequent updating of the Original User Dataset is a component of the ongoing TTM™ service as described below.

Once the procedural issues are documented by the Digi-CAST1™ Team and agreed with you, this becomes the Certificate Policy [CP] for the Digi-CA™ Service Certificate Authority [CA] system. The TTM™ Administrator(s) then follow this series of steps at frequently agreed intervals and/or on request (as agreed above):

• Original User Dataset Agreement

• The first User Dataset is agreed between your organisation and the TTM™ Team and once agreed becomes the ‘Original User Dataset’.

• Original User Dataset Import

• The Original User Dataset is then uploaded to the Digi-CA™ system by the TTM™ Team.

TTM™ for Enrolment of Users

Due to the many variations of Certificate delivery in the Package Method and the fact that the RSA is seeking a simple solution, we advise that you use the Process Methods for your Digi-CA™ Service Certificate deployment. There are four simple steps to the enrolment of users in the Process Method:

• Invitation E-mail

• The User receives an email invitation to enroll for their Certificate. In the email is an encrypted, single use URL.

• Certificate Enrolment Application Form

• The unique URL is the Enrolment Application Form and the user completes this on line form before submitting it for approval.

• Depending on the Certificate Policy [CP] agreed with the Digi-CAST1™ Team, the number of fields on this form and the level of personal or unique questions will determine how easy/difficult it is to receive bogus Certificate requests (but remember that the URL is an encrypted, single use URL to remove the risk of being shared).

• Certificate Approval / Rejection

• The form details are returned to the Administrator who is then responsible for adhering to the CP for the Digi-CA™ and under the terms of this CP either approves or rejects the application as appropriate.

• Certificate Activation

• The user receives a second email containing a new encrypted, single use URL. By clicking on this, the Certificate is automatically activated.

The following flow diagram shows this simple process

TTM™ for Digi-CA™ Administration

There are numerous duties that the Digi-CA™ Administrator must undertake to ensure the overall management of the end users and some of these duties are described below:

• Enrolment Application Monitoring

• Once the Original User Dataset users have all been invited to enroll for their Certificate, the TTM™ Team monitor the Digi-CA™ system for completed Certificate Enrolment Application Forms.

• SLA & Certificate Policy Enforcement

• All completed Certificate Enrolment Application Forms are approved or rejected according to the standard Service Level Agreement [SLA] (unless a separate SLA has been agreed for your organisation) and the Certificate Policy [CP] agreed with the Digi-CAST1™ Team.

• Automated Emailing

• Applications approved by the Administrator on the Digi-CA™ Control Centre will automatically issue the second email to activate the end users Certificate.

• Manual Approval / Rejection of Applications

• Applications that do not conform to the conform to the CP will follow the instructions of the CP that will ultimately result in the application being rejected (where the user will be asked to complete a new Enrolment Application Form) or the application will be rejected and ignored.

• Rejection & Suspension Responsibilities

• Other duties can include the suspension of the users Certificate for a fixed period of time or the revocation of the Certificate completely. Requests for suspension/revocation can be from the end user or the RSA for any of the following reasons:

• User’s computer or storage device has corrupted the Certificate and a completely new Certificate is required.

• The user’s Certificate/storage device has been temporarily misplaced and suspension until recovery is required.

• Your organisation decides, for whatever reason, to suspend the user until further notice.

• Your organisation decides, for whatever reason, to suspend the user until further notice.

• Other scenarios too numerous to mention or document are possible, as required.

TTM™ for Dataset Conflict Resolution Method

There are some instances where ‘conflict resolution’ is required. Under the TTM™ service, and in accordance with the Certificate Policy [CP] agreed with the Digi-CAST1™ Team, this may escalate to your organisation for final approval/rejection. Conflict resolution may include:

• Multiple Valid Requests

• Multiple valid requests from the same user on a repeated basis that would lead the TTM™ Team to believe that some form of system misuse or abuse is being perpetrated.

• 'Challenge Phrase' Issues

• User is requesting a replacement Certificate but cannot remember their challenge phrase, or any other Ceritficate details and the CP enforces escalation to the Digi-CA™ Owner Organisation.

• Other Scenarios

• Other scenarios too numerous to mention or document are possible, as required.

In selecting the Digi-CA™ system with TTM™ service for the CA Management, you are getting the most efficient and cost effective solution to issue and manage users’ Certificates.

Choosing your CA >> [21]