At the affection of every affidavit ascendancy or acceptance ascendancy (CA) is at atomic one Root Key(s) or Root Certificate(s) and usually, at atomic one Intermediate Root Certificate(s). These Digital Certificates are fabricated from a Public and a Private Key. A Root Key Ceremony is a action area a different brace of Public and Private Root Keys is generated. Depending on the Affidavit Policy, the bearing of the Root Keys may crave notarization, acknowledged representation, assemblage and ‘Key Holders’ to be present. 'Best practice' is to chase the SAS 70 accepted for Root Key Ceremonies.
Friday, 24 February 2012
Examples
Unless the advice actuality accessed or transmitted is admired in agreement of millions of dollars, it is apparently acceptable that the Root Key Ceremony be conducted aural the aegis of the vendor's Laboratory. The chump may opt to accept the Root Key stored on a Luna Card or accouterments aegis module, but in best cases, the safe accumulator of the Root Key on a CD or adamantine deejay is sufficient. The Root Key is never stored on the CA server
.
Example B: Machine Readable Travel Document MRTD ID Card or e Passport
This blazon of ambiance requires abundant college security. When administering the Root Key Ceremony, the Government or Alignment will crave accurate aegis checks to be conducted on all cadre in attendance. Those that are commonly appropriate to appear the Key Ceremony will accommodate a minimum of two Administrators from the organization, two signatories from the organization, one lawyer, a agent and two video camera operators, in accession to the CAcomputer application vendor's own abstruse team.
.
Example B: Machine Readable Travel Document MRTD ID Card or e Passport
This blazon of ambiance requires abundant college security. When administering the Root Key Ceremony, the Government or Alignment will crave accurate aegis checks to be conducted on all cadre in attendance. Those that are commonly appropriate to appear the Key Ceremony will accommodate a minimum of two Administrators from the organization, two signatories from the organization, one lawyer, a agent and two video camera operators, in accession to the CAcomputer application vendor's own abstruse team.
Overview
The absolute Root Key-Pair bearing is commonly conducted in a defended basement that has no advice or acquaintance with the alfresco apple added than a distinct blast band or intercom. Once the basement is secured, all cadre present charge prove their character application at atomic two accurately accustomed forms of identification. Every being present, every transaction and every accident is logged by the advocate in a Root Key Ceremony Log Book and anniversary folio is notarized by the notary. From the moment the basement aperture is bankrupt until it is re-opened, aggregate is additionally video recorded. The advocate and the two organization’s signatories charge
assurance the recording and it too is again notarized
.
Finally, as allotment of the aloft process, the Root Key is burst into as abounding as twenty-one genitalia and anniversary alone allotment is anchored in its own safe for which there is a key and a after lock. The keys are
broadcast to as abounding as twenty-one bodies and the after cipher is broadcast to addition twenty-one people.
assurance the recording and it too is again notarized
.
Finally, as allotment of the aloft process, the Root Key is burst into as abounding as twenty-one genitalia and anniversary alone allotment is anchored in its own safe for which there is a key and a after lock. The keys are
broadcast to as abounding as twenty-one bodies and the after cipher is broadcast to addition twenty-one people.
Seven Principal Components of a Root Key Ceremony
1. Key Generation Ceremony
2. Key Ceremony Definition
3. Key Ceremony Preparation
4. Root Key Creation
5. Root Key Activation
6. Root Key Maintenance
7. Root Key Recertification
Important Note
Example A and B are at adverse ends of the aegis spectrum and no two environments are the same. When because the Root Key Ceremony, CA bell-ringer Team of able admiral can abetment you in chief on the best able akin of aegis to reflect the akin of aegis required.
Providers
The CA vendors and organisations that would apparatus projects of this attributes area administering a Root Key Ceremony would be a axial basic of their account would be organisations like RSA, VeriSign, Digi-Sign and others.
Subscribe to:
Comments (Atom)