J-Bridge勉強会 勉強会 米国連邦PKI(FPKI)について 2015.6.26 富士通株式会社 (株式会社コスモス・コーポレーション) 濱口 総志 FUJITSU CONFIDENTIAL FPKI - Basics Federal Public Key Infrastructure 米国連邦PKI 米国の政府職員、契約業者また、ビジネスに対してPKIによる電子署名/電子 認証サービスの提供を目的とする PIV,PIV-I FBCA (Federal Bridge CA) 出典: IPA http://www.ipa.go.jp/security/pki/056.html FUJITSU CONFIDENTIAL FPKI - Keywords Common Policy Framework 政府システムへのアクセスの為の証明書発行に関するフレームワーク Shared Service Provider • 自前の認証局を持てない省庁、機関に対して証明書を発行する認証局 • Verison, Symantec, Entrust, Department of Treasury, US Government Printing Office CBCA (CertiPath Bridge CA) A&D産業のブリッジCA ポリシーマッピング FPKI内の証明書ポリシーの保証レベル(LoA) をマッピング FBCA CertiPath Bridge December 19, 2013 December 19, 2013 CBCA FBCA Medium, FBCA Medium Hardware, FBCA Medium CBP, FBCA Medium Hardware CBP, PIV-I Hardware, PIV-I cardAuth, PIV-I Content Signing SHA-1 Medium CBP, SHA-1 Medium HW CBP, SHA-1 Policy, SHA-1 Hardware, SHA-1 Devices 出典: Idmanagement.gov FUJITSU CONFIDENTIAL 出典:CertiPath FPKI – Overview FUJITSU CONFIDENTIAL 出典: Idmanagement.gov FPKI – List of CAs Cross-Certified Entity Date CrossCertification Issued Assurance Level DigiCert February 9, 2012 FBCA Rudimentary, FBCA Basic, FBCA Medium, FBCA Medium CBP, FBCA Medium Hardware, FBCA Medium Hardware CBP, FBCA Medium Device, PIV-I Hardware, PIV-I Content Signing, PIVI Card Authentication Department of the Treasury December 23, 2013 FBCA Rudimentary, FBCA Basic,Common Policy, Common Hardware, Common Devices, Common Device Hardware, Common Authentication, Common High, Common cardAuth, Common PIV ContentSigning Department of State January 29, 2014 FBCA Rudimentary, FBCA Basic, Common Policy, Common Hardware, Common Devices, Common Authentication, Common High State of Illinois ACES/IdenTrust December 19, 2013 February 28, 2013 FBCA Basic, FBCA Medium, FBCA Medium Hardware FBCA Basic, FBCA Medium DoD External CA (ECA) * January 28, 2014 Subordinate to DoD SHA-1 IRoot SHA-1 Policy, SHA-1 Hardware, SHA-1 Devices ACES/ORC, Inc FBCA Basic, FBCA Medium US Patent & Trademark Office December 9, 2013 Government Printing Office January 29, 2014 FBCA Medium, FBCA Medium Hardware,FBCA MediumDevice, Common Authentication, Common cardAuth CertiPath Bridge December 19, 2013 December 19, 2013 FBCA Medium, FBCA Medium Hardware, FBCA Medium CBP, FBCA Medium Hardware CBP, PIVI Hardware, PIV-I cardAuth, PIV-I Content Signing SHA-1 Medium CBP, SHA-1 Medium HW CBP, SHA-1 Policy, SHA-1 Hardware, SHA-1 Devices DEA CSOS * December 19, 2013 FBCA Medium, FBCA MediumDevice December 3, 2013 DoD FUJITSU CONFIDENTIAL FBCA Basic, FBCA Medium, FBCA Medium Hardware, Common Authentication, Common cardAuth, Common PIV ContentSigning SHA-1 Policy, SHA-1 Hardware, SHA-1 Devices January 29, 2014 FBCA Medium, FBCA Medium Hardware, FBCA MediumDevice, Common Authentication, Common cardAuth SAFE Bridge December 19, 2013 FBCA Basic, FBCA Medium, FBCA Medium HW SymantecVeriSign January 29, 2014 January 29, 2014 January 29, 2014 FBCA Rudimentary FBCA Basic FBCA Medium, FBCA Medium Hardware, FBCA Medium DeviceHardware, FBCA Medium CBP, FBCA Medium Hardware CBP, PIV-I Hardware, PIV-I cardAuth, PIV-I Content Signing Verizon Business May 19, 2014 FBCA Basic, FBCA Medium, FBCA Medium CBP, FBCA Medium Hardware, FBCA Medium Hardware CBP, FBCA Medium Device, PIV-I Hardware, PIV-I cardAuth, PIV-I Content Signing Entrust, Inc. May 22, 2014 FBCA Rudimentary, FBCA Basic, FBCA Medium, FBCA Medium Hardware, FBCA Medium Devices, PIV-I Hardware, PIV-I cardAuth, PIV-I Content Signing ORC July 12, 2012 FBCA Medium, FBCA Medium Hardware, FBCA Medium Devices, PIV-I Hardware, PIV-I cardAuth, PIV-I Content Signing Exostar April 10, 2014 FBCA Rudimentary, FBCA Medium, FBCA Medium Hardware IdenTrust June 3, 2014 FBCA Basic, FBCA Medium, FBCA Medium Device, FBCA Medium CBP, FBCA Medium Hardware, FBCA Medium Hardware CBP, FBCA Medium DeviceHardware 出典: Idmanagement.gov 航空機のソフトウェア部品の複雑性増大 1000 software parts modern A380 故意の改ざん 乗っ取り など 40 system/software suppliers over three continents long range plane 200 software parts 変更タイミング 整合性ミス など single aisle plane 50 software parts FUJITSU CONFIDENTIAL Airbus presented at the 2006 ATA e-Business Forum 航空業界でのPKI A380 1000 SWs • 40 suppliers FUJITSU CONFIDENTIAL 出典: Exostar, Identity Assurance in Commercial Aviation Facilitated Through a Trusted Third Party Hub PKI – Boeing 787 出典: Exostar, Identity Assurance in Commercial Aviation Facilitated Through a Trusted Third Party Hub FUJITSU CONFIDENTIAL Summary FPKI; 電子証明書 • 電子署名/電子認証 ブリッジ型のPKI LoA 認証局間の証明書ポリシーをマッピング 航空業界での幅広いユースケース FUJITSU CONFIDENTIAL Challenge – BUY or BUILD BUY 低コスト 即導入可能 BUILD 個人情報の管理 より安心・安全 独立性 FUJITSU CONFIDENTIAL 出典: Idmanagement.gov Application and more challenges 電子証明書とアプリケーションを繋ぐIdentity Hub Identity Hub間(日Identity Hub – 米Identity Hub)の連携 技術としての相互運用性と、制度、法律面での相互運用性 FUJITSU CONFIDENTIAL 11 Copyright 2010 FUJITSU LIMITED
© Copyright 2024 ExpyDoc
