SlideShare a Scribd company logo

GlobalSign's Hosted OCSP for IoT PKIs

Download as PPTX, PDF
GlobalSign
GlobalSign

Learn about the GlobalSign Online Certificate Status Protocol (OCSP) service for IoT PKIs. As a CA agnostic service it can accommodate certificates provisioned with in-house PKIs or other commercial CAs. It performs certificate checks, functions as a certificate inventory and enables OCSP revocation with high availability and performance.

Technology
1 of 9
GlobalSign IoT Overview Diane Vautier – December 31, 2019 IoT Hosted OCSP
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 2 • Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. ~ Wikipedia • Hosted means it’s part of a cloud infrastructure, operated by a third-party (GlobalSign), rather than self-managed, on-premise. • It is part of a Validation Authority (VA). – A VA is a key component of Public Key Infrastructure (PKI) – A VA receives a request for the revocation status of a digital certificate, checks the status - good, revoked or unknown - and responds to the requester with that information. What is Hosted OCSP?
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 3 • Certificate Status Check – At it’s core, GlobalSign’s Hosted OCSP service functions to check the status of digital certificates. Working with reputable third-party content delivery network providers such as CloudFlare, Fastly, Tencent (China) and Alibaba (China), we’re able to deliver that service with high availability and performance. • Certificate Inventory – GlobalSign’s solution is also a certificate inventory, offering a way to consolidate disparate certificate types from disparate CAs, and even from decommissioned CAs (to eliminate orphaned certificates). – Provides basic management of those certificates to query validation expiry, issuing CA and other key identifiers. • Certificate Revocation – The combination of our OCSP servers/responders, working in conjunction with our certificate inventory, enables customers to change the status of a certificate in the inventory, thus revoking its good standing. More than a Certificate Status Check
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 4 • Firms that operate a locally-hosted PKI and/or CA • Original Equipment Manufacturers (OEMs) of IoT connected devices • Electronics Manufacturing Services (EMS) firms • Semiconductor manufacturers Who Uses Hosted OCSP?
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 5 • PKI complexity and lack of expertise • Long certificate validity periods • Disparate certificate types and CAs • High on-premise operational expenses • Meet recommended standards • Ease and speed of implementation Challenges of On-Premise
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 6 • Simplified PKI management • Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle • Manage all types of certificates, regardless of type or issuer (CA Agnostic) • Minimize operational expense of locally-hosted PKIs • Adhere to IETF’s RFC 6960 • RESTful API speeds integration for fast certificate upload • Ensure certificate revocation after the device leaves the production floor Benefits of GlobalSign’s Hosted OCSP
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 7 How it Works Three Key Steps: 1. Upload existing certificates 2. Select digital signing method 3. Enable OCSP Responder
Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 8 • How OCSP and CRL are alike – In cryptography and PKI, both CRLs and OCSPs maintain lists of digital certificates (X. 509) that have been revoked by the issuing CA before their scheduled expiration date and can no longer be trusted. – Certificates are revoked for a number of reasons including an improper certificate issuance, certificate replacement, certificate issuer ceasing operation, the certificate holder didn’t pay a bill, or the private key was compromised. • Online Certificate Status Protocol (OCSP) – OCSP is dynamic, delivering more accurate, faster responses, which reduces attack surface. – The OCSP server is queried like a database for a specific certificate entry, not downloaded in its entirety. The OCSP response is signed (either directly by the original CA/ICA or with a delegated signing certificate) and contains a status for the certificate. This process increases performance and reduces latency over CRL. – Adheres to RFC 6960. – Scalable to high volume. • Certificate Revocation List (CRL) – CRLs are relatively static (scheduled, periodic updates), which exposes an attack surface between updates. – Requests to CRLs must download the entire list and then search it. Over time, the CRLs grow as the number of certificates are revoked and this results in large CRLs and increased latency during the TLS handshake. – Adheres to RFC 5280. – Limited in scalability. Why OCSP over CRL?
Thank you About GlobalSign GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud service providers and IoT innovators around the world to secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). DIANE VAUTIER Product Marketing Manager, IoT diane.vautier@globalsign.com @dvautier GlobalSign IoT: the Custom PKI Experts

Recommended

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...R3
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 

Recommended

AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...R3
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsR3
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-idsecconf
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...R3
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.ManageEngine, Zoho Corporation
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 

More Related Content

What's hot

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsR3
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-idsecconf
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2bui thequan
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...R3
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingRivetz
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat ServicesChessBall
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingRivetz
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentOlivier Naveau
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX, Inc.
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.ManageEngine, Zoho Corporation
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 

What's hot (20)

DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 LabsDevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
DevDay: Creating an Awesome Developer Experience for Corda, Web3 Labs
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-Reversing blue coat proxysg - wa-
Reversing blue coat proxysg - wa-
 
Wccp introduction final2
Wccp introduction final2Wccp introduction final2
Wccp introduction final2
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
DevDay: Forma: Easily Deploy and Operate Hybrid and Multi-cloud Corda Network...
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Delivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted ComputingDelivering a New Architecture for Security: Blockchain + Trusted Computing
Delivering a New Architecture for Security: Blockchain + Trusted Computing
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM Presentation
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
Creating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted ComputingCreating Provable Cybersecurity with Blockchain and Trusted Computing
Creating Provable Cybersecurity with Blockchain and Trusted Computing
 
ForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration componentForgeRock OpenAM as flexible integration component
ForgeRock OpenAM as flexible integration component
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.Webinar: How to troubleshoot bandwidth hogs and take action.
Webinar: How to troubleshoot bandwidth hogs and take action.
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 

Similar to GlobalSign's Hosted OCSP for IoT PKIs

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?APNIC
 
Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Oracle Developers
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle Developers
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For EducationSanjeev Raman
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructuredaxtindavon
 
IWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlWarren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain PlatformJuarez Junior
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 

Similar to GlobalSign's Hosted OCSP for IoT PKIs (20)

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptx
 
Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?Should I run my own RPKI Certificate Authority?
Should I run my own RPKI Certificate Authority?
 
Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018Hyperledger Austin meetup July 10, 2018
Hyperledger Austin meetup July 10, 2018
 
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
Oracle - Hyperledger Silicon Valley meetup, June 20, 2018
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructure
 
IWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down UnderIWMW 2001: PKI: the View from Down Under
IWMW 2001: PKI: the View from Down Under
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and Degrees
 
Alpha Education
Alpha EducationAlpha Education
Alpha Education
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204d
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
 

More from GlobalSign

GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign
 
A Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateA Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateGlobalSign
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...GlobalSign
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 

More from GlobalSign (7)

GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and Portal
 
A Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL CertificateA Step-By-Step Guide to Choosing an SSL Certificate
A Step-By-Step Guide to Choosing an SSL Certificate
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 

Recently uploaded

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

GlobalSign's Hosted OCSP for IoT PKIs

  • 1. GlobalSign IoT Overview Diane Vautier – December 31, 2019 IoT Hosted OCSP
  • 2. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 2 • Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. ~ Wikipedia • Hosted means it’s part of a cloud infrastructure, operated by a third-party (GlobalSign), rather than self-managed, on-premise. • It is part of a Validation Authority (VA). – A VA is a key component of Public Key Infrastructure (PKI) – A VA receives a request for the revocation status of a digital certificate, checks the status - good, revoked or unknown - and responds to the requester with that information. What is Hosted OCSP?
  • 3. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 3 • Certificate Status Check – At it’s core, GlobalSign’s Hosted OCSP service functions to check the status of digital certificates. Working with reputable third-party content delivery network providers such as CloudFlare, Fastly, Tencent (China) and Alibaba (China), we’re able to deliver that service with high availability and performance. • Certificate Inventory – GlobalSign’s solution is also a certificate inventory, offering a way to consolidate disparate certificate types from disparate CAs, and even from decommissioned CAs (to eliminate orphaned certificates). – Provides basic management of those certificates to query validation expiry, issuing CA and other key identifiers. • Certificate Revocation – The combination of our OCSP servers/responders, working in conjunction with our certificate inventory, enables customers to change the status of a certificate in the inventory, thus revoking its good standing. More than a Certificate Status Check
  • 4. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 4 • Firms that operate a locally-hosted PKI and/or CA • Original Equipment Manufacturers (OEMs) of IoT connected devices • Electronics Manufacturing Services (EMS) firms • Semiconductor manufacturers Who Uses Hosted OCSP?
  • 5. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 5 • PKI complexity and lack of expertise • Long certificate validity periods • Disparate certificate types and CAs • High on-premise operational expenses • Meet recommended standards • Ease and speed of implementation Challenges of On-Premise
  • 6. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 6 • Simplified PKI management • Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle • Manage all types of certificates, regardless of type or issuer (CA Agnostic) • Minimize operational expense of locally-hosted PKIs • Adhere to IETF’s RFC 6960 • RESTful API speeds integration for fast certificate upload • Ensure certificate revocation after the device leaves the production floor Benefits of GlobalSign’s Hosted OCSP
  • 7. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 7 How it Works Three Key Steps: 1. Upload existing certificates 2. Select digital signing method 3. Enable OCSP Responder
  • 8. Copyright© 2019 GlobalSign. Confidential & Proprietary. All rights reserved. 8 • How OCSP and CRL are alike – In cryptography and PKI, both CRLs and OCSPs maintain lists of digital certificates (X. 509) that have been revoked by the issuing CA before their scheduled expiration date and can no longer be trusted. – Certificates are revoked for a number of reasons including an improper certificate issuance, certificate replacement, certificate issuer ceasing operation, the certificate holder didn’t pay a bill, or the private key was compromised. • Online Certificate Status Protocol (OCSP) – OCSP is dynamic, delivering more accurate, faster responses, which reduces attack surface. – The OCSP server is queried like a database for a specific certificate entry, not downloaded in its entirety. The OCSP response is signed (either directly by the original CA/ICA or with a delegated signing certificate) and contains a status for the certificate. This process increases performance and reduces latency over CRL. – Adheres to RFC 6960. – Scalable to high volume. • Certificate Revocation List (CRL) – CRLs are relatively static (scheduled, periodic updates), which exposes an attack surface between updates. – Requests to CRLs must download the entire list and then search it. Over time, the CRLs grow as the number of certificates are revoked and this results in large CRLs and increased latency during the TLS handshake. – Adheres to RFC 5280. – Limited in scalability. Why OCSP over CRL?
  • 9. Thank you About GlobalSign GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud service providers and IoT innovators around the world to secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). DIANE VAUTIER Product Marketing Manager, IoT diane.vautier@globalsign.com @dvautier GlobalSign IoT: the Custom PKI Experts

Editor's Notes

  1. Firms that operate a locally-hosted PKI and/or CA looking to outsource certificate validation and revocation (validation authority) services Original Equipment Manufacturers (OEMs) of IoT connected devices that produce numerous product lines, operate multiple production facilities, or have begun the digital transformation to incorporate IIoT into their production processes and IoT connected products. For OEMs, outsourcing certificate management and revocation optimizes production capacity and frees up resources to concentrate on manufacturing core competencies. Electronics Manufacturing Services (EMS) firms producing secure devices but that want to outsource certificate management after the product leaves the facility to minimize certificate management expenses while still maintaining secure device certificate management. EMS firms can more easily segment customer production runs and manage the full life of device identity certificates for periods meeting or exceeding the certificate validation period, eliminating orphaned certificates as a result of decommissioned PKIs. Semiconductor manufacturers that promote security by design by delivering certs on chips, but don’t want to maintain certificate inventories or maintain costly certificate validation and revocation services after programming. With Hosted OCSP, Semiconductor manufacturers have a unique opportunity to offer customers the ultimate in security by design. In addition to digital certificates on a chip, they can offer a means to manage the lifecycle of the chip identity and thus the device it goes into, throughout the lifecycle of the chip and the device.
  2. PKI complexity and lack of expertise. The complexity, expense and expertise needed to establish, operate and maintain a highly-trusted, IoT Public Key Infrastructure (PKI) can be daunting. Since it is an emerging technology, there is a lack of expertise, causing companies to stretch the capabilities of in house IT beyond their capabilities and know how. Long Certificate Validity Periods. IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover, and changing technology standards. Disparate certificate types and CAs. Hosted OCSP is CA agnostic, so whether you provisioned your device certificates on an internal, locally-hosted PKI or obtained them from a CA other than GlobalSign, all existing IoT device certificates can be accommodated and managed throughout their lifecycles. High operational expenses to maintain on-prem VA (and other PKI components). IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover, and changing technology standards. Outsourcing these functions delivers real-time efficiencies without the exposure of financial, technology and personnel commitment. Ease and speed of implementation. Speed adoption and operation A RESTful API speeds integration with your on-premise PKI. Certificates are stored in our secure certificate inventory. Cloud-based OCSP servers handle high volumes of concurrent users and OCSP responders push notifications to our content delivery network (CDN) to reduce network latency. Our reputable CDNs include top networks such as CloudFlare, Fastly, Tencent and Alibaba.
  3. Simplified PKI management The addition of professionally recognized (and certified) certificate revocation (VA) to on-premise CAs (eliminates need for staffing) The tools and expertise to do the job right Ensure status check and revocation capabilities extend beyond the certificate (or CA) lifecycle Accommodates status checks for long validity certificates where maintaining a VA is not operationally feasible or financially prudent Accommodates decommissioned ICAs – eliminates the existence of orphaned certificates Manage all types of certificates, regardless of type or issuer (CA Agnostic) We’re certificate type and CA Agnostic whether you provisioned your device certificates on an internal, locally-hosted PKI or obtained them from a Certificate Authority (CA) other than GlobalSign, all existing IoT device certificates can be accommodated and managed throughout their lifecycles. Minimize operational expense of locally-hosted PKIs IoT digital certificates can have extended validity periods that span months to several years, necessitating the establishment of certificate management, validation and revocation services that can extend beyond company acquisitions, employee turnover and changing technology standards. Outsourcing these functions delivers real-time efficiencies while minimizing the exposure of financial, technology and personnel commitments. Adhere to IETF’s RFC 6960 RESTful API speeds integration for fast certificate upload Certificates are stored in our secure certificate inventory. Cloud-based OCSP servers handle high volumes of concurrent users and OCSP responders push notifications to our content delivery network (CDN) to reduce network latency. Our reputable CDNs include such top vendors as CloudFlare, Fastly, Tencent and Alibaba. Ensure the ability to revoke the certificate after the chip/device leaves the production floor Benefits of device identity is a competitive advantage that you can offer to customers. Limits production of (extra) gray market devices Delivers security even before the product is shipped, during shipment, and at deployment
  4. • Upload existing certificates to the GlobalSign Certificate Inventory using our Inventory API • Select the method to digitally sign responses from the GlobalSign OCSP Responder • With a Customer OCSP Delegated Signing Certificate through a self-managed PKI • With a GlobalSign OCSP Delegated Signing Certificate via the IoT Identity Platform • With a Direct Signing certificate from a copy of the customer’s CA within the GlobalSign cloud • Enable GlobalSign’s authorized OCSP Responder for requests and responses through our reputable third-party content delivery network