| |
steve and all, I've been going over some stuff and I think I really like this Conclave 2. They talk about solutions to large Enterprise companies and it sounds like they have a winner. Here are three quotes from three different sources about x.509 certificates.
"Conclave lets you deal with information access the way you are used to thinking about it already. Conclave defines groups of users and sets of information and then allows you to define the policies which govern them. When working with Conclave you deal with policies like 'Human Resources is allowed access to Budgets'. Tell Conclave who is part of Human Resources and where the Budget information is and you are done. When a new hire comes on board - no problem. Give the new hire an X.509 certificate or a Windows ID in the Human Resource department and he will automatically have access to the information he needs. No extra administration required. That's the beauty of role-based policy management."
"How does the system work? Logon terminals throughout each hospital use NT-based Conclave software and a Web-based interface to provide access to the centralized patient information database. Each logon terminal scans the user's fingerprint using a Fingerscan Identity Verification Terminal biometric device and registers and locally stores the fingerprint as a digital certificate (X.509). The scanner reads the digitized fingerprint and interprets it as a password. After the logon terminal authenticates the doctor or administrator by fingerprint, the system activates the appropriate certificate."
"X.509 certificates are particularly appealing for the following reasons:
>They contain information that defines the permissions that someone has and the permissions cannot be altered by the user
>They cannot be forged
>Certificates work with browsers like Netscape's Navigator and become an integral part of the system, thus eliminating additional log-on requirements for the user and thereby reducing support requirements
>They can be revoked more easily than passwords when an employee leaves or a customer-supplier relationship is terminated"
+++++++
So, if I understand all of this (and I remind all of you I am not a techie), when your fingerprint is read it is automatically converted into a x.509 certificate which cannot be forged, which automatically allows you into the appropriate areas within the network for which you are authorized, and the certificate can be revoked more easily than a password.
I suppose this also means that if your biometric template is somehow compromised you need not worry that your template is no longer any good because all you have to do is revoke the old X.509 certificate and re-enroll your template to create a new X.509 certificate. Do I have that right?
One more thing - X.509 certificates are portable -
"Conclave uses X.509 electronic-authentication certificates, in combination with encryption, to securely identify an individual, a site, or an enterprise. These certificates are portable, so users can employ X.509 certificates to reliably prove their identities-whether at the office, at home, or on the road. With Conclave, companies can issue their own certificates or use a third party to issue and maintain their certificates. Conclave also supports other forms of identification, based on the organization's needs, including Windows IDs, authentication tokens, IP addresses, and IP domains."
Any comments? Does this help IDX?
Rick |
|
