|
|
Brief summary of operation
- The crypto administrator at organisation A enters service search criteria into the crypto admin tool and sends an inquiry to the crypto services registry, which returns a list of matching services.
- The crypto administrator selects a service from the list - for the purpose of this description we will assume the selected service is offered by organisation B. An authorisation request is sent to organisation A’s local authorisation server which evaluates the request against the installed set of rules. Assuming the local authorisation server accepts the request, a second request is sent to organisation B’s authorisation server.
- If organisation B’s authorisation server also accepts the request then organisation B’s crypto device is instructed by organisation B’s authorisation server to establish a security association with organisation A’s crypto device. As part of this process the crypto device will download required crypto parameters from organisation B’s cryptographic parameters server. The crypto administrator at organisation A is presented with the option to connect the service.
- When the crypto administrator at organisation A chooses to connect the service, the crypto device at organisation A is instructed to establish a security association with organisation B’s crypto device. As part of this process the crypto device will download required crypto parameters from organisation A’s cryptographic parameters server.
- The crypto devices at organisation A and B complete their negotiations and establish a secure communications channel between the two organisations.
|
