Nuclear Controls

On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed).  At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure.

Microsoft IT created security worlds with administrative card sets composed of six smart cards, any three of which were required to perform administrative functions. The administrative cards were needed whenever a new CA was brought online and added to the associated security world. Two cards were distributed to the Legal and Corporate Affairs department, two others were distributed to a separate internal auditing team, and the final two were retained by the IT Security team in Microsoft IT. The requirement of three smart cards provided role separation and guaranteed that performing such high-level functions required the involvement of members from at least two of these three groups.

Great approach for protecting against a rogue administrator, but probably overkill for a PKI deployment at Joe’s Crab Shack.  Great whitepaper if you are interested in reading about a real-world large PKI implementation.

Read Here: IT Showcase: Deploying PKI Inside Microsoft