Measuring Authentication: NIST and Vectors of Trust
|
|
- Amberlynn Casey
- 6 years ago
- Views:
Transcription
1 SESSION ID: IDY-F01 Measuring Authentication: NIST and Vectors of Trust auth Sarah Squire Senior Identity Solution Architect Engage
2
3 Eyewitness News 3
4 A Play in Five Acts What is authentication, and why are we measuring it? Levels of Assurance Vectors of Trust NIST Digital Identity Guidelines How to help 4
5 What is authentication, and why are we measuring it? Act I
6
7
8 What is authentication, and why are we measuring it? ELI5 version: Making sure that a person or thing is the same person or thing you saw last time (which is different from them being who they say they are!) 8
9 Levels of Assurance Act II
10 Levels of Assurance 10
11 Levels of Assurance LoA 1 LoA 2 LoA 3 LoA 4 Little or no confidence Some confidence High confidence Very high confidence 11
12 Levels of Assurance LoA 4 Very high confidence Strong cryptographic authentication 12
13 Levels of Assurance LoA 4 Very high confidence Strong cryptographic authentication Strong man-in-the-middle resistance 13
14 Levels of Assurance LoA 4 Very high confidence Strong cryptographic authentication Strong man-in-the-middle resistance No bearer tokens 14
15 Levels of Assurance LoA 4 Very high confidence Strong cryptographic authentication Strong man-in-the-middle resistance No bearer tokens Account owner has physically appeared and a government-issued photo-identification document has been verified by the relevant agency. 15
16 Vectors of Trust Act III
17 Vectors of Trust P C M A Identity Proofing Primary Credential Usage Primary Credential Management Assertion Presentation 17
18 Vectors of Trust P Identity Proofing P0: No proofing, not consistent across sessions 18
19 Vectors of Trust P Identity Proofing P0: No proofing, not consistent across sessions P1: Self-asserted, possibly pseudonymous 19
20 Vectors of Trust P Identity Proofing P0: No proofing, not consistent across sessions P1: Self-asserted, possibly pseudonymous P2: Identity has been proofed remotely or in-person 20
21 Vectors of Trust P Identity Proofing P0: No proofing, not consistent across sessions P1: Self-asserted, possibly pseudonymous P2: Identity has been proofed remotely or in-person P3: Binding relationship (employee, customer, student, etc.) 21
22 Vectors of Trust C Primary Credential Usage C0 No credential 22
23 Vectors of Trust C Primary Credential Usage C0 No credential Ca Session cookies 23
24 Vectors of Trust C Primary Credential Usage C0 No credential Ca Session cookies Cb Known device 24
25 Vectors of Trust C Primary Credential Usage C0 No credential Ca Session cookies Cb Known device Cc Shared secret such as a username and password combination 25
26 Vectors of Trust C Primary Credential Usage C0 No credential Ca Session cookies Cb Known device Cc Shared secret such as a username and password combination Cd Cryptographic proof of key possession using shared key Ce Cryptographic proof of key possession using asymmetric key 26
27 Vectors of Trust C Primary Credential Usage C0 No credential Ca Session cookies Cb Known device Cc Shared secret such as a username and password combination Cd Cryptographic proof of key possession using shared key Ce Cryptographic proof of key possession using asymmetric key Cf Sealed hardware token / trusted biometric / TPM-backed keys 27
28 Vectors of Trust M Primary Credential Management Ma Self-asserted primary credentials / no additional verification for primary credential issuance or rotation 28
29 Vectors of Trust M Primary Credential Management Ma Self-asserted primary credentials / no additional verification for primary credential issuance or rotation Mb Remote issuance and rotation / use of backup recover credentials (such as verification) / deletion on user request 29
30 Vectors of Trust M Primary Credential Management Ma Self-asserted primary credentials / no additional verification for primary credential issuance or rotation Mb Remote issuance and rotation / use of backup recover credentials (such as verification) / deletion on user request Mc Full proofing required for each issuance and rotation / revocation on suspicious activity 30
31 Vectors of Trust A Assertion Presentation Aa No protection / unsigned assertion 31
32 Vectors of Trust A Assertion Presentation Aa No protection / unsigned assertion Ab Signed and verifiable assertion, passed through the browser 32
33 Vectors of Trust A Assertion Presentation Aa No protection / unsigned assertion Ab Signed and verifiable assertion, passed through the browser Ac Signed and verifiable assertion, passed through a back channel 33
34 Vectors of Trust A Assertion Presentation Aa No protection / unsigned assertion Ab Signed and verifiable assertion, passed through the browser Ac Signed and verifiable assertion, passed through a back channel Ad Assertion encrypted to the relying party s key and audience protected 34
35 Vectors of Trust Example: Whistleblower P? 35
36 Vectors of Trust Example: Whistleblower P1 36
37 Vectors of Trust Example: Whistleblower P1.C? 37
38 Vectors of Trust Example: Whistleblower P1.Cb.Cc 38
39 Vectors of Trust Example: Whistleblower P1.Cb.Cc.M? 39
40 Vectors of Trust Example: Whistleblower P1.Cb.Cc.Ma 40
41 Vectors of Trust Example: Whistleblower P1.Cb.Cc.Ma.A? 41
42 Vectors of Trust Example: Whistleblower P1.Cb.Cc.Ma.Ac 42
43 NIST Digital Identity Guidelines Act IV
44 NIST Digital Identity Guidelines IAL AAL FAL Identity Assurance Level Authenticator Assurance Level Federation Assurance Level 44
45 NIST Digital Identity Guidelines IAL Identity Assurance Level Level 1: Pseudonymous 45
46 NIST Digital Identity Guidelines IAL Identity Assurance Level Level 1: Pseudonymous Level 2: Remote or In-person identity proofing 46
47 NIST Digital Identity Guidelines IAL Identity Assurance Level Level 1: Pseudonymous Level 2: Remote or In-person identity proofing Level 3: In-person identity proofing with biometric collection for the purpose of non-repudiation 47
48 NIST Digital Identity Guidelines AAL Authenticator Assurance Level Level 1: Single factor authentication 48
49 NIST Digital Identity Guidelines AAL Authenticator Assurance Level Level 1: Single factor authentication Level 2: Two-factor authentication 49
50 NIST Digital Identity Guidelines AAL Authenticator Assurance Level Level 1: Single factor authentication Level 2: Two-factor authentication Level 3: Two-factor authentication with cryptographic device and verifier impersonation resistance 50
51 NIST Digital Identity Guidelines FAL Federation Assurance Level Level 1: Signed bearer assertion 51
52 NIST Digital Identity Guidelines FAL Federation Assurance Level Level 1: Signed bearer assertion Level 2: Signed and encrypted bearer assertion 52
53 NIST Digital Identity Guidelines FAL Federation Assurance Level Level 1: Signed bearer assertion Level 2: Signed and encrypted bearer assertion Level 3: Signed and encrypted holder-of-key assertion 53
54 NIST Digital Identity Guidelines Example: Secretary of State Identity Assurance Level? 54
55 NIST Digital Identity Guidelines Example: Secretary of State Identity Assurance Level: 3 55
56 NIST Digital Identity Guidelines Example: Secretary of State Identity Assurance Level: 3 Authenticator Assurance Level? 56
57 NIST Digital Identity Guidelines Example: Secretary of State Identity Assurance Level: 3 Authenticator Assurance Level: 3 57
58 Vectors of Trust Example: Secretary of State Identity Assurance Level: 3 Authenticator Assurance Level: 3 Federation Assurance Level? 58
59 NIST Digital Identity Guidelines Example: Secretary of State Identity Assurance Level: 3 Authenticator Assurance Level: 3 Federation Assurance Level: 2 59
60 How to Help Act V
61 How to Help 61
62 Q & A 62
63 Resources or Vectors of Trust: NIST Federal Authentication Guidelines: 63
Digital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2
Digital Identity Guidelines aka NIST SP 800-63 March 1, 2017 Ken Klingenstein, Internet2 Topics 800-63 History and Current Revision process Caveats and Comments LOA Evolution Sections: 800-63A (Enrollment
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationSee the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?
See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How? Bruce E. Wilson Enterprise Architect May 2018 National Laboratories IT Conference ORNL is managed by UT-Battelle for the US Department
More informationInternet Engineering Task Force (IETF) October 2018
Internet Engineering Task Force (IETF) Request for Comments: 8485 Category: Standards Track ISSN: 2070-1721 J. Richer, Ed. Bespoke Engineering L. Johansson Swedish University Network October 2018 Vectors
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationUSER AUTHENTICATION GUIDANCE FOR INFORMATION TECHNOLOGY SYSTEMS
INFORMATION TECHNOLOGY SECURITY GUIDANCE USER AUTHENTICATION GUIDANCE FOR INFORMATION TECHNOLOGY SYSTEMS ITSP.30.031 V3 April 2018 FOREWORD This document is an UNCLASSIFIED publication, issued under the
More informationFIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013
FIPS 201-2 and NIST Special Publications Update Smart Card Alliance Webinar November 6, 2013 Today s Webinar Topics & Speakers Introductions: Randy Vanderhoof, Executive Director, Smart Card Alliance FIPS
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationPRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B
PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT 800-63B MOTIVATION DATABASE LEAKAGE ADOBE 152,982,479 Encrypted with 3DES ECB Same password == same ciphertext https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
More informationDigital Identity Guidelines
NIST Special Publication 800-63C Digital Identity Guidelines Federation and Assertions Paul A. Grassi Justin P. Richer Sarah K. Squire James L. Fenton Ellen M. Nadeau Privacy Authors: Naomi B. Lefkovitz
More informationPKI and FICAM Overview and Outlook
PKI and FICAM Overview and Outlook Stepping Stones 2001 FPKIPA Established Federal Bridge CA established 2003 E-Authentication Program Established M-04-04 E-Authentication Guidance for Federal Agencies
More informationHITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013
HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013 The Smart Card Alliance hereby submits the following comments regarding the Health Information Technology Policy Committee
More informationNIST E-Authentication Guidance SP
NIST E-Authentication Guidance SP 800-63 Federal PKI TWG Feb. 18, 2004 Bill Burr william.burr@nist.gov NIST E-Authentication Tech Guidance OMB Guidance to agencies on E-Authentication OMB Memorandum M-04-04,
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual
More informationFormal Methods for Assuring Security of Computer Networks
for Assuring of Computer Networks May 8, 2012 Outline Testing 1 Testing 2 Tools for formal methods Model based software development 3 Principals of security Key security properties Assessing security protocols
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationDigitalPersona Altus. Solution Guide
DigitalPersona Altus Solution Guide Contents DigitalPersona... 1 DigitalPersona Altus Solution... 4 MODULAR SOLUTION CREATE-CONFIRM-CONTROL... 4 EXPERT SERVICES ASSESS-DESIGN-DEPLOY-SUPPORT... 5 DigitalPersona
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationSWAMID Identity Assurance Level 2 Profile
Document SWAMID Identity Assurance Level 2 Profile Identifier http://www.swamid.se/policy/assurance/al2 Version V1.0 Last modified 2015-12-02 Pages 11 Status FINAL License Creative Commons BY-SA 3.0 SWAMID
More informationAdobe Sign and 21 CFR Part 11
Adobe Sign and 21 CFR Part 11 Today, organizations of all sizes are transforming manual paper-based processes into end-to-end digital experiences speeding signature processes by 500% with legal, trusted
More informationIdentity Proofing Standards and Beyond
Solutions for Health Care Providers Identity Proofing Standards and Beyond Kimberly Little Sutherland LexisNexis Risk Solutions Sr. Director, Identity Management Solution Strategy Agenda Identity Proofing
More informationIntroduction of the Identity Assurance Framework. Defining the framework and its goals
Introduction of the Identity Assurance Framework Defining the framework and its goals 1 IAEG Charter Formed in August of 07 to develop a global standard framework and necessary support programs for validating
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationAssuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09
Assuring Identity The Identity Assurance Framework CTST Conference, New Orleans, May-09 Brett McDowell, Executive Director, Liberty Alliance email@brettmcdowell +1-413-652-1248 1 150+ Liberty Alliance
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationDirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure
DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure Change Control Date Version Description of changes 15-December- 2016 1-December- 2016 17-March- 2016 4-February- 2016 3-February-
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LANL s Multi-Factor Authentication (MFA) Initiatives NLIT Summit 2018 Glen Lee Network and Infrastructure Engineering
More informationORC ECA Subscriber Instructions for Individual Identity and Encryption Certificates
ORC ECA Subscriber Instructions for Individual Identity and Encryption Certificates Getting Prepared Print these instructions for easy reference. (Note: this is a good test to see that you are able to
More informationMobile: Purely a Powerful Platform; Or Panacea?
EBT: The Next Generation 2017 Mobile: Purely a Powerful Platform; Or Panacea? Evan O Regan, Director of Product Management Authentication & Fraud Solutions Entrust Datacard POWERFUL PLATFORM OR PANACEA
More informationEnterprise Adoption Best Practices
Enterprise Adoption Best Practices Integrating FIDO & Federation Protocols December 2017 Copyright 2013-2017 FIDO Alliance All Rights Reserved. Audience This white paper is aimed at enterprises deploying
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationInteragency Advisory Board Meeting Agenda, December 7, 2009
Interagency Advisory Board Meeting Agenda, December 7, 2009 1. Opening Remarks 2. FICAM Segment Architecture & PIV Issuance (Carol Bales, OMB) 3. ABA Working Group on Identity (Tom Smedinghoff) 4. F/ERO
More informationLeveraging HSPD-12 to Meet E-authentication E
Leveraging HSPD-12 to Meet E-authentication E Policy and an update on PIV Interoperability for Non-Federal Issuers December 2, 2008 Chris Louden IAB 1 Leveraging HSPD-12 to Meet E-Authentication E Policy
More informatione-sign and TimeStamping
e-sign and TimeStamping Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 Recent Developments:
More informationLevels of Assurance. Tabea Born and Maxime Peyrard. TU Darmstadt
Levels of Assurance Tabea Born and Maxime Peyrard TU Darmstadt Abstract. This paper deals with four levels of assurance (LoA), which have been defined by different standardization organizations and consortiums.
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationIdentity Assurance Profiles Bronze and Silver. January 14, 2013 Version 1.2 Rev. 5 Release Candidate
Identity Assurance Profiles Bronze and Silver January 14, 2013 Version 1.2 Rev. 5 Release Candidate EXECUTIVE SUMMARY Identity Assurance Profiles, as described in the InCommon Identity Assurance Assessment
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationManaged Access Gateway One-Time Password Guide Version 1.0 February 2017
1 Managed Access Gateway One-Time Password Guide Version 1.0 February 2017 2 Contents About One Time Password (OTP)... 3 OTP Credential Types... 3 What is the Proofing Upgrade?... 3 How to Determine if
More informationIndeed Card Management Smart card lifecycle management system
Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationSecurity Strategy for Mobile ID GSMA Mobile Connect Summit
Security Strategy for Mobile ID GSMA Mobile Connect Summit Singapore, 22 nd November 2017 G+D Mobile Security G+D Mobile Security: Managing Billions of Connected Digital Identities Today 660 million contactless
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationLeveraging the LincPass in USDA
Leveraging the LincPass in USDA Two Factor Authentication, Digital Signature, Enterprise VPN, eauth Single Sign On February 2010 USDA Takes Advantage of the LincPass USDA is taking advantage of the LincPass
More informationCopyright
In Active Directory Federation Services there are two types of trusts. This video will look at the relying party trust which is configured on the account side. It essentially determines what information
More informationFIPS and Mobility (SP Derived PIV Credentials) Sal Francomacaro FIPS201/PIV Team NIST ITL Computer Security Division
FIPS 201-2 and Mobility (SP 800-157 Derived PIV Credentials) Sal Francomacaro FIPS201/PIV Team NIST ITL Computer Security Division salfra@nist.gov 2013 Smart Card Alliance Member Meeting Coral Gables,
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationNext Gen Security Technologies for Healthcare Authentication
Next Gen Security Technologies for Healthcare Authentication Session 261, March 8, 2018 Abbie Barbir, Senior Security Adviser, Aetna Brett McDowell, Executive Director, FIDO Alliance 1 Conflict of Interest
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationORC ACES Subscriber Instructions. Component/Server Certificates
ORC ACES Subscriber Instructions Component/Server Certificates 1 Getting Prepared What do I need to have on hand in order to complete the certifi cate process? Print these instruction for easy reference.
More informationInteragency Advisory Board Meeting Agenda, Wednesday, May 23, 2012
Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Revision of the Digital Signature Standard (Tim Polk, NIST) 3. Update on Content
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationIdentity Proofing Blinding the Eye of Sauron
SESSION ID: IDY-R02 Identity Proofing Blinding the Eye of Sauron Paul Grassi Senior Standards and Technology Advisor National Strategy for Trusted Identities in Cyberspace, National Program Office National
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationSecuring Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS
Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS Introduction The expectations and requirements on government contracts for safety and security projects
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationEnterprise Adoption Best Practices
Enterprise Adoption Best Practices Managing FIDO Credential Lifecycle for Enterprises April 2018 Copyright 2018 FIDO Alliance All Rights Reserved. 1 Audience This white paper is aimed at enterprises deploying
More information4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.
4TRESS AAA Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook Document Version 2.3 Released May 2013 hidglobal.com Table of Contents List of Figures... 3 1.0 Introduction...
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security Identity management. Entity authentication assurance framework
International Telecommunication Union ITU-T X.1254 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security Identity
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationCSU Enterprise Identity Management Trust- Level Framework
CSU Enterprise Identity Management Trust- Level Framework Version 1.0 - November 2015 Page 1 v1.0 Table of Contents Purpose of this Document... 3 Executive Summary... 3 Motivation... 4 CSU Trust Level
More informationInteragency Advisory Board Meeting Agenda, February 2, 2009
Interagency Advisory Board Meeting Agenda, February 2, 2009 1. Opening Remarks (Tim Baldridge, NASA) 2. Mini Tutorial on NIST SP 800-116 AND PIV use in Physical Access Control Systems (Bill MacGregor,
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationTransportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005 Who Am I? How do you know? 2 TWIC Program Vision A high-assurance identity credential that
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationCryptologic and Cyber Systems Division
Cryptologic and Cyber Systems Division OVERALL BRIEFING IS Someone Scraped My Identity! Is There a Doctrine in the House? AF Identity, Credential, and Access Management (ICAM) August 2018 Mr. Richard Moon,
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationDerived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research
1 NISTIR 8055 (Draft) 2 3 4 5 Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research 6 Michael Bartock 7 Jeffrey Cichonski 8 Murugiah Souppaya 9 Paul Fox 10 Mike Miller
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationFederated Access. Identity & Privacy Protection
Federated Access Identity & Privacy Protection Presented at: Information Systems Security Association-Northern Virginia (ISSA-NOVA) Chapter Meeting Presented by: Daniel E. Turissini Board Member, Federation
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework
INTERNATIONAL STANDARD ISO/IEC 29115 First edition 2013-04-01 Information technology Security techniques Entity authentication assurance framework Technologies de l'information Techniques de sécurité Cadre
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationRegistration and Authentication
Registration and Authentication e-government Strategy Framework Policy and Guidelines Version 3.0 September 2002 Registration and Authentication / Version 3.0 / September 2002 1 Contents 1. Introduction
More informationOneID An architectural overview
OneID An architectural overview Jim Fenton November 1, 2012 Introduction OneID is an identity management technology that takes a fresh look at the way that users authenticate and manage their identities
More informationAIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0
z/tpf V1.1 TPF Users Group - Spring 2009 Security Considerations in a Service Oriented Architecture (SOA) Jason Keenaghan Main Tent AIM Enterprise Platform Software IBM z/transaction Processing Facility
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationDigital Solutions. January, 2016
Digital Solutions January, 2016 This document provides an outline of a presentation and is incomplete without the accompanying oral commentary and discussion. Conclusions and/ or potential strategies contained
More informationRevision 2 of FIPS 201 and its Associated Special Publications
Revision 2 of FIPS 201 and its Associated Special Publications Hildegard Ferraiolo PIV Project Lead NIST ITL Computer Security Division Hildegard.ferraiolo@nist.gov IAB meeting, December 4, 2013 FIPS 201-2
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationEvaluating Alternatives to Passwords
Security PS Evaluating Alternatives to Passwords Bruce K. Marshall, CISSP, IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Authentication Model Authenticator
More information