US Federal PKI Bridge. Ram Banerjee VP Vertical Markets

Similar documents
Government PKI Factors Influencing Architecture for the Equal Employment Opportunity Commission

NIST E-Authentication Guidance SP

Strategies for the Implementation of PIV I Secure Identity Credentials

HSPD-12 : The Role of Federal PKI

PKI and FICAM Overview and Outlook

Singapore s National Digital Identity (NDI):

Electronic Signature Policy

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Higher Education PKI Initiatives

Interagency Advisory Board Meeting Agenda, July 28, 2010

Leveraging HSPD-12 to Meet E-authentication E

Séminaire sur la Certification Electronique

Smart Cards & Credentialing in the Federal Government

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

Trusted Identities That Drive Global Commerce

FPKIPA CPWG Antecedent, In-Person Task Group

Federated Access. Identity & Privacy Protection

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

Legally-Binding Electronic Signatures with OnTask

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Certification Authority

The U.S. Government s Role in Standards and Conformity Assessment

ISO/IEC INTERNATIONAL STANDARD

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

TRNC e-government Program

GovernmentOnline Gatekeeper The Government s Public Key Infrastructure

Thursday, May 15. Track D Security & Access Control

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Identity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID

The Benefits of EPCS Beyond Compliance August 15, 2016

National enote Registry Requirements Document. Version 1.0

An Introduction to DirectTrust

CERTIFICATE POLICY CIGNA PKI Certificates

U.S. E-Authentication Interoperability Lab Engineer

Interagency Advisory Board Meeting Agenda, August 25, 2009

FiXs - Federated and Secure Identity Management in Operation

CEN TC 224 WG15. European Citizen Card. Brussels May 10th CEN/TC 224 WG15 European Citizen Card

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

Leveraging the LincPass in USDA

esign - Evolving Opportunities and Applications C E N T R E F O R D E V ELOPMENT O F A D VANCED C O MPUTING N O V E M B E R 1 5,

Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.

Development of smart authentication and identification in Asia

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

National Strategy for Trusted Identities in Cyberspace

Issues in Assessing Commercial Certification Service Trust

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

TWIC / CAC Wiegand 58 bit format

Seagate Supply Chain Standards and Operational Systems

MUTUAL RECOGNITION MECHANISMS. Tahseen Ahmad Khan

I-95 Corridor Coalition. Multi-State VMT-Based Road-User Fee Initiative. Mark F. Muriello

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

ASEAN e-authentication Workshop Balwinder Sahota

Technical Trust Policy

SAML-Based SSO Solution

United States Department of Defense External Certification Authority X.509 Certificate Policy

Interagency Advisory Board Meeting Agenda, February 2, 2009

Pharma IT ELECTRONIC RECORDS

This document is a preview generated by EVS

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Biometric Use Case Models for Personal Identity Verification

A standard for High-Assurance Identity for Healthcare and Pharmaceutical e-transactions

In today s business environment, data creates value so it s more important than ever to protect it as a vital business asset

SAML-Based SSO Solution

Mobile Validation Solutions

eid Applications Cross Border Authentication

Data Governance Strategy

Negotiations or Clarifications - Do you know the difference?

Version 3.4 December 01,

Security Training Seminars An integral part of The Open Group Security Programme

Certificateless Public Key Cryptography

Interagency Advisory Board Meeting Agenda, February 2, 2009

IT Security Evaluation : Common Criteria

ADmitMac PKI Executive Summary. 2010, Thursby Software Systems, Inc.

SSL/TSL EV Certificates

Enabling a World-Class National ICT Sector

Electronic Commerce Working Group report

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

X.509 Certificate Policy. For The Federal Bridge Certification Authority (FBCA)

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

Smart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

Strategies for the Implementation of PIV I Secure Identity Credentials

Server-based Certificate Validation Protocol

ECA Trusted Agent Handbook

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Federal PKI. Trust Store Management Guide

Intra-ASEAN Secure Transactions Framework. Pitinan Kooarmornpatana Director of IT Infrastructure Office of ETDA Jun 2015

Direct, DirectTrust, and FHIR: A Value Proposition

How does industry drive forward. SAFE-BioPharma Association

The Open Protocol for Access Control Identification and Ticketing with PrivacY

Health Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved?

DMWM Scrap Tire Transporter Registration Service-User Guide

IMPLEMENTING AN HSPD-12 SOLUTION

Mapping to the National Broadband Plan

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Interagency Advisory Board Meeting Agenda, February 2, 2009

Employment Ontario Information System (EOIS) Case Management System

Transcription:

US Federal PKI Bridge Ram Banerjee VP Vertical Markets

e-gov and PKI Drivers Government Paperwork Elimination and ESIGN Acts Public Expectations Long-term Cost Savings The Need for Privacy and Security Government is held to higher standard Trading Partner Practices 3

Business Driver: Savings by Process Type Traditional System Internet Percent Savings Bill Payment $2.22 - $3.32 $0.65 - $1.10 71% - 67% Insurance Policy $400 - $700 $200 - $350 50% Software Distribution $15 $0.20 - $0.50 97% - 67% Procurement 70% Motor Vehicle Registration $7 <$2 71% Order-Filling (DOD) $24 $12 50% 4

Electronic Signatures in Global and National Commerce Act Signed by President Clinton on 6/30/00. E-SIGN addresses: Commercial, consumer, and business transactions affecting interstate or foreign commerce Legality of electronic signatures and records Preemption of inconsistent statutes/rules E-SIGN does not address Security, authentication, or records requirements Interoperability Electronic signatures based on different technologies Rules for reliance/accepting different kinds of signatures 5

GPEA Requirements Federal Agency activities and requirements are generally not within the scope of this legislation; they are instead addressed by the Government Paperwork Elimination Act (GPEA) GPEA of 1998 addresses: requirement for federal agencies to offer the public the option of electronic filings/transactions/record-keeping for agency business by October 2003 Legality of electronic signatures and records Technology neutrality -- electronic signature alternatives 6

Issues with a U.S. Federal PKI For Statutory mandates for e-government and implementing electronic signature technology Demands for improved services at lower cost International Competition International Collaboration Against Concerns of Privacy Advocates Agency internal politics Vendor battles for market space Cost 7

The Approach to a U.S. Federal PKI Agencies implement their own PKIs Create a Federal Bridge CA using COTS products to bind Agency PKIs together Establish a Federal PKI Policy Authority to oversee operation of the Federal Bridge CA Ensure directory compatibility Use Access Certs for Electronic Services (ACES) for transactions with the public 8

PKI Interoperability PKI Domain 2 PKI Domain 1 Certification Policies & Practices Statements Validation Protocols Bi-lateral Agreements PKI Domain 3 Policy PKI Interoperability involves the determination of Trusted PKI domains which will meet the level of assurance needed. Technical PKI interoperability involves the validation of certificates form a different PKI domain to determine validity of certificates and paths. A small number of PKI domains makes it easier to achieve interoperability -- however it is still complex. 9

The Challenge to PKI Interoperability PKI interoperability becomes much more complex as the number of PKI domains increase. 10

Non hierarchical HUB FPKI Policy Authority FBCA Operational Authority The Federal Bridge CA simplifies PKI interoperability Common and easy way to determine Trusted PKI domains and assurance levels (policy mapping) Common and, relatively, easy way to validate certificate status through cross certification Standard Bi-lateral Agreement between the Bridge and Agency CA 11

Access Certs for Electronic Services No-cost certificates for the public For business with Federal agencies only (but agencies may allow other uses on case basis) On-line registration, vetting with legacy data; information protected under Privacy Act Regular mail one-time PIN to get certificate Agencies billed per-use and/or per-certificate 12

ACES Remote (On-line) Certificate Application Process Public applies for certificate Secure Web ACES vendor validates ID to multiple independent databases Federal State Applicant PIN activation process Commercial Secure Web ACES vendor sends registered certificate ACES vendor registers applicant for certificate and mails one-time PIN 13

Accessing Web-Based Applications and Services Citizen Access Authorized System with ACES authentication Secure Web Return Personalized Services/Benefits/ Information ACES Contracted Certificate Authority Federal Agency Authorized Web-based Application Validate Electronic ID (ACES) through standard on-line protocol (OCSP) 14

PKI and Smart Cards Securely store, protect, and transport multiple cryptographic keys (public/private keys) and digital certificates Provide secure computational and processing facility without exposing sensitive information Provides security for: generation of digital signature use of private key for personal authentication, portable permissions/logical access control Convenience for end user PKI can be one set of functions on a multiapplication smart card Uniquely identify the user through PIN/Biometric 15

References Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc NIST PKI Website: http://csrc.nist.gov/pki GSA Website: http://www.gsa.gov/aces ANSI Website: http://www.ansi.org 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback