PKI Update December, 2008 Nicholas Davis

Slides:

Advertisements

Similar presentations

1 PKI Buy vs. Build Decision at UW-Madison Presented by Nicholas Davis PKI Project Leader UWMadison, Division of Information Technology.

Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

PKI Implementation in the Real World

Data Security The Best Data Security In The Industry.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

PKI Past, Present and Future at the UW Nicholas Davis, PKI Project Leader Eighth Annual Educause PKI Summit.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

The Unique Challenges of Rolling Out a PKI in the U.W. Academic Environment Nicholas A. Davis.

Lexmark Print Management

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Certificate and Key Storage Tokens and Software

Public Key Infrastructure from the Most Trusted Name in e-Security.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007 SSL Security with Alpha Five App Server Protecting sensitive or personal data.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

1 PKI Update September 2002 CSG Meeting Jim Jokl

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

© Aladdin Knowledge Systems 2006 Aladdin eToken Overview April 2006 ®

Nicholas A. Davis DoIT Middleware September 29, 2005.

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

GatorLink Password Management Policy March 31, 2004.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.

PKI Update December, 2008 Nicholas Davis. Quick Background 2004 UW-Madison purchased co-managed solution from Geotrust Both client certs and SSL certs.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

PKI Activities at Virginia September 2000 Jim Jokl

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Meganet Corporation VME Sign Meganet Corporation Meganet Corporation is a leading worldwide provider of data security to Governments, Military,

MARK B. JONES PKI DEPLOYMENT FORUM MADISON, WI APRIL 16 TH, 2008 Why do I need a Digital ID?

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.

WSV Problem Background 3. Accelerated Protocols and Workloads 4. Deployment and Management 2. BranchCache Solution Modes 5. BranchCache Protocols.

The Decision to Buy vs. Build Nicholas Davis (UW-Madison) Tom McDonnell (Geotrust)

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Enterprise | education | public printing locations PrinterOn for Healthcare.

Basharat Institute of Higher Education

Secure Single Sign-On Across Security Domains

CAcert A Communities Way To Professionalism

PKI Implementation at the University of Wisconsin-Madison

Web Services Security.

Merging Security and Convenience with Seos® Credential Technology

Installation & User Guide

Secure Enterprise Technology Initiatives e-Provisioning Group

Public Key Infrastructure from the Most Trusted Name in e-Security

AppExchange Security Certification

Installation & User Guide

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Fed/ED December 2007 Jim Jokl University of Virginia

Federating and PKI: Case Studies Paul Hill, MIT

September 2002 CSG Meeting Jim Jokl

Meganet Corporation VME Sign 2004

Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Scott Alan Miller MCP,

Presentation transcript:

PKI Update December, 2008 Nicholas Davis

Quick Background 2004 UW-Madison purchased co-managed solution from Geotrust Both client certs and SSL certs are purchased from Geotrust Started September, 2004 Centrally funded

Current Environment Over 1000 client certs currently in use across campus Used for email signing, document signing and encryption Documents, PDF, Word, multiple email clients We hosted the First Annual Educause PKI Deployment Forum in April, 2008.

New Use for Certificates at UW Dual factor authentication to protect sensitive web applications Web Initial Sign-on Client based on Pubcookie Altered to authenticate via digital certificates

Where are the Certificates Stored? Etokens, local drives HID Crescendo Cards New UW-Madison ID cards contain: magnetic stripe, bar code, printed number, picture, status (staff/student), 2 RFID cores (Prox and iClass) Subset of cards (250) contain the HID Crescendo chipset

UW ID Card Continued Crescendo chipset Raaksign software Windows only software included, Macintosh 3rd party software available Design story

McAfee Safeboot Whole disk encryption being deployed on a volunteer basis Can use certificates in pre-boot authentication HID Crescendo card is supported by McAfee for pre-boot authentication

PKI Rollout to UW-System UW System plans to roll digital certificates out across UW statewide system 26 campuses Prime driver is encrypting sensitive email and digital signing of mass email 56,000 person signed email sent this week

Issues With Mass Email Too complex for some people to figure out Some people agree to delegate signing authority Is it ideal? No Does it get the job done? Yes

Our Guiding Principles Keep it simple Balance ideal security with the needs of our user community Make it usable outside of our campus Coolness factor, can’t be underestimated. The unified card is a big hit!

Next Steps Put our PKI contract out for bid Geotrust absorbed by Verisign, True Credentials no longer being actively promoted or developed

Questions Questions and comments welcome at this time, EXCEPT for questions from Scott Rea! Nicholas Davis ndavis1@wisc.edu