Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Slides:



Advertisements
Similar presentations
Help File For User Creation Click the “Course” button for Creating/Add User.
Advertisements

Dartmouth PKI Deployment Case Study: What Works and Doesn’t Work (so far) Presented by: Mark Franklin Sixth Annual PKI Summit at Snowmass, Colorado August.
Information Technology and Computing Services One Stop East Carolina University Kari Mills New Technologies Development Group Empowering East Carolina.
1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.
The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
Session Objectives Illustrate benefits of BOCES and EES membership Introduce the Enrollment for Education Solutions (EES) Academic licensing solution.
PKI: A Technology Whose Time Has Come in Higher Education EDUCAUSE Live! Web Seminar May 11, 2004.
PKI Implementation in the Real World
Problems With Centralized Passwords Dartmouth College PKI Lab.
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
A.Vandenberg August 7, 2001 HE PKI Summit State of Georgia and PKI Art Vandenberg Director, Advanced Campus Services Information Systems & Technology.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
The PKI Lab at Dartmouth Presentation for Mellon Retreat February 9, 2004.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.
Superhighway Robbery: The Real Cost of Cyber Security NACUBO July 18, 2004 Copyright Mark Franklin, This work is the intellectual property of the.
University of Michigan Administrative Information Services Merit Information HRMS Unit Liaison Meeting June 15, 2007.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Meditech Remote Access Training September 2011 Page 1.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
What is the UF VPN Client, and How Do I Use it? (for Windows XP/7/ 8 Users). Presented by the Course Reserves Unit, George A. Smathers Libraries
What is the UF VPN Client, and How Do I Use it? (for OS X users). Presented by the Course Reserves Unit, George A. Smathers Libraries
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Public Key Infrastructure Ammar Hasayen ….
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
Information & Technology Services Update Forum May 20 & 21, 2009.
1 PKI Update September 2002 CSG Meeting Jim Jokl
Jenny Jopling Texas Computer-based Testing Collaborative.
Some aspects of Library Technology Infrastructure in the US and Japan Tim Deliyannides & Takeshi Kuboyama
Coppin State University Integration Strategies for PeopleSoft Enterprise Portal June 7, 2006 at 10:45 AM Portal 2006 Conference Gettysburg, PA.
+ Navigating Campus Technology Presented by Stephanie Jasmin.
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Campus Computing Resources for Researchers Rutgers University Office of Information Technology Presented By:Joe Sanders University Director, OIT Rutgers.
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
PKI Update December, 2008 Nicholas Davis. Quick Background 2004 UW-Madison purchased co-managed solution from Geotrust Both client certs and SSL certs.
Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
PKI Activities at Virginia September 2000 Jim Jokl
John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec.
March 15, 19991Matt Bishop Recommendations for One- Time Instructional Technology Funds Usage Instructional Technology Infrastructure Subcommittee, Academic.
MARK B. JONES PKI DEPLOYMENT FORUM MADISON, WI APRIL 16 TH, 2008 Why do I need a Digital ID?
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Problems With Centralized Passwords Dartmouth College PKI Lab.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
PKI: A Technology Whose Time Has Come in Higher Education EDUCAUSE Security Professionals Workshop May 17, 2004 Copyright Mark Franklin, This work.
Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,
Enterprise Education Services Negotiate, Integrate, Collaborate.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Secure Enterprise Technology Initiatives e-Provisioning Group
September 2002 CSG Meeting Jim Jokl
MIT Case Study Notes Paul B. Hill
Presentation transcript:

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting

2 Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: –Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere). –Improve the current state of the art. Identify security issues in current products. Develop solutions to the problems.

3 Production PKI Applications at Dartmouth Dartmouth certificate authority –800 end users have certificates, over 500 of them are students PKI authentication in production for: –Banner Student Information System –Library Electronic Journals –Tuck School of Business Portal –VPN Concentrator –Blackboard CMS –Software downloads S/MIME (Outlook, Mozilla, Thunderbird) AOL AIM (PKI-secured sys admin communications)

4 Second Wave of PKI Deployment at Dartmouth Actively developing: Hardware tokens –Required for VPN access to secured subnets Higher assurance certificates (picture ID check) Additional applications (e.g. grid)

5 Certificate Distribution Plan Self-service web enrollment: any user can get a certificate any time (LDAP username/password) Higher assurance certificates (picture ID registration, usually on tokens) in production soon Moving to tokens for portability and two factor authentication Distributing tokens to all incoming freshmen who purchase a Windows computer

6 Freshmen Distribution Distribute over 800 computers in 2 hours Conducted every year since 80’s Covering cost of tokens in computer purchase price Not included (roughly 30%): –Macintosh purchasers (no Mac drivers for tokens yet) –“Bringers” who choose not to purchase a computer from the distribution –Anybody can get a token later This strategy will cover most undergraduates over the course of 4 years – controlled way to gain critical mass

7 Freshmen Distribution Logistics Challenge: How enroll certificates on these tokens? –5 minutes each add up fast with 700 – 800 enrollments –Issue vouchers for the tokens and have helpdesk issue them later –Spreads out labor Token drivers pre-installed on computers User education is combination of handouts and web: –No training classes –Explicit cookbook instructions, very light on PKI theory –Worked well with software certificates – help desk load has been insignificant to date

8 Other Users Low key approach – not forcing the issue (yet) Purchased 750 tokens to “prime the pump” First targeting staff, and faculty who have special reasons to use them, e.g.: –Health services staff –Users of sensitive systems –System administrators Grad students and non-freshmen undergrads voluntary (so far) WSO and SSO applications provide value managing username passwords Phase in applications that require PKI

9 End Goal Over time, PKI becomes primary authentication method for applications and users Tokens for the masses As appropriate, deploy digital signature and encryption applications Make PKI as invisible as possible

10 For More Information Outreach web: Dartmouth PKI Lab PKI Lab information: Dartmouth user information, getting a certificate:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.