Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.

Slides:



Advertisements
Similar presentations
Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.
Advertisements

A strategy for a Secure Information Society –
Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.
HHA, A N e w W a y o f W o r k i n g T o g e t h e r Status of Preparation of the Conference of Ministers of Health and Finance F. Sergent (AfDB) and B.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Systems Engineering in a System of Systems Context
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Commonwealth Office of Technology Finance and Administration Cabinet Electronic Signature Overview Name:Chris Clark Date: October 28, 2004.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
The InCommon Federation The U.S. Access and Identity Management Federation
Digital Signatures A Brief Overview by Tim Sigmon August, 2000.
Evaluation Seminar Czech Republic CSF and OP Managing Authorities David Hegarty NDP/CSF Evaluation Unit Ireland.
The United States National Spatial Data Infrastructure.
ISSA European Network Technical Seminar on efficient e-services in Social Security Warsaw, 24 th of May 2012 Dr. Jens Bruhn Deutsche Rentenversicherung.
Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.
Documenting the Participation of Fishing Vessel Crew Members in Alaska’s Commercial Fisheries Documenting the Participation of Fishing Vessel Crew Members.
GOC Technical Architecture GoC Position on Open Source Presentation to eGovOS Open Source in Government Series March 15, 2004.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
EFFECTIVE, EFFICIENT, SUSTAINABLE SOLUTIONS TO COMMUNITY PROBLEMS THROUGH THE COLLABORATIVE EFFORTS AND RESOURCES OF CITIZENS, BUSINESS, GOVERNMENT, AND.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
PACIFIC AID EFFECTIVENESS PRINCIPLES. Purpose of Presentation Provide an overview of Pacific Principles on Aid Effectiveness Provide an overview of Pacific.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.
Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.
1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.
EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.
DIGITAL SIGNATURE.
The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.
Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Global Geospatial Information Management (GGIM) A UN-DESA Initiative in collaboration with Cartographic Section, DFS Stefan Schweinfest UNSD.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
Overview of ONC Report to Congress on Health Information Blocking Presented to the Health IT Policy Committee, Task Force on Clinical, Technical, Organizational,
PKI in Virginia September Commonwealth Bridge Project Time Line of Activity l COVITS Meeting - September 1999 »Commonwealth of Virginia Information.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Virginia Office of Public-Private Partnerships (VAP3) Adopted Public-Private Transportation Act (PPTA) enabling legislation in 1995 Public-Private Education.
Traveling into the Future with the 5010 Implementation Timeline HIPAA COW Spring 2009 Conference Presented by Laurie Burckhardt, WPS EDI Manager.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
8 Building Blocks of National Cyber Strategies
U.S. Federal e-Authentication Initiative
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
HIMSS National Conference New Orleans Convention Center
Biosurveillance and the National Health IT Agenda
Presentation transcript:

Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access Work Group October 27, 1999

2 Today’s Topics Background –Commonwealth Context –Work Group events to date About Digital Signatures Key Findings & Recommendations Discussion

3 Work Group Events since June Monthly PSA Work Group sessions Presentation for COTS Panel at COVITS (Health Canada, Federal PKI Steering Committee & Capital One) Monitoring legislative developments –Federal, state & model Video teleconference with the State of Washington Planning “First Wave” agencies at DGIF Federal Bridge Certification Architecture at UVa

4 What are the Questions? What is it? Who’s using it? To what degree? Do we need it? Do we need it for everything? How do we get there?

5 What a Digital Signature is NOT NOT a handwritten signature NOT a digitized signature NOT the same as an electronic signature

6 What a Digital Signature IS It results from an arithmetic operation on data – the data it “signs” cannot be altered without detection It uses public & private “keys” It relies on “certificates” issued to individuals within a PKI It involves sophisticated encryption It provides –a high level of authentication –technical non-repudiation –confidentiality

7 Demystifying Digital Signatures A video, courtesy of Washington State Department of Information Services

8 “Electronic” or “Digital” “ Digital” is a subset of “electronic” There are a variety of ways to create an ‘electronic’ sig: –PIN’s –digitized (stroked) signatures –other forms of biometrics –or even double-clicks –…. any electronic form, given with the “intent to sign”

9 Are Digital Certificates & signatures “right” for every signing process? Not necessarily - a spectrum of electronic signatures could be valid A variety of electronic signatures are already in use (e.g., digi tized signatures on the Driver’s license, PIN numbers, etc.) Criteria should be applied appropriately to match methods of e-signing to business processes

10 Parts of a “managed” PKI? Key “PKI” components include –Registration Authorities - authenticate individual id’s –Certification Authorities - vouch for validity of certificates –Certificate Repositories - publicly available databases –Mechanism to recover/reissue lost/compromised keys –Certificate Policies & other governing practices

11 What is a “PKI” A “public key infrastructure” is the complex framework within which digital signatures operate to associate individuals reliably with the public key of a public/private key pair PKI = laws, policies, hardware, software, business processes & people

12 Other Key Points about PKI’s 1The technology works -- we don’t need to prove it 2Standards are still evolving but well developed enough to proceed 3The technology is new & complex, BUT the hardest issues to resolve will be policy, legal, and business 4A PKI is costly…. but compared to what?

13 What are the trends toward adoption? To this point, relatively slow Pace will quicken Demand will grow The number & pace of pilots, deployments & legislative initiatives is growing –nationally & internationally

14 Growth in Federal Certificates in 2000 FAA from 1000 to 20,000 FDIC from 1000 to 7,000 NASA from 1000 to 25,000 DOE from 1000 to 20,000 DOD has issued 50,000 certificates –By 2002, 4 Million

15 Progress in Other States A number of states have limited deployments running as pilots or production A number of others have active RFP’s outstanding –including Washington, Illinois, Texas & New York –California and Minnesota are also active

16 Our current position…... We are well behind the feds We are behind a number of other states, but not at the back of pack We can gain a leadership position by –leveraging the experiences of other states –adapting “best of breed” or model policies and practices to Virginia’s needs

17 Does COVA need a PKI & Digital Signatures ? Yes Digital signatures are a key element of a robust e-commerce environment Failure to provide will –impede e-commerce and economic growth –postpone realizing the associated benefits of convenience and efficiency

18 1. Decide & Commit NOW To keep pace with outside events To be ready for the 2001 General Assembly work needs to be completed before this time next year Work must begin today

19 2. Proposals for the 2000 General Assembly Proposed legislation –to retain ability to adopt digital signatures, and –to restore ability to adopt other forms of electronic signatures A resolution supporting policies & principles

20 3. Develop Bridge Certification Architecture Based on the federal model In collaboration with First Wave efforts University of Virginia to lead

21 4. Commission First Wave Deployments First Wave will demonstrate: Internal to an agency Agency to agency Agency to business partners Agency to local government Agency to general public (limited client population)

22 First Wave Sponsors Agencies & Localities –Chesterfield County –Department of Game & Inland Fisheries –Department of Information Technology –Department of Motor Vehicles –Department of Transportation –Fairfax County –VIPNet Others may join by proposal within 30 days

23 5. Oversight, Coordination & Staffing Appoint an Oversight Committee –Chaired by Secretary of Technology Establish a new COTS work group –Assisted by full time staff –Including appointed central agency participants –Including industry partners –In collaboration with CBCA initiative –PSA Work Group addresses broader, ongoing agenda

24 6. Interim Certificate Authorities Department of Game & Inland Fisheries VIPNet contractor in agreement with the Department of Information Technology Any others -- tbd

25 7. Funding Short term –Up to $100k from the Technology Infrastructure Fund –First Wave organizations Longer term –Appropriations

26 The Seven Point Plan, in summary……. 1Decide and commit 2Pursue support in the 2000 General Assembly 3Develop a COVA Bridge Certification Architecture 4Commission First Wave Deployments 5Establish project Oversight & Plans 6Designate interim Certificate Authorities 7Provide Seed Money

27 Results of the Plan >Foundation of operating decisions & rules >A Bridge Certification Architecture >An Enterprise PKI Architecture >An Acquisition Strategy >Business Model >Invested knowledge & skills base >Trust & confidence in a working solution, extensible to other Commonwealth public sector, business partners & to the public

28 What about………. Biometrics? Smart cards? VPN’s? S/mime and other standards? Interfacing with legacies? Single sign on? Interoperability?

29 A Final Report…… A Work in Progress Many important questions remain Some are within our influence & control our own legal, policy & business frameworks products, tools, architectures & standards pace Some are being driven by external events federal legislation evolution of standards evolution of products & tools

30 In Closing Remarks from PSA Members COTS Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.