CDSA HRS NCITS M1 Meeting Catherine J. Tilton SAFLINK 11417 Sunset Hills Rd, Suite 106 Reston, VA 20190 +1 703-708-9280 Fax +1 703-708-0014

Slides:

Advertisements

Similar presentations

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

Advertisements

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

Multi-Application in Smart Card-based Devices Christophe Colas, Chief Software Architect August 2002.

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.

Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Ravi Sankar Technology Evangelist | Microsoft Corporation

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Trusted Computing Platform Alliance

SODA Archiving October 2013

Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.

Configuring Directory Certificate Services Lesson 13.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Module 9: Fundamentals of Securing Network Communication.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #21 Biometrics Standards - I November 7, 2005.

Ivo Rosol, OKsystem Middleware.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

April 20023CSG11 Electronic Commerce Smartcards John Wordsworth Department of Computer Science The University of Reading Room.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Fax: (703) DoD BIOMETRICS PROGRAM DoD Biometrics Management Office Phone: (703)

Using Public Key Cryptography Key management and public key infrastructures.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.

© 2012 IBM Corporation IBM Worklight Overview Martin Triska – IBM Worklight specialist (420) July 2012.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler

Module 8: Securing Network Traffic by Using IPSec and Certificates

CS691 M2009 Semester Project PHILIP HUYNH

Grid Computing B.Ramamurthy 9/22/2018 B.Ramamurthy.

Enterprise Single Sign-On

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

CS691 M2009 Semester Project PHILIP HUYNH

Goals Introduce the Windows Server 2003 family of operating systems

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Public Key Infrastructure from the Most Trusted Name in e-Security

Module 8: Securing Network Traffic by Using IPSec and Certificates

Install AD Certificate Services

Intel Active Management Technology

OU BATTLECARD: Oracle Identity Management Training

Presentation transcript:

CDSA HRS NCITS M1 Meeting Catherine J. Tilton SAFLINK Sunset Hills Rd, Suite 106 Reston, VA Fax M1/

NCITS M1 16 January CDSA The Common Data Security Architecture (CDSA) is a set of layered security services and cryptographic framework that provide an infrastructure for creating cross-platform, interoperable, security-enabled applications for client-server environments. CDSA covers all the essential components of security capability, to equip applications for electronic commerce and other business applications with security services that provide facilities for cryptography, certificate management, trust policy management, and key recovery. CDSAv2 is scalable such that it can provide security services for any device, ranging from Personal Digital Assistants (PDAs) to Mainframes, and any operating platform from Windows to UNIX / LINUX. Incorporating the CDSA solution into enterprise environments effectively decouples any single security solution from the infrastructure, and integrates a mechanism (EMM) that allows you to plug and unplug security solutions as required.

NCITS M1 16 January CDSA Architecture CDSA defines a horizontal, four-layer architecture: 1. Applications 2. Layered services and middleware 3. Common Security Services Manager (CSSM) infrastructure 4. Security Service Provider Modules The CDSAv2.3 Technical Standard is organized into 15 parts, each addressing specific aspects of the architecture, and catering for the needs Application Developers, CSSM Infrastructure Providers, and Security Service Module Providers.

NCITS M1 16 January CDSA components 1. The CDSA architecture 2. Common Security Services Manager (CSSM) APIs for core services 3. Cryptographic Service Providers (CSP) 4. Trust Policy Services (TP) 5. Authorization Computation Services (AC) 6. Certificate Library Services (CL) 7. Data Storage Library Services (DL) 8. Module Directory Service (MDS) 9. Key Recovery Services (KR) 10. Embedded Integrity Services Library (EISL) 11. Signed Manifest 12. Object Identifiers for Certificate Library Modules 13. Elective Module Manager (EMM) 14. Add-in Module Structure and Administration 15. Appendices, Glossary, and Index

NCITS M1 16 January CDSA Human Recognition Services (HRS) Human Recognition Service –Authentication API extension to CDSA –Elective Module Manager (EMM) –Biometric Functions based on the BioAPI (Ver 1.1) –CBEFF compliant An OpenGroup standard Supports user authentication within a security framework Biometrics used in conjunction with other security modules (cryptographic, dig cert, data libr) –Leverages the “Integrity” capabilities of CDSA Supports multi-factor authentication Open Source Reference Implementation is available – Part of the CDSA Open Source – intel.com/ial/security

NCITS M1 16 January CDSA Framework Module Directory Data store CSSM Security API Crypto Manager SPI Certificate Library CLI Certificate Manager HRI Authentication Manager DLI Data Manager Data Storage Library HRS BSP HRS-API Integrity Services Cryptographic Service Provider Smartcard TPI Trust Manager Trust Model Library Remote CAs Authorization Manager ACI Authorization Computation Library Module Management Plug-in Service Providers (SP) BioAPI EMM Source:Intel Labs Labs

NCITS M1 16 January Status/Summary HRS updated to be consistent with BioAPI Ver 1.1 –Intel has committed to keep the two in sync No active HRS WG at present –Responding to requests Website –