Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Card Verification Support

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Director of Product Line Management HID Proprietary & Confidential

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

Department of Labor HSPD-12

CARD ACCEPTANCE PROCEDURES Facilitator: Kristy A Stanley Fraud and Compliance Officer June

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

FIT3105 Smart card based authentication and identity management Lecture 4.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

CSCI 6962: Server-side Design and Programming

EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Biometric Access Control in TWIC Read Hardware and Card Application Specification Roger Roehr.

HSPD-12 and FIPS-201 Overview v Learning Objectives At the end of this course, you will be able to: Describe Homeland Security Presidential Directive.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

A Brief Introduction to Patient Identification Using the VUHID System Barry R. Hieb, MD Chief Scientist, Global Patient Identifiers Inc. Kantara, June.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

1 Improving Response Time in Traffic Police Infraction Registration System H. Arasteh Rad, K. B. Samsudin, A. R. Ramli, A. Mohamad Bagher Tehrani, M. A.

Web Security : Secure Socket Layer Secure Electronic Transaction.

DICOM Security Andrei Leontiev, M.S. Dynamic Imaging.

Chapter 21 Distributed System Security Copyright © 2008.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Creating and Managing Digital Certificates Chapter Eleven.

Access Control / Authenticity Michael Sheppard 11/10/10.

Principles of Policy in Secure Groups Hugh Harney SPARTA, Inc. Andrea Colegrove SPARTA, Inc. Patrick McDaniel University of Michigan.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Introduction Contain two or more CPU share common memory and peripherals. Provide greater system throughput. Multiple processor executing simultaneous.

11/18/2003 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.

Identity Crisis: Defining the Problem and Framing a Solution for Terrorism Incident Response Presented by Mark Landahl Supervisor – Homeland Security Section.

11 Office of Chief Financial Officer Employee Express (EEX) Guide How to request a PIN.

Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.

Presented by Auth My Doc Why Do We Need Authentication of Documents

Training for developers of X-Road interfaces

Using Technology to provide an innovative sustainable model for delivery of Cashless Health Insurance r r r r r y y g s s.

Welcome To Money pad November 23, 2018 Sample footer.

HIMSS National Conference New Orleans Convention Center

Presentation transcript:

Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer

2 Briefing Overview I. Background II. Process III. System Overview/Description IV. Conclusion

3 Background o A Token must provide interoperable, enhanced security compared to magnetic stripe and similar serial data transmission security technologies o Token encoding must be highly tamper, counterfeit, and cloning resistant

4 Process o A Token is issued to a holder by a home of record issuer in an enrollment process following the Federal Identity Credential Model o Issuer policy defines a level of assurance associating a token to a holder o The issuer manages the data structure and contents of issued tokens o The issuer maintains and does not reveal master token and application write access keys to a holder or other party

5 Process (cont.) o A holder initiates an access transaction to a Physical Access Control System (PACS) application which has free read to token identification (SEIWG) and validation data (MAC) o A holder initiates a enrollment transaction to access a PACS or related support system in cooperation with or independent of the issuer according to issuer policy and token configuration *An enrollment transaction is distinct from an access transaction*

6 Message Authentication Code (MAC) UID (7 bytes) Concatenation 3DES CBC SEIWG (25 bytes) Magnetic Stripe MAC (4 bytes)

7 Access Transaction (enter door) Card Managed MAC List Un-Managed MAC List Door Reader Card 1. Request 2. RATS (UID) Select File Read Binary 5 No Match/Security List Exists 6 No Match 7 Authenticate Card Denied 3. Generate MAC Match 4. Check No MatchMatch No Match/ Un-managed List Exists Secured MAC FID List Denied Data Validated No Match/ No Lists Exist Data Validated Select File Read Binary Select File Read Binary

8 Conclusion o This solution can be utilized by legacy systems and new systems with minor upgrades o Solution is relatively secure and can be built quickly o Validation and authentication is optional and may be performed at the reader, panel, or system o Authentication data must not interfere with PACS authorization mechanisms