Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Enterprise Technology Initiatives e-Provisioning Group

Similar presentations


Presentation on theme: "Secure Enterprise Technology Initiatives e-Provisioning Group"— Presentation transcript:

1 Overview of PKI@Virginia Tech
Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed XV PKI Coordination Meeting June 14, 2007 Virginia Tech

2 Secure Enterprise Technology Initiatives
Background Secure Enterprise Technology Initiatives eProvisioning Group Technical Support for University PKI Initiatives Sponsorship For PKI Initiatives Vice President for Information Technology Funding from Executive Vice President Virginia Tech Blacksburg, Virginia - Southwestern VA Research University - Ranking 56th in US 28,000 Full Time Students - Largest in VA 7,000 Faculty and Staff - PKI Target Group Corporate Research Center - Location of CC Virginia Tech

3 Personal Certificates
VTCA Architecture Virginia Tech Root CA Offline CA 4/10/2003 Online CA Subordinate CAs Server CA Middleware CA 4/10/2003 7/23/2004 User CA 9/20/2006 Other CAs As Needed 417 Issued 105 Issued 444 Issued Personal Certificates Aladdin eToken SSL Web Server Certificates Middleware Certificates Virginia Tech

4 Six Projects: A Coordination Challenge
PKI Project Structure Six Projects: A Coordination Challenge Infrastructure Integration Token Administration System Policy Device Selection Documentation and Communication Virginia Tech

5 VTCA Design Methodology
Architecture: Hierarchical Model High Assurance Level: FIPS Level 3 HSM Standards: PKCS, CryptoAPI, PCSC, X509 v3 Commercial or OpenSource: OpenCA 0.9.x Deployment Model: Phased, Smart Devices Scope: Initially for Internal Use Administration: RA,CA,HSM,SYS,APP CP and CPS Documents: PMA, RFC 2527 Virginia Tech

6 VT Personal Digital Certificates
Token Administration System - TAS Two Phase Certificate Enrollment Process - Phase I Registration Authority Admin Station Applicant Hokie ID scanned to retrieve LDAP record Applicant provides two photo IDs for validation Applicant creates a password for their eToken - Phase II Certification Authority Admin Station Applicant authenticates using their eToken password TAS generates RSA keys onboard eToken and creates CSR TAS sends CSR to User CA, returned cert stored on eToken Applicant digitally signs VT Usage Agreement TAS automatically sends with instructions to applicant eToken Password Resets, Certificate Revocation Virginia Tech

7 Virginia Tech Personal Certificate Profile VT PKI Applications
PKI Integration Virginia Tech Personal Certificate Profile Encryption Disabled VT PKI Applications Digitally Signed Leave Reports/Work Flow VPN Authentication S/MIME , MS Office Word and Excel, Adobe Acrobat Client SSL Authentication, CAS (Central Authentication Server) Other Digital Signature Applications Grant Proposals Travel Vouchers Various Departmental Forms Phone Bills Virginia Tech

8 References Virginia Tech Home Page www.vt.edu Virginia Tech PKI
Virginia Tech PDCs Virginia Tech Certificate Policy Virginia Tech eAladdin eToken News Personal Digital Certificates at Virginia Tech – Internet2 Presentation Virginia Tech

9 Overview of PKI@Virginia Tech
Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed XV PKI Coordination Meeting June 14, 2007 Virginia Tech


Download ppt "Secure Enterprise Technology Initiatives e-Provisioning Group"

Similar presentations


Ads by Google