Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.

Published byZavier Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "SAFE-BioPharma Association NSTIC Day How does industry drive forward."— Presentation transcript:

1 SAFE-BioPharma Association NSTIC Day How does industry drive forward

2 Topics Topic C: Assurance levels, “frameworks“, interparty liability Topic D: Device-specific methods: mobile; smartcards; browser DNT, etc. –PKI, non-PKI 2 SAFE-BioPharma Association

3 Assurance levels, “frameworks“, interparty liability OMB 04-04 –Level 1: Little or no confidence in the asserted identity’s validity –Level 2: Some confidence in the asserted identity’s validity –Level 3: High confidence in the asserted identity’s validity –Level 4: Very high confidence in the asserted identity’s validity NIST SP 800-63 provides additional guidance per level –Registration and identity proofing –Tokens –Token and credential management mechanisms –Protocols used to support the authentication mechanism between the Claimant and the Verifier –Assertion mechanisms 3 SAFE-BioPharma Association

4 Assurance levels, “frameworks“, interparty liability PKI –FBCA Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High. –Also Medium Hardware Commercial Best Practices (CBP) Assurance Requirements Non-PKI –FICAM Levels 1-3 4 SAFE-BioPharma Association

5 5 I SAFE:Vz Biz/Chosen/ TranSped Fed Common Policy Root CA Entrust CertiPath Bridge CA SAFE Bridge CA Federal Bridge CA Boeing Northrop Grumman SITA Lockeed Martin CertiPath Common Policy Root CA Exostar VDoT GSA MSO VeriSign SSP DoTHUD Verizon Bus SSP EOP VA HHS US Treasury SSP NASA SSA State of Illinois DoE Dept. of State US PTO GPO DHS DoJ E-Commerce DoJ DEA ARINC DoD SA AZ Merck Citi ORC ACES EADS Raytheon VeriSign GPO SSP USPS NRC DoD Interoperability Root DoL EPA REBCA 4BF – Interlinked PKI Network of Trusted Cyber- Communities J&J&J Exostar Other pharmass 5 Abbott

6 Non-PKI TFPs FICAM certified –LOA 1 – OIX –LOA 1-2 – InCommon –LOA 1-3 – Kantara In process –LOA 2-3 – SAFE-BioPharma Assn –Under TFET review 6 SAFE-BioPharma Association

7 Interparty Liability SAFE-BioPharma –Closed membership association –Dispute resolution process governs adjudication Agree not to sue but rather arbitrate –Liability covered under Operating Policies and Member/Issuer Agreements Specific caps related to credential management only Does not cover use of credentials Other TFPs –Part of why we are here 7 SAFE-BioPharma Association

8 Authentication and credentials PKI is covered by the FBCA CP and CPS –Multiple certificate types –Hardware, software and roaming Roaming currently classed as software by the FBCA Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificates Non-PKI –NIST SP 800-63 –Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens –Much of industry working with the Dec 2008 (now Jun 2011 draft) Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association

9 Token types Who is doing what and how? PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMs Non-PKI –LOA 1&2 – memorized secrets, pre-registered knowledge tokens –LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device –LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association

Download ppt "SAFE-BioPharma Association NSTIC Day How does industry drive forward."

Similar presentations

PKI deployment in the Aerospace Industry

PKI deployment in the Aerospace Industry
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Federal PKI Architecture Update

Federal PKI Architecture Update
1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and.

Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and.
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.

1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Levels of Assurance OGF Activity Michael Helm ESnet/LBNL 27 Feb 2007.

Levels of Assurance OGF Activity Michael Helm ESnet/LBNL 27 Feb 2007.

Similar presentations

Ads by Google