Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee 202-622-1552.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee 202-622-1552."— Presentation transcript:

1 Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee Richard.Guida@cio.treas.gov; 202-622-1552 http://gits-sec.treas.gov Federal Agency PKI Overview/KMS

2 Government Perspective on Key Management Standards Y Government supports standards which: YAre open in nature (non-proprietary) YPromote interoperability of PKI products and clients YFully implement X509 certificate path discovery and processing including policy mapping YSupport two key pairs - signature, encryption YSupport encryption key recovery (business reasons) YContain appropriate specificity so as to be unambiguous and clear to implementers

3 Government Perspective on Key Management Standards (continued) Y State of standards today is: YGenerally sufficient to support single product use within an enterprise YProblematic when trying to make different products interoperate YMany competing varieties in critical areas (e.g. CMP vs. PKCS) YInconsistent and incompatible implementations even with single standard

4 Environments in which encryption is needed are diverse X Intra-agency personnel matters, agency management X Interagency payments, account reconciliation, litigation X Agency to trading partner procurement, regulation X Agency to the public

5 Current agency use of encryption is very limited X Many PKI implementations among Federal agencies, but all use digital signatures XSSL planned for encryption X Agencies planning to use end-user PKI encryption in near term include: XFederal Aviation Administration XSocial Security Administration XDepartment of Defense (already done w/Fortezza) XUS Patent and Trademark Office

6 Interoperability Issues Y Policy interoperability Y Technical interoperability Y Interoperability among: Y PKI products (CAs, RAs) Y Directories Y Client software (e.g., e-mail) Y Hardware tokens, devices, drivers

7 Encryption Key Recovery X KRDP Phase I very successful X KRDP Phase II is underway X FAA X SSA X State Department X Federal Bridge CA (interoperability) X Key recovery essential for business reasons

8 Federal PKI Approach Establish Federal PKI Policy Authority (for policy interoperability) Implement Federal Bridge CA using COTS (for technical interoperability) Deal with directory issues in parallel –Border directory concept –Use ACES for public transactions

9 Federal PKI Policy Authority Voluntary interagency group - NOT an “agency” Governing body for interoperability through FBCA – Agency/FBCA certificate policy mappings Oversees operation of FBCA, authorizes issuance of FBCA certificates

10 Federal Bridge CA Non-hierarchical hub (“peer to peer”) Maps levels of assurance in disparate certificate policies (“policyMapping”) Ultimate bridge to CAs external to Federal government Directory initially contains only FBCA- issued certificates and ARLs

11 Boundary Conditions Use COTS with “inclusive” architecture Use X509v3 Support four levels of assurance –Rudimentary, Basic, Medium, High –Modeled after Canadian PKI FBCA use cannot be mandatory Focus requirements on agencies as certificate issuers, not relying parties

12 FBCA Architecture Multiple CAs inside membrane, cross certified –Adding CAs straightforward albeit not necessarily easy Solves inter-product interoperability issues within membrane - which is good Single consolidated X.500 directory

13 Current Status Prototype FBCA: Entrust, Cybertrust –Initial operation 2/00 Production FBCA: add other CAs –Operation by late 00 FBCA Operational Authority is GSA (Mitretek technical lead and host site) FBCA Cert Policy 12/99 to early 00 FPKIPA Charter 12/99 to early 00

14 14 Border Directory Concept Each agency would have Border Directory for certificates and CRLs –May shadow all or part of local directory system (allows for agency discretion) –CAs may publish directly in border directory –Unrestricted read access Directory resides outside agency firewall –chain (X.500 DSP) or LDAP referral to FBCA DSA

15 Border Directory Concept Internal Directory Infrastructure PCA 2 FBCA DSA Internal Directory Infrastructure Border DSA 2 X.500 DSA Border DSA 1 LDAP Server Internal Directory Infrastructure PCA 1 PCA 3 Agency 1 Agency 2 Agency 3 FBCA LDAP Query-Response X.500 - DSP chaining

16 Access Certs for Electronic Services “No-cost” certificates for the public For business with Federal agencies only (but agencies may allow other uses on case basis) On-line registration, vetting with legacy data; information protected under Privacy Act Regular mail one-time PIN to get certificate Agencies billed per-use and/or per-certificate

17 Access Certs for Electronic Services RFP 1/99; bids received 4/99; first award 9/99 (DST), second award 10/99 (ORC), third award 10/99 (AT&T) Provisions for ACES-enabling applications, and developing customized PKIs Agencies do interagency agreement with GSA Certificates available shortly

18 Electronic Signatures under GPEA Government Paperwork Elimination Act (October 1998) Technology neutral - agencies select based on specifics of applications (e.g., risk) –But full recognition of dig sig strengths Gives electronic signature full legal effect Focus: transactions with Federal agencies Draft OMB Guidance 3/99; final 4/00

19 Organization

Download ppt "Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee 202-622-1552."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.

Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.

Similar presentations

Ads by Google