Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.

Published byDennis Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008."— Presentation transcript:

1 How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008

2 Our setup VeriSign Unified Authentication  Active Directory-integrated  Based on Microsoft CA, but signed by VeriSign public root  Managed via an MMC  CA and all operations happen at VeriSign Dual-key approach  Signing, SmartCard login  Encryption, EFS (escrowed) 3 certificate templates  Signing  Encryption  Key Recovery Agent  All certs are on Aladdin tokens only (no software stores)

3 Our uses Email signing and encryption Document Signing SmartCard login (Our passwords meet LoA2 entropy, but….) Remote access??

4 Enrollment Process 1.User request to Help Desk 2.Help Desk prepares token (initialize, assign) 3.Vetting/Verify Identity 4.Enrollment authorization granted 5.User enrolls at help desk via kiosk 6.That first use of token forces setting a password

5 Design/implementation issues Manual vs. Auto-enrollment Dual-key vs. single-key Token enrollment (in-person or remote) Client software deployment PIN resets  Local  Remote Lost tokens

6 Aladdin Token Management System (TMS) 2.0 Web-based management interface  Look up users, tokens  Initialize  Assign Web-based user self-service  Enrollment/software installation  Security questions  Report lost tokens  Password reset Web-based remote service  Virtual tokens

7 Questions/Comments/Discussion?

Download ppt "How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
McAfee One Time Password

McAfee One Time Password
ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.

ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.
Electronic Filing Case Study NSW Land and Environment Court.

Electronic Filing Case Study NSW Land and Environment Court.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Federal Acquisition Service U.S. General Services Administration Submitting Electronic Contract Offers and Modifications. Name: Keonia Cobbins Title: Program.

Federal Acquisition Service U.S. General Services Administration Submitting Electronic Contract Offers and Modifications. Name: Keonia Cobbins Title: Program.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World

PKI Implementation in the Real World
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster

X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
Implementing Native Mode and Internet Based Client Management.

Implementing Native Mode and Internet Based Client Management.

Similar presentations

Ads by Google