Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal Public Key Infrastructures: John Volmer Computing and Information Systems OSG ESnet Requirements Gathering 9 November 2009 HSPD-12 and DOE Entrust.

Similar presentations


Presentation on theme: "Federal Public Key Infrastructures: John Volmer Computing and Information Systems OSG ESnet Requirements Gathering 9 November 2009 HSPD-12 and DOE Entrust."— Presentation transcript:

1 Federal Public Key Infrastructures: John Volmer Computing and Information Systems OSG ESnet Requirements Gathering 9 November 2009 HSPD-12 and DOE Entrust

2 DOE GRIDS HQ CA ANL (auto enroll) Federal Bridge FBCA Treas DoS DHS DoD NASA Ill US Federal PKI Argonne Public Key Infrastructure Participation TAGPMA Venezuela Chile Mexico Argentina NCSA Brasil FNAL TACC Purdue UoV SDSC Dartmouth Global GRID CAs EUGridPMA CERN Italy Greece Canada Estonia Germany Netherlands Austria Armenia Hungary Portugal Turkey Croatia Spain Ireland UK Switzerland Market: authentication Market: secure Market: authentication secure DOE Entrust PKI G2B Y-12 SNL RF PantexPNNL ORNL LLNL LANL KCP HQ PCA FIPS 199 = (L, M, L) Market:: authentication HSPD12 FIPS 199 = (H, H, M) FIPS 199 = (M, M, M) FIPS 199 = (L, L L) Argonne National Laboratory Australia China New Zealand Phillipines India Japan Malaysia Viet Nam Thailand Taiwan South Korea APGridPMA Common Policy

3 US Federal PKI Argonne Public Key Infrastructure Participation – HSPD-12/PIV Global GRID CAs Market: authentication HSPD12 FIPS 199 = (H, H, M) Argonne National Laboratory

4 Federal Government HSPD-12 Initiative Driven by Homeland Security Presidential Directive 12 (HSPD-12) –Secure and reliable forms of identification –Physical and Logical Access Vetting Requirements –Basic background investigation (SF-85) –fingerprints taken –photograph –DOE Order Sponsor Recommends badge issuance Registrar (federal) Approves badge issuance Badge Issuer Issues badge Mutually Exclusive

5 Federal Government HSPD-12 Initiative Card contains three certificates –Authentication –Digital Signature –Encryption (but no directory for certificate lookup!) Enables Logical Access to Windows & MacOS (Demonstration?) Discussion has begun on –PIV-Interoperable (PIV-I) - trusted certificates –PIV-Compatible (PIV-C) - untrusted certificates –Enable interoperability with suppliers, contractors, etc –Exploit PIV standard: Windows 7 support, etc. Ultimately 10M card holders, 600 at Argonne

6 HQ CA Federal Bridge US Federal PKI Argonne Public Key Infrastructure Participation – DOE Entrust Global GRID CAs Market: secure DOE Entrust PKI G2B Y-12 SNL RF PantexPNNL ORNL LLNL LANL KCP HQ PCA FIPS 199 = (M, M, M) Argonne National Laboratory

7 DOE Entrust PKI 70,000 certificates licensed –450 certificates at Argonne Used for secure electronic mail: encryption –DOE Complex –DOD –DHS Logical Access ? –Version 8 uses Microsoft Certificate Store Enterprise Product –Encryption key escrow –Automatic certificate renewal G2B Y-12 SNL RF PantexPNNL ORNL LLNL LANL KCP HQ PCA HQ CA

8 DOE Entrust PKI Vetting requirements –In person either RA or Trusted Agent (TA) –Photo id Common Policy compliance –Periodically externally audited

9 Registration Agent Desktop DOE Entrust DOE Grids

10 10 Which brings us to … Questions and discussion

11 Other

12 RealID Act 2005 Standardized drivers licenses –Desire for smartcard platform Standardized birth certificates

13 Growth of ISO RFID

14 ISO RFID Sources HSPD-12/PIV Badges Est. 10M holders Detection Tool Answer-To-Reset (ATR) Responses Gemalto Smart Card Diagnostic Utility Integrated Engineering ISO Reader Many devices are RFID responsive Contactless Payment Cards (14M issued in 2006) 3B F B 05 FF E7 E2 Chip and Antenna visible through translucent card ISO 14443: smart card protocol over RFID 3B 0B 80 F9 A ePassports (US + 35 nations) US issued 13M in B 05 FF 29 A4 25 AD Growth of Personal RFID Stay tuned...

15 02/iab-october-meeting-audio


Download ppt "Federal Public Key Infrastructures: John Volmer Computing and Information Systems OSG ESnet Requirements Gathering 9 November 2009 HSPD-12 and DOE Entrust."

Similar presentations


Ads by Google