Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council

Published byJane James Modified over 8 years ago

Similar presentations

Presentation on theme: "The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council"— Presentation transcript:

1 The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council Richard.Guida@cio.treas.gov; 202-622-1552 (Steering Committee web page: http://gits-sec.treas.gov)

2 E-Transaction Landscape Intra-agency –personnel matters, agency management Interagency –payments, account reconciliation, litigation Agency to trading partner –procurement, regulation Agency to the public

3 Federal PKI Approach Establish Federal PKI Policy Authority (for policy interoperability) Implement Federal Bridge CA using COTS (for technical interoperability) Deal with directory issues in parallel –Border directory concept –Use ACES for public transactions

4 Federal PKI Policy Authority Voluntary interagency group - NOT an “agency” Governing body for interoperability through FBCA – Agency/FBCA certificate policy mappings Oversees operation of FBCA, authorizes issuance of FBCA certificates

5 Federal Bridge CA Non-hierarchical hub (“peer to peer”) Maps levels of assurance in disparate certificate policies (“policyMapping”) Ultimate bridge to CAs external to Federal government Directory initially contains only FBCA- issued certificates and ARLs

6 Boundary Conditions Use COTS with “inclusive” architecture Use X509v3 Support four levels of assurance –Rudimentary, Basic, Medium, High –Modeled after Canadian PKI FBCA use cannot be mandatory Focus requirements on agencies as certificate issuers, not relying parties

7 FBCA Architecture Multiple CAs inside membrane, cross certified –Adding CAs straightforward albeit not necessarily easy Solves inter-product interoperability issues within membrane - which is good Single consolidated X.500 directory (but also support LDAP access)

8 Current Status Prototype FBCA: Entrust, Cybertrust –Initial operation 2/8/00 Production FBCA: add other CAs –Operation by late 00 FBCA Operational Authority is the General Services Administration FBCA Cert Policy by mid-00 FPKIPA Charter by mid-00

9 Intra-Agency PKI Examples DOD (>250K certs => >>4M by 2002; high assurance with smartcards) FAA (~1K certs => 20K+ in 2000; software now, migrating to smartcards) FDIC (~4K certs => 7K+ in 2000) NASA (~1K certs => 25K+ in 2000) USPTO (~1K certs => 15K+ in 2000)

10 Planned Interagency Uses Department of Veterans Affairs and Social Security Administration on medical evidence Department of Education, SSA, VA on student loan applications, disbursements National Finance Center for on-line payroll matters Federal Deposit Insurance Corporation and other financial regulators re: sharing information

11 11 Border Directory Concept Each agency would have Border Directory for certificates and CRLs –May shadow all or part of local directory system (allows for agency discretion) –CAs may publish directly in border directory –Unrestricted read access Directory resides outside agency firewall –chain (X.500 DSP) or LDAP referral to FBCA DSA

12 Border Directory Concept Internal Directory Infrastructure PCA 2 FBCA DSA Internal Directory Infrastructure Border DSA 2 X.500 DSA Border DSA 1 LDAP Server Internal Directory Infrastructure PCA 1 PCA 3 Agency 1 Agency 2 Agency 3 FBCA LDAP Query-Response X.500 - DSP chaining

13 Access Certs for Electronic Services “No-cost” certificates for the public For business with Federal agencies only (but agencies may allow other uses on case basis) On-line registration, vetting with legacy data; information protected under Privacy Act Regular mail one-time PIN to get certificate Agencies billed per-use and/or per-certificate

14 Access Certs for Electronic Services RFP 1/99; bids received 4/99; first award 9/99 (DST), second award 10/99 (ORC), third award 10/99 (AT&T) Provisions for ACES-enabling applications, and developing customized PKIs Agencies do interagency agreement with GSA Certificates available now

15 Electronic Signatures under GPEA Government Paperwork Elimination Act (October 1998) Technology neutral - agencies select based on specifics of applications (e.g., risk) –But full recognition of dig sig strengths Gives electronic signature full legal effect Focus: transactions with Federal agencies Draft OMB Guidance 3/99; final 5/00

16 Organization

Download ppt "The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council"

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Similar presentations

Ads by Google