Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Defense Manpower Data Center Access Card Office

Published byMitchell Pierce Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by: Defense Manpower Data Center Access Card Office"— Presentation transcript:

1 Presented by: Defense Manpower Data Center Access Card Office
Information and Technology for Better Decision Making DoD Common Access Card (CAC) Issuance Process Presented by: Defense Manpower Data Center Access Card Office July 2005

2 CAC Issuance Real-time Automated Personnel Identification System (RAPIDS) is smart card issuing system Defense Enrollment Eligibility Reporting System (DEERS) provides initial data to RAPIDS for card issuance PKI Local Registration Authority (LRA) integrated into RAPIDS infrastructure

3 CAC Issuance CACs are issued from over 1,300 issuance sites world-wide from RAPIDS terminals Architecture of end-to-end CAC system involves a myriad of systems and networks along with support Helpdesk Field Service Support and Training Engineering Support Only people vetted and in the authoritative database (DEERS) are issued ID cards Moving back the fixing of identity DEERS lockdown

4 DoD Distributed Issuance Infrastructure
394 Deployable Sites 45 Asia Pacific Sites 870 U.S. Sites 96 European Sites 18 Shipboard Sites 1,425 Sites Deployed Worldwide as of June 2005

5 CAC Issuance Components
Load Balancer - balances production RAPIDS workstations across the 10 Issuance Portals. Issuance Portal (IP) - dedicated to the initialization and issuance of the CAC, the applications that reside on the CAC, and the keys and credentials needed to securely use/issue the CAC.

6 CAC Issuance Components
Card Repository System (CRS) - Manages the real estate and the capabilities of the Integrated Circuit Chips of the CACs Inventory Logistics Portal (ILP) - Manages the logistics of maintaining and replenishing CAC stock inventory quantities for individual CAC issuing sites and the DMDC organization IP Audit System - Records the commands requested by a RAPIDS system and the outcome of those commands Inventory Logistics Console (ILC) - Provides DMDC management and SSM’s the ability to maintain the ILP through the use of a GUI

7 Authenticate User DEERS ILP SSL v3 Verifying Official Issuance Portal
HSM RAPIDS Station SSL v3 ILP 1. Logon to operating system with CAC and start application 2. Establish secure session with Issuance Portal/CA (Establish LRA rights) 3. Establish secure session with DEERS HSM 4. Retrieve fingerprint minutia from DEERS 5. Validate Verifying Official’s fingerprint DISA Certificate Authority

8 Capture Data & Print Card
DEERS SSL v3 Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP 1. Retrieve data from DEERS 2. Update DEERS data. 3. Capture or verify fingerprint 4. Take photograph. HSM 5. Obtain PIN 6. Print card DISA Certificate Authority 7. Verify bar code(s)

9 Create Channel & Install Applets
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) Issuance Portal SSL v3 Global Platform Secure Channel HSM RAPIDS Station 123456 SSL v3 ILP ID Generic Container PKI HSM Card Application Managers (CAMs) DISA Certificate Authority

10 Instantiate Applets DEERS ILP SSL v3 Issuance Portal SSL v3
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

11 Set PIN DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station SSL v3
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

12 Set Generic Container Applet Data
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

13 ID Certificate DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager Generate Keys Generate Keys Generate Keys Generate Keys PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

14 Email Signing Certificate
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager Generate Keys Generate Keys Generate Keys Generate Keys PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

15 Email Encryption Certificate
1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

16 Post Processing DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station
8. Mark card as issued in the ILP DEERS 9. Update DEERS with ID Card, Photograph and Fingerprint Info. SSL v3 Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

17 Questions?

Download ppt "Presented by: Defense Manpower Data Center Access Card Office"

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
ISEC: Excellence in Engineering DoD PKI Automatic Key Recovery Philip Noble (520) 538-7608 or DSN 879-7608, U.S. Army Information.

ISEC: Excellence in Engineering DoD PKI Automatic Key Recovery Philip Noble (520) or DSN , U.S. Army Information.
Mobile Devices in the DoD

Mobile Devices in the DoD
3SKey 3SKey.

3SKey 3SKey.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Brian Epley, VA PIV Program Manager

Brian Epley, VA PIV Program Manager
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.

EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Ramanuj Banerjee Director Technical Consultancy. ActivCard, Inc. Headquartered in Fremont, CA Headquartered in Fremont, CA Over 12 years of experience.

Ramanuj Banerjee Director Technical Consultancy. ActivCard, Inc. Headquartered in Fremont, CA Headquartered in Fremont, CA Over 12 years of experience.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World

PKI Implementation in the Real World
United States DoD Public Key Infrastructure: Deploying the PKI Token

United States DoD Public Key Infrastructure: Deploying the PKI Token

Similar presentations

Ads by Google