HIMSS National Conference New Orleans Convention Center

Slides:



Advertisements
Similar presentations
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Advertisements

1 U.S. General Services Administration E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
3SKey 3SKey.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
E-Authentication: The Need for Public and Private Sector Trust David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Identity Management Working Group 2006 Member Meeting Tempe, AZ Barry Ribbeck Rice University.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Federal Preparedness Credentialing & Typing. H.R. 1 - Requirement Title IV of the “Implementing Recommendations of the 9/11 Commission Act of 2007” directs.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
1 Federal Identity Management Infrastructure and Policy David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide August 15,
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Bob Jones EGEE Technical Director
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
Second SDO Emergency Services Coordination Workshop
THE STEPS TO MANAGE THE GRID
Public Key Infrastructure (PKI)
Regional Health Information Exchange: Getting There
NAAS 2.0 Features and Enhancements
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Public Key Infrastructure from the Most Trusted Name in e-Security
Technical Approach Chris Louden Enspier
E-Commerce for Developing Countries (EC-DC)
Appropriate Access InCommon Identity Assurance Profiles
E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management GSA Office of Governmentwide.
A Quick Tour of the FIPS 201 Revision
ONC Update for HITSP Board
Presentation transcript:

HIMSS National Conference New Orleans Convention Center The E-Authentication Initiative E-Authentication: The GSA/HIMSS Authentication Pilot David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy HIMSS National Conference New Orleans Convention Center February 28, 2007

GSA/HIMSS Authentication Project Deploy scalable and interoperable security and identity management infrastructure used for Federal e-Government authentication services in RHIO operating environment. Provide secure, trusted identity credentials. Meet identity management standards for local RHIO deployment. Leverage interoperability and trust with the Federal Government and multiple entities through the Federal Bridge CA and other Federal trust mechanisms. Establish standard enrollment policy and procedures for local registration authorities. Build “lessons learned” for deployment of trusted authentication procedures in other RHIOs.

RHIO Agreements for Pilot Authentication Assurance Levels HSPD-12 PIV Cards Increased $ Cost Multi - Factor Token PKI/ Digital Signature Biometrics Knowledge - Based Very Strong Password High - High PIN/User ID Medium Participants targeted HIGH and VERY HIGH Authentication assurance levels for Pilot Low Access to Access to restricted membership EMR exchange Remote clinical order Protected Market Research Data Increased Need for Identity Assurance

Technology Overview Pilot focus on strong authentication to securely and privately communicate and transfer data within and between RHIOs. Federal eAuthentication is providing trusted PKI service provider – ORC – an approved PKI service provider for the Federal PKI. Certificates used for single factor authentication, digital signature. Tokens (smart cards) used for security, multi-factor authentication, generate digital signature, and secure data storage and transport.

Pilot Scope -- Participating Organizations/RHIOs Connecticut: e-Health Connecticut Michigan: Michigan Data Sharing & Transaction Infrastructure Project Texas: CHRISTUS Health, health eCities of Texas Project Minnesota: Community Health Information Collaborative Ohio: Supercomputer Center Bioinformatics Ohio: Virtual Medical Network Nevada: Single Portal Medical Record Project

Pilot Authentication Technical Overview Pilot focus on strong authentication to securely and privately communicate and transfer data within and between RHIOs. Trusted Federal PKI Credential Service Provider to provide digital certificates for authorized end users in each RHIO. Local Registration Authorities trained and certified for each RHIO. Standard certificates used for single factor authentication, digital signature. Tokens (smart cards) used for security, multi-factor authentication, generate digital signature, and secure data storage and transport. Federal PKI architecture employs multiple certificate validation protocols.

Pilot Demonstrations and Conclusions Pilot demonstrated: Multiple RHIOs can agree and implement a common framework for the policies, procedures, and standards for federated identity authentication across multiple use cases. The Federal e-Authentication infrastructure is relevant and applicable to use cases for RHIOs in diverse operational environments. PKI, as a standard for strong authentication, can be deployed uniformly across multiple RHIOs. The Federal PKI and its trusted Federal Credential Service Providers can be leveraged for use in multiple use cases across multiple RHIOs. For RHIOs, local registration authorities and local enrollment are viable for larger scale deployments to provide for strong authentication using Federal e-Authentication components. Hardware tokens (i.e., smart cards, flash drives) are viable for RHIO deployment of level 4 authentication assurance.

Next Steps Expand current pilot: Expand RHIO demonstration project population from 7 to X to implement a common framework for the policies, procedures, and standards for identity authentication across multiple use cases. Establish standard procedures for local enrollment: Standardize local enrollment procedures and development of a standard scheduling tool are critical for larger scale deployment. Establish contract arrangements: Federal approved service providers are available on GSA schedules. New providers need to be added to contract on GSA IT Schedule 70. Expand current pilot functionality and scope: to include first responders and emergency response providers in coordination with the Federal Department of Homeland Security. Establish Governance Structure: for decision-making.

For More Information Visit our Websites: Or contact: http://idmanagement.gov http://cio.gov/eauthentication http://.cio.gov/ficc http://cio.gov/fpkipa http://csrc.nist.gov/piv-project/ http://eapartnership.org Or contact: David Temoshok Director, Identity Policy and Management 202-208-7655 david.temoshok@gsa.gov

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.