HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Introduction of Grid Security

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

Public Key Management and X.509 Certificates

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

X.509 Certificate management in.Net By, Vishnu Kamisetty

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Secure Electronic Transaction (SET)

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Configuring Directory Certificate Services Lesson 13.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

GRID-FR French CA Alice de Bignicourt.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

Key management issues in PGP

Public Key Infrastructure

جايگاه گواهی ديجيتالی در ايران

Technical Approach Chris Louden Enspier

Digital Certificates and X.509

Chapter 4 Cryptography / Encryption

PKI (Public Key Infrastructure)

National Trust Platform

Presentation transcript:

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011

INTRODUCTION TO DIGITAL CERTIFICATES AND CERTIFICATE TRUST

Digital Certificate Basics A “digital certificate” is an electronic document that certifies that the subject (person or entity) has been issued a pair of encryption keys that are related in such a way that if one key is used to encrypt something (e.g., file, message, data stream), it can be decrypted only by someone holding the other key –One key is published for anyone to see (“public key”) –The other key is kept secret by the entity/person to whom the digital certificate has been issued (“private key”) –Digital certificates are issued by a “certificate authority” (CA) – and digitally signed by the issuing CA CA certificates may be self-issued and self-signed certificates CAs periodically publish a “certificate revocation list (CRL)” that identifies those certificates that no longer are valid and that have not expired

Digital Certificate Basics Digital certificates are used for a number of purposes, including: –To authenticate the identity of an entity or person using a challenge-response mechanism –To digitally sign a message or other transmitted content (“digital signature”) –To share a secret key to be used to exchange private or sensitive information The trustworthiness of a digital certificate is dependent upon how much the user trusts the issuer of the certificate – which may be the top CA in a hierarchical public key infrastructure PKI, the CA that issued the user’s own certificate, or any other trusted CA –The practices used by a CA in issuing and managing certificates are described in its Certification Practice Statement (CPS) –CPSs may be certified by organizations such as the European Telecommunications Standards Institute (ETSI) and WebTrust, or as meeting minimal standards established by specific communities, such as SAFE Bio- Pharma and Federal Bridge

Digital Certificate Trust Models

Digital Certificate Content Signature of CA that issued certificate Algorithm used by the CA to sign the certificate Version Serial number Name of the CA that issued certificate Period of time for which the certificate is valid Name of the subject to whom the certificate is issued The subject’s public key Optional extensions – such as the purposes for which the certificate may be used

Certificate Trust Issue A digital certificate can be trusted only to the extent to which the user trusts the CA who issued the certificate Anyone can set themselves up as a CA and issue certificates Certificates used by Direct Project entities may be issued by any CA – and the decision of whether to trust the certificate is left up to the communicating entity’s trust relationship with the issuing CA (i.e., whether the CA is recognized as a “trust anchor”) To exchange information with federal entities (e.g., VA, CMS), the user will need to hold a certificate that was issued by a CA that is trusted by the Federal Bridge CA

POLICY QUESTION FOR HIT POLICY COMMITTEE

Policy Question for HITPC Policy and governance are needed around CAs who issue certificates for use in health exchanges, such as Direct –Defining a mechanism for establishing the legitimacy and trustworthiness of a certificate authority –Defining a minimum level of trustworthiness for CAs issuing certificates for Direct exchanges; for example: IS certification by WebTrust or ETSI sufficient for health information exchange? Does the CA need to meet the minimum standard defined for a trusted relationship with Federal Bridge CA?