Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Digital Certificate Installation & User Guide For Class-2 Certificates.
3SKey 3SKey.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Rural Development Department Government of Tripura Venue: Conference Hall #1, Pragna Bhawan, Gorkhabasti Date: 7 th March, 2014.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
1 Digital Credential for Higher Education John Gardiner August 11, 2004.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
1 PKI Update September 2002 CSG Meeting Jim Jokl
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.
Secure Enterprise Technology Initiatives e-Provisioning Group
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston

University of Texas Health Science Center at Houston UTHSC-H Six Schools –Graduate School of Biomedical Sciences –Dental School –Medical School –Nursing School –School of Health Information Sciences –School of Public Health ~ 10,000 Students, Faculty and Staff

PKI History at UTHSC-H U.T. System begin considering PKI as a strategic initiative U.T. System signed MSA with VeriSign 1998 UTHSC-H obtained 10,000 client seats –Public/Private keys stored in “soft key stores” –Single certs used for digital signatures, encryption and accessing restricted resources 1999 Established enterprise LDAP directory –User’s public cert include as a user attribute

PKI History at UTHSC-H 2002 UTHSC-H begin issuing USB Tokens –Public/Private keys generated in “soft key” store & transferred to hard token 2003 VeriSign MSA modified to provide dual keys per seat – signing and encryption keys 2004 Begin generating public/private keys on USB E-Tokens – level 4 assurance 2005 Projected issuance of 4,000 E-Tokens 2005 Begin phasing out “soft key” stores

UTHSC-H: An Identity Provider (IdP) It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific responsibilities and liabilities.

UTHSC-H Strategic Authentication Goals Two authentication mechanisms. –Single university ID (UID) and password –Public Key Digital ID on Token (two-factor authentication) Digital Signatures –Authenticates senders –Guarantees messages are unaltered, i.e. message integrity –Provides for non-repudiation –Legal signature Encryption of and other documents Highly Secure Access Control Potential for inherent global trust

Identity Provider (IdP) uth.tmc.edu Person IdP Obtains Physical Characteristics Identity Vetting & Credentialing Identifier Permanently Bound Assigns Everlasting Identifier Digital Credential Issues Digital Credential Person Only Activation Permanent Identity Database

Identity Provider (IdP) uth.tmc.edu PersonIdentifierDigital Credential Permanently Bound Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics Person Only Activation Identity Vetting & Credentialing UTHSC-H Two Factor Authentication Permanent Identity Database ? ?

UTHSC-H Identity Management System HRMSSISGMEISGuest MSUTP INDIS OAC7OAC47 Secondary Directories Sync Person Registry Authoritative Enterprise Directories Authorization Service Authentication Service User Administration Tools Change Password Attribute Management Identity Reconciliation & Provisioning Processes

Obtaining a Digital Certificate Access Local Hosted CA’s Web Page Generate a public/private key pair Send public key to Certificate Authority RA verifies applicant’s identity to CA CA issues X.509 certificate CA notifies applicant that DID is certified Applicant downloads certified public key Applicant makes backup of DID

Obtaining a Digital Certificate Hard Token – Level 4 Applicant appears in-person before RA Inserts E-Token in USB Port Access Certificate Authority’s Web Page Token generates public/private key pair Send public key to Certificate Authority RA verifies applicant’s identity to CA CA issues X.509 certificate Applicant downloads certificate to token

The focus of planning should be on how PKI and directory services make life great for people in cyberspace!!! Don’t focus on underlying theory, arcane concepts and minute implementation details. If basic infrastructure is in place along with user applications, people will use it and demand more. Lessons Learned

What Is Needed To Reach Critical Mass? Develop a core group that operationally believes in & understands middleware! CA management system with basic policies. Basic operational LDAP directory service. As many “real” applications as possible! –Solutions that use signing & encryption. –Cherished resources PKI enabled for access.

Why A Commercial CA Texas requires a state approved CA –Certificate Practice State (CPS) –Certificate Policy –Relying Party Agreement CA trust hierarchy automatically recognized by most browsers & clients world wide. Provided a significant amount of support resources.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.