Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Slides:

Advertisements

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Advertisements

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Report on Attribute Certificates By Ganesh Godavari.

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Understanding Active Directory

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

WSU A Symphony in Four Movements. A Century of Controlled Flight.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure Ammar Hasayen ….

Who Are You? Leveraging PKI for Digital Signatures at Virginia Tech Mary Dunker Educause Security Professionals Conference 2008 May 4, 2008

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

1 PKI Update September 2002 CSG Meeting Jim Jokl

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

1 Personal Digital Certificates at Virginia Tech: Who Are You? Mary Dunker Internet-2 December 4, 2006

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

© Aladdin Knowledge Systems 2006 Aladdin eToken Overview April 2006 ®

HEPKI-TAG UPDATE Jim Jokl University of Virginia

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Configuring Directory Certificate Services Lesson 13.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

PKI Activities at Virginia September 2000 Jim Jokl

Windows 2000 Certificate Authority By Saunders Roesser.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

GRID-FR French CA Alice de Bignicourt.

Secure Enterprise Technology Initiatives e-Provisioning Group

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Public Key Infrastructure from the Most Trusted Name in e-Security

September 2002 CSG Meeting Jim Jokl

National Trust Platform

Presentation transcript:

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed XV PKI Coordination Meeting June 14, 2007

Virginia Tech Background Secure Enterprise Technology InitiativesSecure Enterprise Technology Initiatives eProvisioning GroupeProvisioning Group –Technical Support for University PKI Initiatives Sponsorship For PKI InitiativesSponsorship For PKI Initiatives –Vice President for Information Technology –Funding from Executive Vice President Virginia TechVirginia Tech Blacksburg, Virginia - Southwestern VABlacksburg, Virginia - Southwestern VA Research University - Ranking 56 th in USResearch University - Ranking 56 th in US 28,000 Full Time Students - Largest in VA28,000 Full Time Students - Largest in VA 7,000 Faculty and Staff - PKI Target Group7,000 Faculty and Staff - PKI Target Group Corporate Research Center - Location of CCCorporate Research Center - Location of CC

VTCA Architecture Virginia Tech User CA Server CA Virginia Tech Root CA SSL Web Server Certificates Middleware Certificates Middleware CA Personal Certificates 4/10/2003 7/23/20049/20/ Issued105 Issued 444 Issued Subordinate CAs Offline CA Online CA Other CAs As Needed Aladdin eToken

Virginia Tech PKI Project Structure Six Projects: A Coordination Challenge Infrastructure Integration Token Administration System Policy Device Selection Documentation and Communication

Virginia Tech VTCA Design Methodology Architecture: Hierarchical Model High Assurance Level: FIPS Level 3 HSM Standards: PKCS, CryptoAPI, PCSC, X509 v3 Commercial or OpenSource: OpenCA 0.9.x Deployment Model: Phased, Smart Devices Scope: Initially for Internal Use Administration: RA,CA,HSM,SYS,APP CP and CPS Documents: PMA, RFC 2527

Virginia Tech VT Personal Digital Certificates Token Administration System - TAS Two Phase Certificate Enrollment Process - Phase I Registration Authority Admin Station Applicant Hokie ID scanned to retrieve LDAP record Applicant provides two photo IDs for validation Applicant creates a password for their eToken - Phase II Certification Authority Admin Station Applicant authenticates using their eToken password TAS generates RSA keys onboard eToken and creates CSR TAS sends CSR to User CA, returned cert stored on eToken Applicant digitally signs VT Usage Agreement TAS automatically sends with instructions to applicant eToken Password Resets, Certificate Revocation

Virginia Tech PKI Integration Virginia Tech Personal Certificate Profile –Encryption Disabled VT PKI Applications –Digitally Signed Leave Reports/Work Flow –VPN Authentication –S/MIME , MS Office Word and Excel, Adobe Acrobat –Client SSL Authentication, CAS (Central Authentication Server) Other Digital Signature Applications –Grant Proposals –Travel Vouchers –Various Departmental Forms –Phone Bills

Virginia Tech References Virginia Tech Home Page Virginia Tech PKI Virginia Tech PDCs Virginia Tech Certificate Policy Virginia Tech eAladdin eToken News Personal Digital Certificates at Virginia Tech – Internet2 Presentation Dunker.htm Dunker.htm

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed XV PKI Coordination Meeting June 14, 2007