Presented by: Defense Manpower Data Center Access Card Office

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
0 McLean, VA August 8, 2006 SOA, Semantics and Security.
ISEC: Excellence in Engineering DoD PKI Automatic Key Recovery Philip Noble (520) or DSN , U.S. Army Information.
Mobile Devices in the DoD
3SKey 3SKey.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Brian Epley, VA PIV Program Manager
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
EAuthentication Before accessing the Delphi eInvoicing System, you must be an authenticated user. This authentication process is called eAuthentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Ramanuj Banerjee Director Technical Consultancy. ActivCard, Inc. Headquartered in Fremont, CA Headquartered in Fremont, CA Over 12 years of experience.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World
United States DoD Public Key Infrastructure: Deploying the PKI Token
Department of Labor HSPD-12
CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Information and Technology for Better Decision Making MDDC Deb Gallagher Presented by Deb Gallagher December 2004 Defense Manpower Data Center Access Card.
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Joint Personnel Adjudication System (JPAS) Overview
DoD Common Access Card From Smart Card to Identity Management DoD Common Access Card From Smart Card to Identity Management Dr. Robert van Spyk Senior.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.
Enterprise Physical Access Control System (ePACS) Overview Briefing
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Enterprise SharePoint Service (ESPS) 17 August 2011 A Combat Support Agency Defense Information Systems Agency.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Proof-of-Concept Implementation Plan for Unified Identification Card
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Overview… Three core areas: Policy / Process, Automated Contractor Management Tool, and Execution / Boots on the Ground Synchronized Predeployment & Operational.
1 Using PKI for the Census MSIS 2004, Geneva Mel Turner, Lise Duquet Statistics Canada.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.
Jeff Shiley. Start Point System Environment User Experience Our “Unique” Requirements Solution System Evaluation & Prototype Single Sign-on Component.
1 NOAA CVS Training Guide. Background NOAA employees and contractors began receiving new badges in April, 2008, known as Common Access Cards (CACs). These.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Time/Date Stamp Time/Date Stamp Authorization Secure Non- repudiation Secure Non- repudiation Key Recovery Key Recovery Message Confidentiality Message.
Configuring Directory Certificate Services Lesson 13.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Module 9: Fundamentals of Securing Network Communication.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Belgian EID Card 15/12/2004 Derette Willy eID program manager.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
RAPIDS Self Service Portal
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Key & Card Management 101 Federal Agency Government Employees Presented by Winifrid Whaley, Senior Business Services Analyst Jason Stenstrom, Senior Systems.
Smart Money Concept.
Synchronized Predeployment Operational Tracker (SPOT)
Synchronized Predeployment Operational Tracker (SPOT)
What ID card procedural safeguards should S-1s sections have in place to ensure this type of incident does not happen in their.
HIMSS National Conference New Orleans Convention Center
National Trust Platform
Presentation transcript:

Presented by: Defense Manpower Data Center Access Card Office Information and Technology for Better Decision Making DoD Common Access Card (CAC) Issuance Process Presented by: Defense Manpower Data Center Access Card Office July 2005

CAC Issuance Real-time Automated Personnel Identification System (RAPIDS) is smart card issuing system Defense Enrollment Eligibility Reporting System (DEERS) provides initial data to RAPIDS for card issuance PKI Local Registration Authority (LRA) integrated into RAPIDS infrastructure

CAC Issuance CACs are issued from over 1,300 issuance sites world-wide from RAPIDS terminals Architecture of end-to-end CAC system involves a myriad of systems and networks along with support Helpdesk Field Service Support and Training Engineering Support Only people vetted and in the authoritative database (DEERS) are issued ID cards Moving back the fixing of identity DEERS lockdown

DoD Distributed Issuance Infrastructure 394 Deployable Sites 45 Asia Pacific Sites 870 U.S. Sites 96 European Sites 18 Shipboard Sites 1,425 Sites Deployed Worldwide as of June 2005

CAC Issuance Components Load Balancer - balances production RAPIDS workstations across the 10 Issuance Portals. Issuance Portal (IP) - dedicated to the initialization and issuance of the CAC, the applications that reside on the CAC, and the keys and credentials needed to securely use/issue the CAC.

CAC Issuance Components Card Repository System (CRS) - Manages the real estate and the capabilities of the Integrated Circuit Chips of the CACs Inventory Logistics Portal (ILP) - Manages the logistics of maintaining and replenishing CAC stock inventory quantities for individual CAC issuing sites and the DMDC organization IP Audit System - Records the commands requested by a RAPIDS system and the outcome of those commands Inventory Logistics Console (ILC) - Provides DMDC management and SSM’s the ability to maintain the ILP through the use of a GUI

Authenticate User DEERS ILP SSL v3 Verifying Official Issuance Portal HSM RAPIDS Station SSL v3 ILP 1. Logon to operating system with CAC and start application 2. Establish secure session with Issuance Portal/CA (Establish LRA rights) 3. Establish secure session with DEERS HSM 4. Retrieve fingerprint minutia from DEERS 5. Validate Verifying Official’s fingerprint DISA Certificate Authority

Capture Data & Print Card DEERS SSL v3 Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP 1. Retrieve data from DEERS 2. Update DEERS data. 3. Capture or verify fingerprint 4. Take photograph. HSM 5. Obtain PIN 6. Print card DISA Certificate Authority 7. Verify bar code(s)

Create Channel & Install Applets 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) Issuance Portal SSL v3 Global Platform Secure Channel HSM RAPIDS Station 123456 SSL v3 ILP ID Generic Container PKI HSM Card Application Managers (CAMs) DISA Certificate Authority

Instantiate Applets DEERS ILP SSL v3 Issuance Portal SSL v3 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Set PIN DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station SSL v3 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Set Generic Container Applet Data 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

ID Certificate DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager Generate Keys Generate Keys Generate Keys Generate Keys PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Email Signing Certificate 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager Generate Keys Generate Keys Generate Keys Generate Keys PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Email Encryption Certificate 1. Check card status and site in ILP DEERS 2. Create Global Platform Secure Channel SSL v3 3. Load applets (may have been done by manufacturer) 4. Instantiate applets 5. Set PIN 6. Populate data applets 7. Request PKI certificates Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Post Processing DEERS ILP SSL v3 Issuance Portal SSL v3 RAPIDS Station 8. Mark card as issued in the ILP DEERS 9. Update DEERS with ID Card, Photograph and Fingerprint Info. SSL v3 Issuance Portal SSL v3 HSM RAPIDS Station 123456 SSL v3 ILP Card Manager PKI Applets PKI Applets ID Generic Container PKI Data Applets HSM Card Application Managers (CAMs) DISA Certificate Authority

Questions? cacsupport@osd.pentagon.mil www.dmdc.osd.mil/smartcard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.