Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIMSS National Conference New Orleans Convention Center

Published byCory Richard Modified over 5 years ago

Similar presentations

Presentation on theme: "HIMSS National Conference New Orleans Convention Center"— Presentation transcript:

1 HIMSS National Conference New Orleans Convention Center
The E-Authentication Initiative E-Authentication: The GSA/HIMSS Authentication Pilot David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy HIMSS National Conference New Orleans Convention Center February 28, 2007

2 GSA/HIMSS Authentication Project
Deploy scalable and interoperable security and identity management infrastructure used for Federal e-Government authentication services in RHIO operating environment. Provide secure, trusted identity credentials. Meet identity management standards for local RHIO deployment. Leverage interoperability and trust with the Federal Government and multiple entities through the Federal Bridge CA and other Federal trust mechanisms. Establish standard enrollment policy and procedures for local registration authorities. Build “lessons learned” for deployment of trusted authentication procedures in other RHIOs.

3 RHIO Agreements for Pilot Authentication Assurance Levels
HSPD-12 PIV Cards Increased $ Cost Multi - Factor Token PKI/ Digital Signature Biometrics Knowledge - Based Very Strong Password High - High PIN/User ID Medium Participants targeted HIGH and VERY HIGH Authentication assurance levels for Pilot Low Access to Access to restricted membership EMR exchange Remote clinical order Protected Market Research Data Increased Need for Identity Assurance

4 Technology Overview Pilot focus on strong authentication to securely and privately communicate and transfer data within and between RHIOs. Federal eAuthentication is providing trusted PKI service provider – ORC – an approved PKI service provider for the Federal PKI. Certificates used for single factor authentication, digital signature. Tokens (smart cards) used for security, multi-factor authentication, generate digital signature, and secure data storage and transport.

5 Pilot Scope -- Participating Organizations/RHIOs
Connecticut: e-Health Connecticut Michigan: Michigan Data Sharing & Transaction Infrastructure Project Texas: CHRISTUS Health, health eCities of Texas Project Minnesota: Community Health Information Collaborative Ohio: Supercomputer Center Bioinformatics Ohio: Virtual Medical Network Nevada: Single Portal Medical Record Project

6 Pilot Authentication Technical Overview
Pilot focus on strong authentication to securely and privately communicate and transfer data within and between RHIOs. Trusted Federal PKI Credential Service Provider to provide digital certificates for authorized end users in each RHIO. Local Registration Authorities trained and certified for each RHIO. Standard certificates used for single factor authentication, digital signature. Tokens (smart cards) used for security, multi-factor authentication, generate digital signature, and secure data storage and transport. Federal PKI architecture employs multiple certificate validation protocols.

7 Pilot Demonstrations and Conclusions
Pilot demonstrated: Multiple RHIOs can agree and implement a common framework for the policies, procedures, and standards for federated identity authentication across multiple use cases. The Federal e-Authentication infrastructure is relevant and applicable to use cases for RHIOs in diverse operational environments. PKI, as a standard for strong authentication, can be deployed uniformly across multiple RHIOs. The Federal PKI and its trusted Federal Credential Service Providers can be leveraged for use in multiple use cases across multiple RHIOs. For RHIOs, local registration authorities and local enrollment are viable for larger scale deployments to provide for strong authentication using Federal e-Authentication components. Hardware tokens (i.e., smart cards, flash drives) are viable for RHIO deployment of level 4 authentication assurance.

8 Next Steps Expand current pilot: Expand RHIO demonstration project population from 7 to X to implement a common framework for the policies, procedures, and standards for identity authentication across multiple use cases. Establish standard procedures for local enrollment: Standardize local enrollment procedures and development of a standard scheduling tool are critical for larger scale deployment. Establish contract arrangements: Federal approved service providers are available on GSA schedules. New providers need to be added to contract on GSA IT Schedule 70. Expand current pilot functionality and scope: to include first responders and emergency response providers in coordination with the Federal Department of Homeland Security. Establish Governance Structure: for decision-making.

9 For More Information Visit our Websites: Or contact:
Or contact: David Temoshok Director, Identity Policy and Management

Download ppt "HIMSS National Conference New Orleans Convention Center"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
1 U.S. General Services Administration E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management.

1 U.S. General Services Administration E-Government Procurement: Standard Transactions and Interoperability David Temoshok Director, Federal Identity Management.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
3SKey 3SKey.

3SKey 3SKey.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.

1 Implementation of Homeland Security Presidential Directive 12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide FED/ED.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Similar presentations

Ads by Google