Presentation is loading. Please wait.

Presentation is loading. Please wait.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

Published byJamison Ravenscroft Modified over 9 years ago

Similar presentations

Presentation on theme: "The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552."— Presentation transcript:

1 The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council Richard.Guida@cio.treas.gov; 202-622-1552 (Steering Committee web page: http://gits-sec.treas.gov)

2 E-Transaction Landscape n Intra-agency –personnel matters, agency management n Interagency –payments, account reconciliation, litigation n Agency to trading partner –procurement, regulation n Agency to the public

3 Federal PKI Approach Establish Federal PKI Policy Authority (for policy interoperability) Establish Federal PKI Policy Authority (for policy interoperability) Implement Federal Bridge CA using Commercial Off The Shelf software (for technical interoperability) Implement Federal Bridge CA using Commercial Off The Shelf software (for technical interoperability) Deal with directory interoperability issues Deal with directory interoperability issues Use ACES for public transactions Use ACES for public transactions

4 Federal PKI Policy Authority n Voluntary interagency group - NOT an “agency” n Governing body for interoperability with FBCA – Agency/FBCA cert policy mappings n Oversees operation of FBCA, authorizes issuance of FBCA certificates n Six agency charter members (DOD, DOJ, DOC, Treasury, GSA, OMB)

5 Federal Bridge CA n Non-hierarchical hub (“peer to peer”) n Maps levels of assurance in disparate certificate policies (“policyMapping”) –Issue: assurance level vs. usage policy n Ultimate bridge to CAs external to Federal government n Directory initially contains only FBCA- issued certificates and ARLs

6 Current Status n Prototype FBCA: Entrust, Cybertrust (replaced with Baltimore Unicert) –Initial operation 2/8/00, tested 4/00 n Production FBCA: add other CAs –Operational by late 00 n FBCA Operational Authority is General Services Administration n FBCA Cert Policy by late-00 n FPKIPA operational 7/00

7 FBCA Prototype Test Structure n Six disparate PKI domains cross-certified with FBCA –Five different CA products –Four different X.500 directory products n Interoperability demonstrated via signed S/MIME messages (Eudora, Outlook) n X.500 directory framework - chaining between directories, client access via LDAP

8 Cybertrust CA Entrust CA SFL Client Entrust Client Entrust Client SFL Client DoD Bridge CA Entrust Client Entrust Client Entrust Client PCA CA PCA CA PCA CA PCA CA PCA Entrust Client SFL Client PCA

9 Participants n Government of Canada n NSA/DOD n NIST n NASA n GSA n Georgia Tech Research Institute n CA products: Entrust; Cybertrust; CygnaCom; Spyrus; Motorola n Directories: PeerLogic; ICL; Nexor; CDS; Chromatix n Integrators: Mitretek; JGVanDyke; GNS; Booz Allen; CygnaCom; A&N Associates

10 Test Results

11 Agency Production PKI Examples DOD (>300K certs => >>4M by 2002; high assurance with smartcards) DOD (>300K certs => >>4M by 2002; high assurance with smartcards) FAA (>1K certs => 20K+ in 2000; software now, migrating to smartcards) FAA (>1K certs => 20K+ in 2000; software now, migrating to smartcards) FDIC (>7K certs => 20K+ in 2000) FDIC (>7K certs => 20K+ in 2000) NASA (>1K certs => 25K+ in 2000) NASA (>1K certs => 25K+ in 2000) USPTO (>1K certs => 15K+ in 2000) USPTO (>1K certs => 15K+ in 2000)

12 Access Certs for Electronic Services “No-cost” certificates for the public “No-cost” certificates for the public For business with Federal agencies only (but agencies may allow other uses on case basis) For business with Federal agencies only (but agencies may allow other uses on case basis) On-line registration, vetting with legacy data; information protected under Privacy Act On-line registration, vetting with legacy data; information protected under Privacy Act Agencies billed per-use and/or per-certificate Agencies billed per-use and/or per-certificate Three contractor consortia (DST, ORC, AT&T) Three contractor consortia (DST, ORC, AT&T) President used ACES cert for E-sign Bill President used ACES cert for E-sign Bill

13 Statutory Bases: E-Signatures n Gov’t Paperwork Elimination Act (98) –Technology neutral - select based on risk –But full recognition of dig sig strengths –Gives electronic signature full legal effect –Focus: transactions with Federal agencies n E-Sign in Global/Nat’l Commerce Act (00) –Covers B2B and B2C –Full legal effect if requirements are met

14 Organization

15 U.S./European/Asian Issues n Certificate Policy usage - assurance levels vs. application limitations n Certificate Profiles - differences such as key usage extension conflicts n Models for policy, technical interoperability - prescriptive vs. market-based n Client software configuration - trust path creation vs. browser model

Download ppt "The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
Federal PKI Evolution Substantial bottom-up growth in agency use of PKI (report to be published shortly)Substantial bottom-up growth in agency use of PKI.

Federal PKI Evolution Substantial bottom-up growth in agency use of PKI (report to be published shortly)Substantial bottom-up growth in agency use of PKI.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.

Toward the Use of DIGITAL Signatures in the Commonwealth of Virginia Prepared for the Council on Technology Services by the Privacy, Security & Access.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Similar presentations

Ads by Google