Presentation is loading. Please wait.

Presentation is loading. Please wait.

United States DoD Public Key Infrastructure: Deploying the PKI Token

Published byPatrick Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "United States DoD Public Key Infrastructure: Deploying the PKI Token"— Presentation transcript:

1 United States DoD Public Key Infrastructure: Deploying the PKI Token
UNCLASSIFIED United States DoD Public Key Infrastructure: Deploying the PKI Token R. Michael Green Director, DoD PKI PMO (410) Becky Harris Deputy Director, DoD PKI PMO (703) NIST PKI Review April 02 UNCLASSIFIED 1 1

2 United States DoD Public Key Infrastructure Program
UNCLASSIFIED United States DoD Public Key Infrastructure Program The Goal: To enhance the business processes and improve the IA posture of the DoD through widespread use of PK-enabled applications. (must be from .mil or .gov domain) UNCLASSIFIED 4/24/

3 DoD PKI Program Management and Policy
UNCLASSIFIED DoD PKI Program Management and Policy 9 April 99 ASD (C3I) Memorandum Assigned DoD PKI Program Management Office (PMO) Responsibility to NSA with DISA Deputy PM 6 May 99 DEPSECDEF Memorandum Defined DoD PKI Policy Objectives 10 Nov 99 DEPSECDEF Memorandum Established DoD Smart Card Strategy 12 Aug 00 ASD (C3I) Memorandum (Rewrite of 6 May DoD PKI Memo) UNCLASSIFIED 4/24/

4 The Challenge - It’s a hard problem Event Driven Security Robustness Growth
Applications Assurance Level Assurance Level Tokens LRAs* Assurance Level Assurance Level Directories Certification Authorities Assurance Level Release 3 Release 4 Time * Local Registration Authorities UNCLASSIFIED 4/24/

5 DoD Public Key Capability Requires Coordinated Convergence
Configuration Management CAC Issuance & PK Infrastructure Workstation Enablement PK Enablement Related Events UNCLASSIFIED 4/24/

6 email cert issuance via post issuance portal
PKI in Evolution Surety (Quality of Certificate) Release 4 Release 4.0 Release 3.x Release 3.1 Release 3 Release Win 2000 Smart Card logon 3.0.1 cert issuance via post issuance portal 3.1 3.x PIN unlock/reset 4.0 KMI CI-1 Upgrade to 4.X DEERS/RAPIDS Time UNCLASSIFIED 4/24/

7 DoD PKI Registration Scenarios
DoD Root Certification Authority Certification Authority Repository/Directory Personnel Database End User End User RAPIDS Workstation and Verifying Official (VO) Local Registration Authority (LRA) End User Application End User Application UNCLASSIFIED 4/24/

8 # People Requiring Certs and # People Issued Certs
Total Req’d 3,109,983 Total Issued ,659 (14 April 02) UNCLASSIFIED 4/24/

9 Current Status DoD PKI Release 3 Operational - October 01
Key Management Infrastructure Capability Increment-1 (KMI CI-1) awarded Nov 01; will provide Release 4. Established PKI Interoperability Testing capability Reviewing and approving DoD PKI Certificate Practice Statements UNCLASSIFIED 4/24/

10 Preparing for the Future
Collected Tactical PKI User requirements Working with NIST & Smart Card Senior Coordinating Group to define process to add applets to FIPS 140 certified cards while maintaining FIPS 140 certification Updating the DoD PKI Certificate Policy (CP) Finalizing the DoD Key Recovery Policy Developed high-level approach to PK-Enabled applications UNCLASSIFIED 4/24/

11 Future PKI Activities DoD Policy Rewrite/Milestone Review SIPRNET Plan
MS Logon Agreement - Release 3.0.1 Code Signing - Release 3.1 Private Web Server Certs/Client Side Authentication Biometrics UNCLASSIFIED 4/24/

12 Other Activities Directories, Directories, Directories
DoD PKI and Allied Interoperability DoD PKI “versus” Federal and IC Vetting and piloting tactical and SIPRNET requirements UNCLASSIFIED 4/24/

13 DoD PK-Enabled Applications
PKI provides the underlying foundation for security services, but PK-enabled applications are required in order to implement them We Must Depend on Industry to Maintain the Apps Evaluated Applications that can process our Certificates with little User Involvement UNCLASSIFIED 4/24/

14 DoD PK-Enabled Applications
PK-Enabled Services/Applications: Medium Grade Services (MGS) - secure, interoperable Secure Web Services DoD-specific applications (e.g. Defense Travel System, Wide Area Work Flow) UNCLASSIFIED 4/24/

15 DoD PKI and KMI Token Protection Profile
Used Smart Card Security Users Group Smart Card Protection Profile as baseline document Information Assurance Technical Framework Forum Protection Profiles: Previous draft was released for public comment October 00 - Feb 01 Tokens meeting this protection profile: required by mid-late 2003 UNCLASSIFIED 4/24/

16 Token PP FIPS 140 Requirements
FIPS Level 2 for Subscribers * FIPS Level 3 for Registration Authorities * If the DoD Common Access Card issuing infrastructure is not capable of issuing two different levels of cards, then all CACs will be required to meet FIPS Level 3. UNCLASSIFIED 4/24/

17 Biometrics, DMDC and CAC
DMDC has been collecting and storing fingerprints (template & minutia) when issuing cards. Biometric data is not stored on the CAC In the event of a forgotten PIN, biometric (fingerprint) can be provided by user at a RAPIDS workstation for authentication and to unlock her CAC UNCLASSIFIED 4/24/

18 Adding Biometrics to PKI & CAC
Pilots under way now Discrete points where biometrics can be added: CAC task order/purchase* middleware upgrades* DMDC/RAPIDS/DEERS upgrades* * Probably need all three of these before fully incorporating biomentrics May impact CAC FIPS 140 certification UNCLASSIFIED 4/24/

19 UNCLASSIFIED 3/13/

Download ppt "United States DoD Public Key Infrastructure: Deploying the PKI Token"

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Mobile Devices in the DoD

Mobile Devices in the DoD
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.

Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Colleen Carboni DISA D25 (703)

Colleen Carboni DISA D25 (703)
Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.

Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google