Presentation is loading. Please wait.

Presentation is loading. Please wait.

The U.S. Federal PKI and the Federal Bridge Certification Authority

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The U.S. Federal PKI and the Federal Bridge Certification Authority"— Presentation transcript:

1 The U.S. Federal PKI and the Federal Bridge Certification Authority
Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee and Acting Director, Federal Bridge Certification Authority

2 Introduction - Overview

3 The Goals of the U.S. Federal PKI
A cross-governmental, ubiquitous, interoperable Public Key Infrastructure. The development and use of applications which employ that PKI in support of Agency business processes.

4 Why A U.S. Federal PKI? Statutory mandates for e-government and implementing electronic signature technology Demands for improved services at lower cost International Competition International Collaboration

5 Why NOT a U.S. Federal PKI? Concerns of Privacy Advocates
Agency internal politics Vendor battles for market space Cost

6 The Approach to a U.S. Federal PKI
Agencies implement their own PKIs Create a Federal Bridge CA using COTS products to bind Agency PKIs together Establish a Federal PKI Policy Authority to oversee operation of the Federal Bridge CA Ensure directory compatibility Use ACES for transactions with the public Note that the heart of the us federal pki, the thing that makes it possible at all, is the federal bridge ca. Bill Burr of NIST, one of the primary authors of the bridge model.

7 A Snapshot of the U.S. Federal PKI
DOD PKI Illinois PKI CANADA PKI Federal Bridge CA Notice that the fed bridge is the heart of the u.s. fed pki we’ll turn to that next. Discuss implications of state pkis, other bridges, international links. NASA PKI Higher Education Bridge CA University PKI NFC PKI

8 The U.S. Federal Bridge Certification Authority (FBCA)

9 FBCA Overview Designed to create trust paths among individual Agency PKIs Employs a distributed - NOT a hierarchical - model Commercial CA products participate within the membrane of the Bridge Develops cross-certificates within the membrane to bridge the gap among dissimilar products

10 FBCA Goals Leverage emerging Agency PKIs to create a unified Federal PKI Limit workload on Agency CA staff Support Agency use of: Any FIPS-approved cryptographic algorithm A broad range of commercial CA products Propagate policy information to certificate users in different Agencies

11 FBCA Architecture Multiple commercial CAs within a “membrane” that cross-certify and interoperate CAs offline No network connectivity (CA sneaker net to directory) FBCA directory online 24 X 7 X 365 Add new figure

12 FBCA Directory Architecture
Chained X.500 directories Dual-rooted FBCA directory is “hub” dc=gov o=U.S. Government, c=US LDAP supported for non-X.500 directories Modify figure 16.6

13 Directory Model

14 FBCA Operation Issues Certificates to Participating CAs only
FPKI Steering Committee oversees FBCA development and operations Documentation Enhancements Client-side software Operates in accordance with Policy Authority and FPKISC direction

15 FPKI Policy Authority Determines participants and levels of cross-certification Participants become voting members Administers Certificate Policy Enforces compliance by member organizations General Services Administration serves as Operational Authority

16 Policy Mapping Candidate Certificate Policies evaluated against the FBCA CP for adequacy and levels of assurance: Identity binding CA security Performed by the Federal Policy Management Authority Certificate Policy Working Group with contractor support Requirements publicly available on NIST website

17 Policy Equivalence Example
DoD 2 3 4 Can Basic Med High Rud ISO Banking Fed PKI

18 Policy Mapping Example
Federal High = DoD CLASS 4 Federal Medium = DoD CLASS 3 Federal High = Canadian High Federal Medium = Canadian Medium Bridge CA DoD CA Canadian CA DoD CLASS 4 = Federal High DoD CLASS 3 = Federal Medium Canadian High = Federal High Canadian Medium = Federal Medium DoD CLASS 3 Subscriber DoD CLASS 3 Subscriber Can. HIGH Subscriber Can. MED Subscriber

19 References Federal PKI Steering Committee Website: NIST PKI Website: ANSI Website: IETF Website:

20 Acknowledgements Thanks to:
Judith Spencer, Chair, Federal PKI Steering Committee Tim Polk, National Institute of Standards and Technology Dave Fillingham, National Security Agency

Download ppt "The U.S. Federal PKI and the Federal Bridge Certification Authority"

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
Federal PKI Architecture Update

Federal PKI Architecture Update
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Similar presentations

Ads by Google