Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Published byClaude Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston."— Presentation transcript:

1 Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston

2 University of Texas Health Science Center at Houston UTHSC-H Six Schools –Graduate School of Biomedical Sciences –Dental School –Medical School –Nursing School –School of Health Information Sciences –School of Public Health ~ 10,000 Students, Faculty and Staff

3 PKI History at UTHSC-H 1996-97 U.T. System begin considering PKI as a strategic initiative. 1998 U.T. System signed MSA with VeriSign 1998 UTHSC-H obtained 10,000 client seats –Public/Private keys stored in “soft key stores” –Single certs used for digital signatures, encryption and accessing restricted resources 1999 Established enterprise LDAP directory –User’s public cert include as a user attribute

4 PKI History at UTHSC-H 2002 UTHSC-H begin issuing USB Tokens –Public/Private keys generated in “soft key” store & transferred to hard token 2003 VeriSign MSA modified to provide dual keys per seat – signing and encryption keys 2004 Begin generating public/private keys on USB E-Tokens – level 4 assurance 2005 Projected issuance of 4,000 E-Tokens 2005 Begin phasing out “soft key” stores

5 UTHSC-H: An Identity Provider (IdP) It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific responsibilities and liabilities.

6 UTHSC-H Strategic Authentication Goals Two authentication mechanisms. –Single university ID (UID) and password –Public Key Digital ID on Token (two-factor authentication) Digital Signatures –Authenticates senders –Guarantees messages are unaltered, i.e. message integrity –Provides for non-repudiation –Legal signature Encryption of email and other documents Highly Secure Access Control Potential for inherent global trust

7 Identity Provider (IdP) uth.tmc.edu Person IdP Obtains Physical Characteristics Identity Vetting & Credentialing Identifier Permanently Bound Assigns Everlasting Identifier Digital Credential Issues Digital Credential Person Only Activation Permanent Identity Database

8 Identity Provider (IdP) uth.tmc.edu PersonIdentifierDigital Credential Permanently Bound Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics Person Only Activation Identity Vetting & Credentialing UTHSC-H Two Factor Authentication Permanent Identity Database ? ?

9 UTHSC-H Identity Management System HRMSSISGMEISGuest MSUTP INDIS OAC7OAC47 Secondary Directories Sync Person Registry Authoritative Enterprise Directories Authorization Service Authentication Service User Administration Tools Change Password Attribute Management Identity Reconciliation & Provisioning Processes

10 Obtaining a Digital Certificate Access Local Hosted CA’s Web Page Generate a public/private key pair Send public key to Certificate Authority RA verifies applicant’s identity to CA CA issues X.509 certificate CA notifies applicant that DID is certified Applicant downloads certified public key Applicant makes backup of DID

11 Obtaining a Digital Certificate Hard Token – Level 4 Applicant appears in-person before RA Inserts E-Token in USB Port Access Certificate Authority’s Web Page Token generates public/private key pair Send public key to Certificate Authority RA verifies applicant’s identity to CA CA issues X.509 certificate Applicant downloads certificate to token

12 The focus of planning should be on how PKI and directory services make life great for people in cyberspace!!! Don’t focus on underlying theory, arcane concepts and minute implementation details. If basic infrastructure is in place along with user applications, people will use it and demand more. Lessons Learned

13 What Is Needed To Reach Critical Mass? Develop a core group that operationally believes in & understands middleware! CA management system with basic policies. Basic operational LDAP directory service. As many “real” applications as possible! –Solutions that use signing & encryption. –Cherished resources PKI enabled for access.

14 Why A Commercial CA Texas requires a state approved CA –Certificate Practice State (CPS) –Certificate Policy –Relying Party Agreement CA trust hierarchy automatically recognized by most browsers & clients world wide. Provided a significant amount of support resources.

Download ppt "Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
3SKey 3SKey.

3SKey 3SKey.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Implementation in the Real World

PKI Implementation in the Real World
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.

CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.

Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google