Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Published byVanessa Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed."— Presentation transcript:

1 Virginia Tech Overview of PKI@Virginia Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan frankg@vt.edufrankg@vt.edu Fed/Ed XV PKI Coordination Meeting June 14, 2007

2 Virginia Tech Background Secure Enterprise Technology InitiativesSecure Enterprise Technology Initiatives eProvisioning GroupeProvisioning Group –Technical Support for University PKI Initiatives Sponsorship For PKI InitiativesSponsorship For PKI Initiatives –Vice President for Information Technology –Funding from Executive Vice President Virginia TechVirginia Tech Blacksburg, Virginia - Southwestern VABlacksburg, Virginia - Southwestern VA Research University - Ranking 56 th in USResearch University - Ranking 56 th in US 28,000 Full Time Students - Largest in VA28,000 Full Time Students - Largest in VA 7,000 Faculty and Staff - PKI Target Group7,000 Faculty and Staff - PKI Target Group Corporate Research Center - Location of CCCorporate Research Center - Location of CC

3 VTCA Architecture Virginia Tech User CA Server CA Virginia Tech Root CA SSL Web Server Certificates Middleware Certificates Middleware CA Personal Certificates 4/10/2003 7/23/20049/20/2006 417 Issued105 Issued 444 Issued Subordinate CAs Offline CA Online CA Other CAs As Needed Aladdin eToken

4 Virginia Tech PKI Project Structure Six Projects: A Coordination Challenge Infrastructure Integration Token Administration System Policy Device Selection Documentation and Communication

5 Virginia Tech VTCA Design Methodology Architecture: Hierarchical Model High Assurance Level: FIPS 140-2 Level 3 HSM Standards: PKCS, CryptoAPI, PCSC, X509 v3 Commercial or OpenSource: OpenCA 0.9.x Deployment Model: Phased, Smart Devices Scope: Initially for Internal Use Administration: RA,CA,HSM,SYS,APP CP and CPS Documents: PMA, RFC 2527

6 Virginia Tech VT Personal Digital Certificates Token Administration System - TAS Two Phase Certificate Enrollment Process - Phase I Registration Authority Admin Station Applicant Hokie ID scanned to retrieve LDAP record Applicant provides two photo IDs for validation Applicant creates a password for their eToken - Phase II Certification Authority Admin Station Applicant authenticates using their eToken password TAS generates RSA keys onboard eToken and creates CSR TAS sends CSR to User CA, returned cert stored on eToken Applicant digitally signs VT Usage Agreement TAS automatically sends email with instructions to applicant eToken Password Resets, Certificate Revocation

7 Virginia Tech PKI Integration Virginia Tech Personal Certificate Profile –Encryption Disabled VT PKI Applications –Digitally Signed Leave Reports/Work Flow –VPN Authentication –S/MIME e-Mail, MS Office Word and Excel, Adobe Acrobat –Client SSL Authentication, CAS (Central Authentication Server) Other Digital Signature Applications –Grant Proposals –Travel Vouchers –Various Departmental Forms –Phone Bills

8 Virginia Tech References Virginia Tech Home Page www.vt.edu Virginia Tech PKI www.pki.vt.edu Virginia Tech PDCs www.pki.vt.edu/PDC Virginia Tech Certificate Policy www.pki.vt.edu/rootca/cp Virginia Tech eAladdin eToken News www.aladdin.com/news/2006/etoken/Virginia_Tech.asp Personal Digital Certificates at Virginia Tech – Internet2 Presentation www.internet2.edu/presentations/fall06/20061204-PKIwksp- Dunker.htm www.internet2.edu/presentations/fall06/20061204-PKIwksp- Dunker.htm

9 Virginia Tech Overview of PKI@Virginia Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan frankg@vt.edufrankg@vt.edu Fed/Ed XV PKI Coordination Meeting June 14, 2007

Download ppt "Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory

Understanding Active Directory
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
WSU A Symphony in Four Movements. A Century of Controlled Flight.

WSU A Symphony in Four Movements. A Century of Controlled Flight.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google