Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.

Published byCamilla Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer."— Presentation transcript:

1 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer

2 2 Briefing Overview I. Background II. Process III. System Overview/Description IV. Conclusion

3 3 Background o A Token must provide interoperable, enhanced security compared to magnetic stripe and similar serial data transmission security technologies o Token encoding must be highly tamper, counterfeit, and cloning resistant

4 4 Process o A Token is issued to a holder by a home of record issuer in an enrollment process following the Federal Identity Credential Model o Issuer policy defines a level of assurance associating a token to a holder o The issuer manages the data structure and contents of issued tokens o The issuer maintains and does not reveal master token and application write access keys to a holder or other party

5 5 Process (cont.) o A holder initiates an access transaction to a Physical Access Control System (PACS) application which has free read to token identification (SEIWG) and validation data (MAC) o A holder initiates a enrollment transaction to access a PACS or related support system in cooperation with or independent of the issuer according to issuer policy and token configuration *An enrollment transaction is distinct from an access transaction*

6 6 Message Authentication Code (MAC) UID (7 bytes) Concatenation 3DES CBC SEIWG (25 bytes) Magnetic Stripe MAC (4 bytes)

7 7 Access Transaction (enter door) Card Managed MAC List Un-Managed MAC List Door Reader Card 1. Request 2. RATS (UID) Select File Read Binary 5 No Match/Security List Exists 6 No Match 7 Authenticate Card Denied 3. Generate MAC Match 4. Check No MatchMatch No Match/ Un-managed List Exists Secured MAC FID List Denied Data Validated No Match/ No Lists Exist Data Validated Select File Read Binary Select File Read Binary

8 8 Conclusion o This solution can be utilized by legacy systems and new systems with minor upgrades o Solution is relatively secure and can be built quickly o Validation and authentication is optional and may be performed at the reader, panel, or system o Authentication data must not interfere with PACS authorization mechanisms

Download ppt "Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Card Verification Support

Card Verification Support
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Director of Product Line Management HID Proprietary & Confidential

Director of Product Line Management HID Proprietary & Confidential
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12

Department of Labor HSPD-12
CARD ACCEPTANCE PROCEDURES Facilitator: Kristy A Stanley Fraud and Compliance Officer June 16 2011.

CARD ACCEPTANCE PROCEDURES Facilitator: Kristy A Stanley Fraud and Compliance Officer June
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.

Similar presentations

Ads by Google