NFCs Public Key Infrastructure - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

NFCs Public Key Infrastructure

Description:

NFCs Public Key Infrastructure – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 19
Provided by: kathy163
Category:

less

Transcript and Presenter's Notes

Title: NFCs Public Key Infrastructure


1
NFCs Public Key Infrastructure
  • Kathy Sharp
  • USDA, National Finance Center

2
NFCs Certification Authority History
  • Member of Federal Public Key Infrastructure
    Steering Committee - November 1996
  • Certificate Policy and Certification Practice
    Statement and developed in accordance with the
    Federal Bridge CA Standards
  • Pilot Test - August 1996
  • Initial Implementation PC-PRCH - FIPS 140-1,
    Level 1 - March 1997

3
NFC's Certification Authority History
  • Installation of the Medium Assurance PKI -
    February 1999
  • FIPS 140-1, Level 3 Crypto Module on CA - July
    1999
  • Conversion to Production Pilot - August 1999
  • Expand the PKI to include Basic Assurance CA -
    December 2000

4
NFCs Certification Authority History
  • Began preparing for Third Party Certification and
    Accreditation January 2001
  • Implemented a Web-based Registration Recovery
    Service (UMARS) for NFC PKI December 2001
  • Third Party Risk Assessment, External and
    Internal Penetration Testing of the NFC PKI by
    KPMG December 2001 through February 2002

5
NFCs Certification Authority History
  • Third Party Certification and Accreditation Audit
    performed by KPMG February March 2002
  • NIACAP, OMB, NIST, Common Criteria Standards
  • Recommended for Interim Certification and
    Accreditation April 2002
  • Implemented PKI Backup Site April May 2002

6
NFCs Certification Authority History
  • Final Certification and Accreditation August
    2002
  • USDA OCIO Certification and Accreditation
    September 2002
  • Cross-Certification with the Federal Bridge
    September 2002

7
e-Gov e-Authentication Gateway
  • Demonstrated e-Gov e-Authentication Gateway
    Functionality September 2002
  • Two NFC (Test) Applications using
  • NFC PKI Certificates
  • Password/IDs

8
NFC Public Key Infrastructure
  • Medium and High Assurance Certification Authority
    (CA)
  • High Availability
  • Cross-certified with the FBCA
  • FPKI/OMB/NIST/FIPS/Common Criteria compliant

9
X.500 Directory
  • X.500 Directory
  • High Availability
  • Repository in the NFC DMZ
  • Repository Shadows can be placed at Sites

10
NFCs Public Key Infrastructure
  • Hosted at NFC
  • Government Owned Government Operated
  • All Registration Functions performed by NFC
    Employees
  • Local Registration Authorities - Agencys NFC
    Security Officers or employees appointed by the
    Agency

11
Peripheral Systems
  • All are in High Availability or Load Balance
    Configuration
  • Medium and Basic CA
  • Web-based Registration Service
  • Web-based Self-recovery Service
  • Issuance of Desktop, Roaming, Smart Card PKI
    credentials
  • Medium CA
  • Additional issuance of Web Server, Browser, and
    Code Signing certificates

12
NFC PKI Backup Site
  • Located at a Government Site
  • Configured for High Availability
  • If the NFC PKI goes offline, the Backup Site is
    activated
  • Updates of Backup Site via dedicated VPN
  • Most of the System Admin performed Remotely
  • Full functionality of production systems
  • 24/7 Service

13
PKI Planned Expansion
  • Add a High Assurance CA to the NFC PKI and Backup
    Site
  • Shadow Directories at Customer Sites

14
NFC Certificate Application Types
  • Virtual Private Network
  • Desktop Encryption
  • Application Encryption/Digital Signature
  • Encrypted E-Mail
  • Zero Footprint Certificates
  • Web Based Encrypted E-Mail
  • SSL Web Server (Non Published)
  • SSL Web Server Client Certificates

15
Certificate Licenses
  • License Per Application Level
  • Example A Zero Footprint Certificate is good
    for all Web Applications that are certificate
    embedded (One Certificate One License Multi
    Applications)
  • Multi Licenses with the same certificate for
    numerous applications
  • Example User needs Encrypted E-Mail and Zero
    Footprint Certificate (One Certificate Two
    Licenses Multi Applications)

16
User Management and Registration System (UMARS)
  • Web-based administration and user self-service
  • Entrust TruePass provides protection and enables
    digital signatures on administrative operations
  • User sets personal recovery secrets during online
    enrollment
  • Fully auditable event history is retained at NFC

17
Federal Government Participation
  • Cross-Certification through Federal Bridge CA
  • Member of FPKI Steering Committee
  • Member of the Legal Working Group of the FPKISC
  • Member of the Business Working Group of FPKISC
  • Member of the FBCA Policy Authority
  • Member of the FBCA Policy Authority Working Group

18
More Information on NFC PKI
  • Visit NFC Web Page at
  • www.nfc.usda.gov
  • Click on Certification Authority Initiative
  • Customer Service Representative
  • Theresa Trentacoste - 504-255-5324
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NFCs Public Key Infrastructure" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!