1 / 11

The 4BF

The 4BF. The Four Bridges Forum. Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th , 2009. 3 Forms of Identity Assertion. Corporate / Public Network. 3. Credential Assertion. 2. Federated Assertion. 1. End-Entity Assertion.

adelle
Download Presentation

The 4BF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28th, 2009

  2. 3 Forms of Identity Assertion Corporate / Public Network 3. Credential Assertion 2. Federated Assertion 1. End-Entity Assertion PACS ABC Inc. Notices Scorecards Concessions LACS Comms Convergence Service Provider (SP)

  3. LACS vs. PACS PACS • Strong identity credentials are unusual across the PACS landscape • PKI is virtually unheard of for PACS • Visitors using their own organizational issued badges does not exist (federation) LACS • Relatively mature WRT strong identity management • Able to leverage credentials issued by other organizations • Highly scalable via federation

  4. Merck Raytheon CertiPath Bridge CA SAFE Bridge CA Federal Bridge CA Boeing Northrop Grumman SITA Lockeed Martin CertiPath Common Policy Root CA Entrust VeriSign SSP GSA MSO HUD Verizon Bus SSP EOP VA HHS US Treasury SSP NASA SSA State of Illinois DoT DoE US PTO Dept. of State P&G SAFE Root CA DHS DoJ E-Commerce DoJ DEA ARINC DoD Pharma Astra GPO Pfizer ORC ACES EADS VeriSign GPO SSP USPS NRC DoD Interoperability Root DoL EPA J&J HEBCA Fed Common Policy Root CA Exostar VDoT Bridge PKI – Issuers and Trust Relationships

  5. Required Validation Process • Path Discovery (SCVP) – discover path from certificate to trust anchor • Signature Verification – certificates in path are genuine • Certificate Verification – certificate data check (data integrity, validity date, expiration date, etc.) • Private Key Challenge – certificate is bound to card (not copied or cloned) • PIN/BIO Check – credential is bound to cardholder

  6. System Highlights • Supports a heterogeneous credential environment where the following is true about the credentials • A trust path can be created and validated for Federal agencies via the FBCA and commercial entities via the CertiPath Bridge • The token conforms to FIPS-201, PIV-I, CertiPath PIV-I or DoD CAC NG • Visitors to facility do not require onsite enrollment • Onsite is supported but not required • Current deployment in Dulles, VA (DD) is being deployed at SP 800-116 maturity level 4 and contain three area profiles • Controlled • Limited • Exclusion

  7. System Highlights (cont.) • Guests with unescorted access within the controlled area will be given “re-assignable” smartcards but a fingerprint will be captured • The controlled area allows single factor CAK during 8-6pm weekdays but switches to CAK+BIO afterwards • DD will have additional demo lab that contains a reader that will output to a large display the real-time checks and path validation done to verify and validate credentials

  8. Reader Options

  9. The Next Level • Meetings are a common place to share data verbally and visually • Essentially access to data outside of a “ACL” controlled environment • Common to not know everyone around the table • Even less common to be sure of the employment status of all visitors and guests • Next version of MS Outlook allows for “labeling” meetings • Conference room doors become last enforcement point

  10. Supporting Organizations

More Related