1 / 9

Overview of PKI@Virginia Tech

Overview of PKI@Virginia Tech. Secure Enterprise Technology Initiatives. e-Provisioning Group. Frank Galligan frankg@vt.edu Fed/Ed XV PKI Coordination Meeting June 14, 2007. Background. Secure Enterprise Technology Initiatives eProvisioning Group

shadow
Download Presentation

Overview of PKI@Virginia Tech

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of PKI@Virginia Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan frankg@vt.edu Fed/Ed XV PKI Coordination Meeting June 14, 2007

  2. Background • Secure Enterprise Technology Initiatives • eProvisioning Group • Technical Support for University PKI Initiatives • Sponsorship For PKI Initiatives • Vice President for Information Technology • Funding from Executive Vice President • Virginia Tech • Blacksburg, Virginia - Southwestern VA • Research University - Ranking 56th in US • 28,000 Full Time Students - Largest in VA • 7,000 Faculty and Staff - PKI Target Group • Corporate Research Center - Location of CC

  3. VTCA Architecture Offline CA Virginia Tech Root CA 4/10/2003 Online CA Subordinate CAs Server CA Middleware CA User CA 4/10/2003 7/23/2004 9/20/2006 Other CAs As Needed 417 Issued 105 Issued 444 Issued Personal Certificates Aladdin eToken SSL Web Server Certificates Middleware Certificates

  4. PKI Project Structure Six Projects: A Coordination Challenge • Infrastructure • Integration • Token Administration System • Policy • Device Selection • Documentation and Communication

  5. VTCA Design Methodology • Architecture: Hierarchical Model • High Assurance Level: FIPS 140-2 Level 3 HSM • Standards: PKCS, CryptoAPI, PCSC, X509 v3 • Commercial or OpenSource: OpenCA 0.9.x • Deployment Model: Phased, Smart Devices • Scope: Initially for Internal Use • Administration: RA,CA,HSM,SYS,APP • CP and CPS Documents: PMA, RFC 2527

  6. VT Personal Digital Certificates • Token Administration System - TAS • Two Phase Certificate Enrollment Process - Phase I Registration Authority Admin Station • Applicant Hokie ID scanned to retrieve LDAP record • Applicant provides two photo IDs for validation • Applicant creates a password for their eToken - Phase II Certification Authority Admin Station • Applicant authenticates using their eToken password • TAS generates RSA keys onboard eToken and creates CSR • TAS sends CSR to User CA, returned cert stored on eToken • Applicant digitally signs VT Usage Agreement • TAS automatically sends email with instructions to applicant • eToken Password Resets, Certificate Revocation

  7. PKI Integration • Virginia Tech Personal Certificate Profile • Encryption Disabled • VT PKI Applications • DigitallySigned Leave Reports/Work Flow • VPN Authentication • S/MIME e-Mail, MS Office Word and Excel, Adobe Acrobat • Client SSL Authentication, CAS (Central Authentication Server) • Other Digital Signature Applications • Grant Proposals • Travel Vouchers • Various Departmental Forms • Phone Bills

  8. References • Virginia Tech Home Page • www.vt.edu • Virginia Tech PKI • www.pki.vt.edu • Virginia Tech PDCs • www.pki.vt.edu/PDC • Virginia Tech Certificate Policy • www.pki.vt.edu/rootca/cp • Virginia Tech eAladdin eToken News • www.aladdin.com/news/2006/etoken/Virginia_Tech.asp • Personal Digital Certificates at Virginia Tech – Internet2 Presentation • www.internet2.edu/presentations/fall06/20061204-PKIwksp-Dunker.htm

  9. Overview of PKI@Virginia Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan frankg@vt.edu Fed/Ed XV PKI Coordination Meeting June 14, 2007

More Related