dod public key infrastructure l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
DoD Public Key Infrastructure PowerPoint Presentation
Download Presentation
DoD Public Key Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 7

DoD Public Key Infrastructure - PowerPoint PPT Presentation


  • 210 Views
  • Uploaded on

DoD Public Key Infrastructure. LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002. Outline. Objectives Progression of technical capabilities Current enterprise Future vision. Functional Objectives and Description. COTS-based architecture

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

DoD Public Key Infrastructure


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
dod public key infrastructure

DoD Public Key Infrastructure

LCDR Tom Winnenberg

DISA API1 Chief Engineer

25 April 2002

outline
Outline
  • Objectives
  • Progression of technical capabilities
  • Current enterprise
  • Future vision
functional objectives and description
Functional Objectives and Description
  • COTS-based architecture
  • Support of multiple applications and vendors through open systems, standards-based approach
  • FIPS-compliant crypto modules
  • Services include digital signature/ non-repudiation, authentication, key escrow and recovery of confidentiality (decryption) keys
milestones
Milestones
  • August 1998: Medium Assurance Pilot introduced with two certificates (signing, email)
  • July 2000: Release 2 delivers CA signing in h/w, functional separation of email certs, and key escrow and recovery of decryption keys
  • October 2001: Release 3 delivers operational issuance to the DoD Common Access Card (CAC)
current dod class 3 pki
Current DoD CLASS 3 PKI

NSA Finksburg

Certification

Authorities

Root

Directory Service

DECC Dets Chambersburg

and Denver

Registration Authorities

Local RegistrationAuthorities

Users

slide6

Release 3 Integrated Process

Certificate Authority

Directory

Services

CERT

CERT

Inquiry

DEERS

Data Base

Person

Authentication&

Data Update

1

Demographic and Personnel information

ID Card, Picture and Fingerprint

2

Establish User

Generate Keys

Obtain

Certificates

Load Keys

V.O.

4

Private Key

generation

on the card.

3

Certificate Requests and decryption keys for escrow

6

5

User’sSmart

Card

(CAC)

slide7

Future Vision

  • DoD Mobile Code signing implementation
  • Support for Microsoft Win2K Smart Card logon
  • Browser-based key recovery and card “maintenance”
  • Revocation information improvements
    • Testing and deployment of On-line Certificate Status Protocol (OCSP) service
    • Testing http reference in CRL Distr. Point
    • Testing Delta CRL implementation
  • Focus on enabling applications to use PKI