1 / 7

DoD Public Key Infrastructure

DoD Public Key Infrastructure. LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002. Outline. Objectives Progression of technical capabilities Current enterprise Future vision. Functional Objectives and Description. COTS-based architecture

Anita
Download Presentation

DoD Public Key Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002

  2. Outline • Objectives • Progression of technical capabilities • Current enterprise • Future vision

  3. Functional Objectives and Description • COTS-based architecture • Support of multiple applications and vendors through open systems, standards-based approach • FIPS-compliant crypto modules • Services include digital signature/ non-repudiation, authentication, key escrow and recovery of confidentiality (decryption) keys

  4. Milestones • August 1998: Medium Assurance Pilot introduced with two certificates (signing, email) • July 2000: Release 2 delivers CA signing in h/w, functional separation of email certs, and key escrow and recovery of decryption keys • October 2001: Release 3 delivers operational issuance to the DoD Common Access Card (CAC)

  5. Current DoD CLASS 3 PKI NSA Finksburg Certification Authorities Root Directory Service DECC Dets Chambersburg and Denver Registration Authorities Local RegistrationAuthorities Users

  6. Release 3 Integrated Process Certificate Authority Directory Services CERT CERT Inquiry DEERS Data Base Person Authentication& Data Update 1 Demographic and Personnel information ID Card, Picture and Fingerprint 2 Establish User Generate Keys Obtain Certificates Load Keys V.O. 4 Private Key generation on the card. 3 Certificate Requests and decryption keys for escrow 6 5 User’sSmart Card (CAC)

  7. Future Vision • DoD Mobile Code signing implementation • Support for Microsoft Win2K Smart Card logon • Browser-based key recovery and card “maintenance” • Revocation information improvements • Testing and deployment of On-line Certificate Status Protocol (OCSP) service • Testing http reference in CRL Distr. Point • Testing Delta CRL implementation • Focus on enabling applications to use PKI

More Related