• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Rich furr 20111017 topics 2 & 3
 

Rich furr 20111017 topics 2 & 3

on

  • 438 views

Preso from SAFE-Biopharma's Rich Furr on standards relevant to e-identity: for IIW October 2011

Preso from SAFE-Biopharma's Rich Furr on standards relevant to e-identity: for IIW October 2011

Statistics

Views

Total Views
438
Views on SlideShare
438
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Rich furr 20111017 topics 2 & 3 Rich furr 20111017 topics 2 & 3 Presentation Transcript

    • NSTIC DayHow does industry drive forward SAFE-BioPharma Association
    • TopicsTopic C: Assurance levels, “frameworks“, interparty liabilityTopic D: Device-specific methods: mobile; smartcards; browserDNT, etc.– PKI, non-PKI 2 SAFE-BioPharma Association
    • Assurance levels, “frameworks“, interparty liabilityOMB 04-04– Level 1: Little or no confidence in the asserted identity’s validity– Level 2: Some confidence in the asserted identity’s validity– Level 3: High confidence in the asserted identity’s validity– Level 4: Very high confidence in the asserted identity’s validityNIST SP 800-63 provides additional guidance per level– Registration and identity proofing– Tokens– Token and credential management mechanisms– Protocols used to support the authentication mechanism between the Claimant and the Verifier– Assertion mechanisms 3 SAFE-BioPharma Association
    • Assurance levels, “frameworks“, interparty liabilityPKI– FBCA • Six increasing, qualitative levels of assurance: Rudimentary, Basic, Medium, PIV-I Card Authentication, Medium Hardware, and High.– Also Medium Hardware Commercial Best Practices (CBP) Assurance RequirementsNon-PKI– FICAM • Levels 1-3 4 SAFE-BioPharma Association
    • 4BF – Interlinked PKI Network of Trusted Cyber- Communities Abbott SA Exostar Citi Merck EADSI Boeing Raytheon REBCA J&J&J AZ SAFE SAFE:Vz Lockeed CertiPath Bridge CA Biz/Chosen/ Martin Bridge CA Other pharmass TranSped Federal GPO Northrop Bridge CA Grumman SSP SITA Entrust Fed Common DoJ Policy Root CA GSA ARINC VeriSign MSO CertiPath Common Policy GPO ORC Root CA VeriSign US Treasury SSP SSP DoL DoE EPA HUD DoT SSA US PTO Verizon Bus Exostar DoD NRC NASA SSP Interoperability DHS DoJ Root E-Commerce EOP HHS VDoT DoD VA DEA USPS Dept. of State State of Illinois ACES 5 SAFE-BioPharma Association
    • Non-PKI TFPsFICAM certified– LOA 1 – OIX– LOA 1-2 – InCommon– LOA 1-3 – KantaraIn process– LOA 2-3 – SAFE-BioPharma Assn– Under TFET review 6 SAFE-BioPharma Association
    • Interparty LiabilitySAFE-BioPharma– Closed membership association– Dispute resolution process governs adjudication • Agree not to sue but rather arbitrate– Liability covered under Operating Policies and Member/Issuer Agreements • Specific caps related to credential management only • Does not cover use of credentialsOther TFPs– Part of why we are here 7 SAFE-BioPharma Association
    • Authentication and credentialsPKI is covered by the FBCA CP and CPS– Multiple certificate types– Hardware, software and roaming • Roaming currently classed as software by the FBCA • Moving to cloud-based solutions – SAFE-BioPharma/Verizon offering cloud-based HSM protected certificatesNon-PKI– NIST SP 800-63– Issue – currently approved version dates to 2006 and is technically out of date and does not recognize non-PKI multi-factor tokens– Much of industry working with the Dec 2008 (now Jun 2011 draft) • Includes much broader definitions of acceptable tokens at various LOAs 8 SAFE-BioPharma Association
    • Token typesWho is doing what and how?PKI Smartcards, USB hardware tokens, software tokens on machines/mobile devices, cloud HSMsNon-PKI– LOA 1&2 – memorized secrets, pre-registered knowledge tokens– LOA 2 - look up secret, out of band, SF one-time password device, SF crypto device– LOA 3 – multiple tokens (NIST SP 800-63 (June 2011 draft), Table 7) 9 SAFE-BioPharma Association