University of Wisconsin SystemDigital ID – PKI

Digital CertificateService Overview

Nicholas DavisNovember 8th, 2011

Overview• Digital ID explained• Digital ID uses• Authentication - HRS• Signing – MS Office• Encryption – Email and attachments

• Digital ID Service History and Expansion• Getting a Digital ID• Digital ID storage• Support for Digital ID• Summary of Digital ID uses

• Challenges• Try a Digital ID• Live demonstration

Digital ID Explained• A Digital ID is like an

electronic passport, with extra benefits

• Three ways to identify yourself:

Something you know

Something you are

Something you have

• A Digital ID is something you have, which is very strong in terms of assurance

Digital ID Uses

• Authenticate a person to a protected resource, such as a web application

• Digitally sign documents, with proof of authorship and proof of document integrity

• Encrypt email you send to other people and decrypt email which you receive from others

Digital ID For Authentication

• Coming soon to HRS!• Many HRS users have the ability

to view and change the data of others in the system

• Username and password are not sufficient to protect access to data of others

• Digital ID provides a strong assurance of identity before permitting access to sensitive data

Digital ID For Electronic Document Signing

• Microsoft Office enables using a Digital ID to sign: Word, Excel, Powerpoint files

• Prove who created the file• Prove that the file has not been

altered in any way from its original form

Digital ID for Email Encryption

• Have you ever sent sensitive information via email?

• Your email is not secure• A Digital ID can make

your email and attachments secure

• Works around campus, and around the world

Digital ID Service

• Started in 2005 at UW-Madison• Extended to UW System

campuses in 2011• Each Digital ID is valid for 5

years• Each campus gets their own

Digital ID service, including local administration

• The overall Digital ID Service is maintained by UW-Madison

Centralized Infrastructure

• Simplicity - Only one authentication solution needed per application

• Leverages access to system wide person data

• Scalable and consistent, important for LOA enforcement

Getting a Digital ID

1. Customer visits a Registration Authority

2. Customer is identity proofed

3. Customer receives email with download authorization code

4. Customer downloads Digital ID

Digital ID Storage• May be stored as an encrypted

file on the customer’s computer• May be stored on a smartcard or

USB token• Insert card to authenticate, sign

and decrypt

Technical Support Documentationhttp://kb.wisc.edu/uwdid/

One Digital ID Can Do So Many Things

• Augment username and password to strengthen authentication and protect sensitive system access

• Digitally sign documents to prove authorship and integrity

• Encrypt email and attachments in transit and storage

• Will be required for many users of HRS

Digital ID Challenges

• Customer education about best security practices

• Cost of Digital IDs and associated hardware and software

• Practical adoption issues in the decentralized environment of UW System

Try a Digital ID• Request your own Digital ID at

https://uwdigitalid.wiscsonsin.edu• For support:

uwdigitalid@doit.wisc.edu

• Download your Digital ID onto a Windows or Macintosh computer

• We are always available to help!• Demonstration of the service, by

Chris Spencer