VAs Pilot of Public Key Infrastructure Technology - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

VAs Pilot of Public Key Infrastructure Technology

Description:

27 Million Veterans and 43 Million dependents. Nearly one-third of the nation's ... VA CIO council backing, broad participation. Funding from VHA, VBA, and O/M ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 17
Provided by: danmal
Category:

less

Transcript and Presenter's Notes

Title: VAs Pilot of Public Key Infrastructure Technology


1
VAs Pilot of Public Key Infrastructure
Technology
  • Daniel L. Maloney
  • Director, Emerging Technologies
  • VHA - Department of Veterans Affairs
  • Silver Spring, MD., U.S.A.
  • daniel.maloney_at_med.va.gov
  • http//www.va.gov/
  • http//www.va.gov/vapki.htm

2
The Department of Veterans Affairs
  • 27 Million Veterans and 43 Million dependents
  • Nearly one-third of the nations population are
    potentially eligible for VA benefits, includes
    dependents
  • Second largest of the 14 Cabinet departments
  • Facilities in all 50 states, Washington D.C.,
    Puerto Rico and the Philippines
  • Nations largest medical system with 159
    hospitals, 129 nursing homes, 35 domiciliaries
    and 362 outpatient clinics
  • 58 regional Benefit offices providing monetary,
    disability, pension, educational and vocational
    rehabilitation benefits
  • 13 million home loans, and the nations largest
    insurance programs
  • 114 national cemeteries

3
(No Transcript)
4
(No Transcript)
5
VA PKI PURPOSE
  • Provide a common PKI utility for VA
  • Support projects that require one or more of the
    following strong authentication, integrity, non
    repudiation, confidentiality
  • Integrate with VAs overall security framework
  • Work through policy and technology issues
    together
  • Work with others to benefit from their experience
    and work towards government-wide interoperability

6
PROGRESS AT VA
  • VA CIO council backing, broad participation
  • Funding from VHA, VBA, and O/M
  • Web site - http//www.va.gov/vapki.htm
  • Strategy and design decision document
  • VA PKI certificate policy
  • Issuing user and server certificates from VA
    certification authorities
  • Code signing for VA projects
  • Help desk support and user documentation

7
On Line Demonstrations using PKI
  • Access Control using PKI
  • Forms Demonstration
  • Web based form
  • Forms contain data checking logic
  • Data, form and logic is digitally signed
  • Data cannot be changed after signed
  • Signed form saved to data base
  • Some fields extracted and added to record

8
On Line Demonstrations
  • Forms Demonstration (2)
  • Retrieve only forms you have signed
  • Un-sign, Update and Save capabilities
  • Local Print for your records
  • Local Electronic save for your records
  • Authentication and Access Control use the same
    technique (digital signature)
  • Data is all protected as it moves across the
    Internet (encryption)

9
Secure Electronic Mail in VA
  • Supports Digitally Signed and Encrypted mail
    messages
  • Excellent for confidential communications
  • Piloting with Computer Security Officers for
    exchange of confidential corporate correspondence
    or response to computer attacks
  • Uses the agencys standard commercial secure mail
    client
  • Very user friendly and easy to use, after initial
    set up
  • Have successfully tested interoperability with
    some non VA contacts (SSA, CHIME)

10
VA Server Certificates
  • All transmissions containing personally
    identifiable information should be encrypted
  • For Web forms, easily done using Secure Socket
    Layer
  • Alerting sites that they need SSL for any
    Internet or VA Intranet forms that gather
    personal information
  • Making it easier for VA web sites to obtain
    server certificates to support SSL

11
On Line Forms
  • Strategy is to support on line forms at multiple
    levels
  • Hundreds of forms now on line for Print and
    Fill at URL http//www.va.gov/FORMS/
  • 10-10EZ Application for Health Benefits on line
    in Fill and Print format
  • 10-10EZ in Fill and Submit format for 24 major
    sites and 74 Outpatient Clinics
  • On line Prescription Refill in Analysis Stage
  • Will adapt to digital signature in the future

12
On Line Forms (2)
  • 3 major Benefits Initiatives
  • WAVE - monthly certification of enrollment status
    from veteran to authorize benefit
  • On line now using password
  • NetCert - Schools certify that veteran is
    enrolled. Can also view part of the VA record
  • to be available in June
  • VONAPP - On line VA educational benefits and
    Compensation and Pension Applications
  • Pilots plan to use GSA ACES certificates

13
Medical Evidence Exchange
  • Issue - how to minimize the time needed for
    Social Security Administration to receive medical
    evidence from VA for a benefits claim
  • Major privacy, integrity, and confidentiality
    requirements
  • Proposed solution to minimize paper
  • Exchange signed and encrypted electronic mail
    messages
  • Use standardized extracts from VA Medical
    automation systems
  • Analysis stage - review technical plan in June
  • Plan to begin pilot implementation this summer

14
Prescriptions for Controlled Substances
  • Issue - Electronic prescriptions are allowed by
    Drug Enforcement Administration (DEA) for non
    controlled substances. DEA approached VA to help
    to pilot the use of strong technical controls
    like PKI with prescriptions for controlled
    substances
  • Based upon the results, DEA will consider
    revising existing regulations
  • Major authentication, integrity, non repudiation,
    privacy and confidentiality requirements
  • Proposed solution to be piloted is to use PKI
  • Requires major review and adaptation of existing
    VA Medical Automation Systems
  • Solutions will be applied to multiple application
    areas
  • Analysis stage

15
PKI Lessons Learned
  • On line submission is a method for delivery of
    customer service, in addition to traditional
    methods
  • PKI Applications can be easy to use, e.g. SSL,
    secure electronic mail
  • Later versions of applications and browsers are
    more predictable, so specify versions to be used
  • For staff ID proofing, build upon your existing
    organization
  • Initial Setup can be difficult so prepare
    detailed setup documentation
  • PKI is new and users will need training
  • Planning and Help Desks are essential

16
Building a VA Future Vision
  • The Veterans Administration PKI
  • VA PKI (http//www.va.gov/vapki.htm)
  • To enable authentication, integrity, non
    repudiation, privacy and confidentiality needed
    for electronic service delivery
  • The Veterans Private Web Record
  • VA Health eVet and VA Health eVAult Project
    (http//www.health-evet.va.gov)
  • To empower the veteran to better understand and
    control their health
  • The Veterans Card - portability of users Keys
  • G-8 / Netlink demonstration systems
    (http//www.va.gov/card/)
  • Interoperability so that the appropriate data can
    be accessed and read everywhere
Write a Comment
User Comments (0)
About PowerShow.com