If we separate trainees into groups based on some criteria like technical know-how then:

  • How many groups?
  • What is the separation criteria? (e.g., job function, title, self-evaluation)
  • What are the groups called? (e.g., non-technical, technically savvy, technical)
  • What training material is included/excluded for each group?

Preparation

  • Schedule training facilities
  • Assure audio-visual and/or student computers are available & functional
  • If hands-on training need:
    • Training eTokens
    • Training personal certificates
    • Training leave reports (i.e., no Banner update?)
    • Training computer for each student with USB port
    • Instructors

Basic material

  • What is PKI?
  • Why are we doing this?
    • Thoughts: design, implement and tweak the infrastructure.  IT testing functionality. Slowly roll-out university wide for wide scale testing and acceptance. Uncover weaknesses. Refine & improve.
  • What is the goal?
  • Who is included? (who can get a cert?)
  • Why eTokens?
  • What about smartcards?  Hokie Passport?

Getting started

  • Note: If possible a hands-on exercise of obtaining an eToken and personal certificate would be good and an effective training tool
  • Obtaining an eToken
  • Normally Student Telecommunications office in Student Services building.  For IT Pilot in the AISB atrium.
  • Need 2 forms of "acceptable" identification credentials
    • Hokie Passport
    • Virginia drivers license
    • DMV photo id
  • Need to set a PIN for the eToken.  This is a complex password similar to that required for Hokies ID.  This should be different from all your other passwords.
  • Are we using a challenge/response question(s) (hint?) for forgotten passwords?

How To Use

  • Note: If possible a hands-on exercise of using an eToken to sign a test leave report would be used.
  • Use "Quick Start" guide to walk through process of signing a leave report
  • Review signed but not yet approved leave report
  • Have student use whomever is sitting next-to/close-to them as "supervisor" for approval process.
  • Review signed and approved leave report
  • Revoke a certificate (do we want to demonstrate this or have students actually do it?)

Security Issues

  • Lost or stolen eToken
    • Needs PIN not just token
    • Certificate can be revoked
  • Some software automatically uses the personal certificate if the token is left in USB drive.
  • No encryption initially (key escrow issue)
  • No caching of cert or PIN
  • Use complex passwords when changing PIN

Supported vs Unsupported

  • Only leave reports initially.
  • Initially no support for digitally signed e-mail but has been tested on ... e-mail clients.
  • Executive Vice President, Mr. Jim Hyatt's goal is one step closer to paperless office.
  • No labels