User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Slides:

Advertisements

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

Secure Communication Architectures.

HID Global Corporate Overview Natacha Jaramillo Regional Sales Manager (Latin America) September 2014 Presentation Title Slide.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.

Dongyan Wang GlobalPlatform Technical Program Manager

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

The Internet & The New IT Infrastructure Chapter 9.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

FIT3105 Smart card based authentication and identity management Lecture 4.

02/12/00 E-Business Architecture

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

RSA SecurID November 10, 2005.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Certificate and Key Storage Tokens and Software

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Copyright 次世代 IC カードシステム研究会 C 1 Nagaaki OHYAMA Tokyo Institute of Technology Chair of NICSS National ID card in Japan May Provoo (Reykjavik,

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Privacy Issues in Vehicular Ad Hoc Networks.

Copyright 2006 IDC Reproduction is forbidden unless authorized. All rights reserved. Information Security Trends.

1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

Deepnet Unified Authentication for Outlook Anywhere.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Cellular Device – Versatile personal identification Joint workshop on mobile web privacy W3C presentation, Dec

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

IoT R&I on IoT integration and platforms INTERNET OF THINGS

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Identity and Access Management

Basharat Institute of Higher Education

Secure Connected Infrastructure

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

Operating System Structure

Windows Azure AppFabric

PLUG-N-HARVEST ID: H2020-EU

Security & .NET 12/1/2018.

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

Presentation transcript:

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems

Privacy Challenges  The Internet ‘exposes’ and ‘creates’ as by-products significant amounts of personal information in its normal mode of operations  Personal information was the primary ‘currency’ which funded the explosive era of the Internet Most tools were created to track, market, profile, spam, etc. Success was measured in “eyeballs” and personal data  Current architectural and legislative approaches to privacy focus on restricting uses of information after it is collected, not minimizing the collection of personal information  New identity credentials planned to contain significantly more personal information and biometrics, ie. DMV license  Evolving identity systems will connect more information 11/27/012

Strategic New Approach to Privacy  User manages release of personal information from a secure ‘wallet’ or local repository  Personal tools provide full range of protection from anonymous to full disclosure mode  ‘Trusted’ user devices for authentication, access, processing, storage, and protection at the perimeter of the Internet provide local authentication and selective release of required, authorized and essential data into network and centralized sites.  All personal information is ‘bound’ to privacy preferences throughout life of the data to control usage. 11/27/013

Authentication and Privacy n Privacy is growing social issue, even post 9/11 n EU, Canada and others with tough Data Protection laws n Authentication and Privacy must find acceptable ‘balance’ n Where authentication is done will affect privacy concerns n With trusted, intelligent edge devices authentication can be accomplished without releasing personal information User ‘Near’ User Local Regional National Intrn’l. Privacy Concerns Location of Authentication

Distributed Trust and Intelligent Web Agents New Privacy and Security Approach Trusted Client Platform XML Web Agents Strong Security in User Devices for Protection and Distributed Handling of Personal Information

Trusted Client Input Device EMBASSY Trusted Client Platform Secure Display Secure Input Secure Processing Storage Time Strong Cryptography

EMBASSY Trusted Client Subsystem Processor Memory Interfaces /Storage Clock Crypto Wallet Digital Signature Strong Auth Trust Assurance Network Digital Signature Digital Signature Identity App. Music DRM Hard Disk Digital Signature Strong Auth Authentication Application EMBASSY CHIP/ Trusted OS Wallet ‘Sovereign and Protected Place in a Hostile Territory’ Device Trust Services, Secure Applet Management

Intelligent Identity Solution XNS is a global identity protocol that uses Web agent technology to:  Create a foundation of identity management  Link real-world identities to each other  Establish permissions governing the exchange or use of identity-related data  Based on XML web agent technology for intelligent exchange and processing of information  Automatically synchronize changes to this data  Build in extensibility to accommodate change XNS (eXtensible Name Service) OneName Corporation

Trusted Input Device - Architecture PC Cards Tokens ID PIN Password Biometrics Authentication Internet FW Server Trusted Device Authentication Untrusted Trusted Authentication must be done in a trusted location Trusted devices can communicate securely over untrusted networks and through untrusted devices

Internet FW Server Extending Trust to the Network Edge Cards Tokens ID / PIN Password Biometrics PC End-end security Multi-layer protections Workgroups and peer-peer enabled Data / user level Trust Boundaries

Selective Personal Information Access Smart Card Identity Credential Contains: Name and Address Age Biometrics Fingerprints Facial Image DNA Signature Criminal History Healthcare Info Digital IDs, etc. Intelligent, Trusted Reader Information Accessible Bar Applet Age Police Applet Name / Address Age Biometrics Criminal History Hospital Applet Name / Address Age Healthcare Info Benefits: Distributed Scalable Enforceable Local Auth Applet Yes or No ▒▒▒▒▒▒▒▒▒

Benefits – User Managed Privacy nAllows users to have much more control over the release and usage of personal information Minimize release of information Privacy preferences more granular and situation based nAuthentication at the network edge with information release Strong, multi-factor authentication Addresses major security exposure – The untrusted PC Minimized need for centralized data bases Solution for selective release of personal information – satisfies basic tenets of ‘need to know’ nSecure, multifunction identity credentials Addresses key issues for including finger prints, criminal history, medical information, age, etc. on driver’s licenses More easily addresses issues context based identity needs