Intra-ASEAN Secure Transactions Framework Project Progress Report

Slides:

Advertisements

Similar presentations

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

Advertisements

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,

SAFE-BioPharma Association NSTIC Day How does industry drive forward.

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

European Electronic Identity Practices Country Update of …………… Speaker: Date:

Functional component terminology - thoughts C. Tilton.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Levels of Assurance OGF Activity Michael Helm ESnet/LBNL 27 Feb 2007.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

National Smartcard Project Work Package 8 – Security Issues Report.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Functional Model Workstream 1: Functional Element Development.

Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 9,

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Transboundary Trust Space September 19, 2012 Development trends of legal acts in forming valid transboundary electronic interaction Alexander Sazonov Regional.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

Electronic Submission of Medical Documentation (esMD) Digital Signature and Author of Record Pre-Discovery Wednesday May 16,

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

End Use and User of Ammunition AT05 Slide 1. Types of End Use Documents  End User Certificate (EUC)  Delivery Verification Certificate (DVC) AT05 Slide.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Levels of Assurance in Authentication Tim Polk April 24, 2007.

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Privacy and Security Tiger Team Meeting Discussion Materials Today’s Topic Recommendations on Trusted Identities for Providers in Cyberspace August 6,

Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

DIGITAL SIGNATURE.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.

TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler

Authentication.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

E-Authentication: What Technologies Are Effective?

HIMSS National Conference New Orleans Convention Center

Introduction of ISO/IEC Identity Proofing

Prof. Sokratis K. Katsikas University of the Aegean, Greece

Appropriate Access InCommon Identity Assurance Profiles

Introduction of ISO/IEC Identity Proofing

Presentation transcript:

Intra-ASEAN Secure Transactions Framework Project Progress Report Chaichana Mitrpant chaichana@etda.or.th

Project Information Support AIM 2015 under Strategic Thrust 2 :People Engagement and Empowerment Initiatives 2.4 : Building Trust Action : Promote Secure transaction with in ASEAN Description : Promote the use of two-factor authentication ASEAN ICT Master Plan 2015 Finished Need Collaboration Review if practical , ask for comments in practicality, in stage implementation Please join Stand in ASEAN : Authentication NRCA : LOA_4, Level CP/CPS

Intra-ASEAN Secure Transactions Framework Project Scope of work Status update on : Laws, Policies, Regulations related to e-signature , certification Propose e-authentication recommendation for Intra-ASEAN secure electronic transactions Methodology Desk Research : Review from the data available to public Questionnaire Survey : Distributed to 10 ASEAN member countries Period : 1 year Budget : 10,000 USD

Executive Summary Three main components of e-authentication have been identified as follows: Assurance Levels and Risk Assessments – Levels of assurance are defined so that different levels of importance of getting e-authentication right can be distinguished. Identity Proofing and Verification – For each level of assurance, an objective of authentication and a set of controls are defined. Then details about identity proofing and verification methods are provided for the registration process. Authentication Mechanism – Different token technologies are listed and mapped to the levels of assurance. Moreover, how identity should be managed is recommended.

Executive Summary Standards and Best Practices Assurance Levels and Risk Assessments ISO/IEC 29115:2013 OMB M-04-04 NeAF Identity Proofing and Verification Authentication Mechanism NIST Special Publication 800-63

Executive Summary Assurance Levels and Risk Assessment Description 1 – Low Little or no confidence in the asserted identity’s validity 2 – Medium Some confidence in the asserted identity’s validity 3 – High High confidence in the asserted identity’s validity 4 – Very High Very high confidence in the asserted identity’s validity

Executive Summary Identity Proofing and Verification Approach Assurance Level Objectives Control Method of processing 1 – Low Identity is unique within a context Self-claimed or self-asserted Local or remote 2 – Moderate Identity is unique within context and the entity to which the identity pertains exists objectively Proof of identity through use of identity information from an authoritative source 3 – High Identity is unique within context, entity to which the identity pertains exists objectively, identity is verified, and identity is used in other contexts Proof of identity through use of identity information from an authoritative source identity information verification 4 – Very High Identity is unique within context, entity to which the identity pertains exists objectively, identity is verified, and identity is used in other context use of identity information from multiple authoritative sources entity witnessed in-person Local

Executive Summary Examples of Token Types for Different LoAs Assurance Level Level 1 Level 2 Level 3 Level 4 Memorized Secret Token ✓* Pre-registered Knowledge Token Look-up Secret Token ✓ Out of Band Token Single-factor (SF) One-Time Password (OTP) Device Single-factor (SF) Cryptographic Device Multi-factor (MF) Software Cryptographic Token Multi-factor (MF) One-Time Password (OTP) Device Multi-factor (MF) Cryptographic Device

Needs for ASEAN Legal Infrastructure The cooperation among Member States is necessary in creation of the legal framework for Information Technology Legal Infrastructure development to be in equivalence and conform to international principle especially in the following matters: Legal Infrastructure for Cross Boarder Electronic transactions Principle on organization or unit for supporting and controlling the reliance on Electronic Transactions Clear policy relating to Authentication technology in Electronic Transaction Clear and appropriate principle on Identification and Authentication in Electronic Transaction, for example, the principle that allows a Certification Authorities (Foreign CA) to issue foreign digital certificate Relevant measurements regarding data confirmation, such as, Electronic Signature and the responsibility of data owner for the accuracy of data. The principle on Personal Data Protection, including the principle on a request of data in Authentication system in Cross Boarder Transaction by authority or relating person, or data sharing between Government Sector and Private Sector.