Information Assurance... Smart Card Interoperability Steve Haynes Phone - 703-653-7140.

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

Distributed Data Processing
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Computer Security Computer Security is defined as:
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
GRAD 521, Research Data Management Winter 2014 – Lecture 7 Amanda L. Whitmire, Asst. Professor.
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Copyright, 1996 © Dale Carnegie & Associates, Inc. WHAT IS ELECTRONIC BANKING MINI-LESSON INDIANA DEPARTMENT OF FINANCIAL INSTITUTIONS CONSUMER EDUCATION.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
SaaS, PaaS & TaaS By: Raza Usmani
Digital Payment Systems
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Security Equipment Equipment for preventing unauthorised access to data & information.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Real Security InterSwyft Technical information's.
Effectively Explaining the Cloud to Your Colleagues.
Electronic Payment Systems
Presented By: MICHAEL HOFFMAN President & CEO - Bolt Data Systems June 16, 2010 Data Backup for the Shared Platform.
Adam Leidigh Brandon Pyle Bernardo Ruiz Daniel Nakamura Arianna Campos.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
Health Information Technology Basics January 8, 2011 by Leola McNeill adapted from Information Technology Basics by June 2009, Kayla Calhoun & Dr. Frank.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Today’s Lecture Covers < Chapter 6 - IS Security
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,
ACM 511 Introduction to Computer Networks. Computer Networks.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic.
E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.
Introduction TO Network Administration
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
1 UNIT 19 Data Security 2 Lecturer: Ghadah Aldehim.
Safe’n’Sec IT security solutions for enterprises of any size.
I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.
1 Lesson 24 Network Fundamentals Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Online Banking. Learning Objectives To learn how society has been affected by online banking.
Electronic Banking & Security Electronic Banking & Security.
 client  client/server network  communication hardware  extranet  firewall  hacker  Internet  intranet  local area network (LAN)  Network 
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Managed IT Services JND Consulting Group LLC
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Unit 3 Virtualization.
Secure Connected Infrastructure
AGENDA Introduction Kind of information smart card contain
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
UNIT 19 Data Security 2.
Information Technology (IT) Department
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
INFORMATION SYSTEMS SECURITY and CONTROL
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Information Assurance... Smart Card Interoperability Steve Haynes Phone

Were We’ve Come From BC (Before Computers) MainframeMinicomputersClient/Server PCs Corporate Net/ Internet Location Technology Central Data Centers Regional Data Centers Desktops across the company Limited Across the world Management Approach Centralized Admin. Team Several Centralized Admin. Teams Pager-based fire fighting Centralized Computing Decentralized Computing IT Security Management First Civilization Age of Empires Dark AgesAge of Enlightenment Time Internet/ Extranet Unlimited Across the world Mission Survivability AD (Assured Doubt)

Objective? “Most people overestimate what is going to happen in two years and underestimate what is going to happen in 10 years.” Bill Gates - Microsoft

Were We’re Going High Low Potential Damage Low High Probability of Occurrence Access 2003 Access Cost 2005 Access Speed Wireless Access Nation-State Attack Terrorist Attack Criminal Activity Hackers 1999

Mission Statement Information Assurance: Conducting those operations that protect and defend information and information systems by ensuring confidentiality, integrity, availability and accountability. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.

Objective? Too Much Access Security Access Exposure to risk Loss of confidentiality Loss of integrity Loss of resources Intentional theft Accidental loss

Objective? Too Much Security Loss of productivity Sense of restriction Uncooperative users Too much time to access (passwords) Write passwords down Bypass security Access Security

Access Information Assurance Comfort Convenience Customization Independence Privacy Balance: Confidentiality Integrity Accountability Availability Restoration Objective?

The Smart Card? Smart Cards

Smart Card PKI Biometrics Technical Applications: Data storage access via Internet Disposable anonymous 64 bits - 64K bits Reusable personalized PIN Memory Single app.- stored value (chip cards) Standard processor 1-16K memory 2 Processor crypto engine (Mondex) Microprocessor Multi-app. capability (“really smart” cards) Smart Cards Note: A ll Smart Cards have microprocessors. For the most part they have been used as memory cards. All Smart Cards have the capability but due to limited apps, and memory, they are used as storage cards.

Functional Applications: Stores Data Routs Transaction To Where Data Is Being Stored Converts & Manipulates Data into Interactive Information Assures Information is Protected Combines Physical And Technical Access Control Transmits Transactions Securely Authenticates Access Combines Multiple Card Requirements (API) Role Based Access Control Single-Sign-On PKI Biometrics Privacy Smart Cards

Objective? The true attraction of a smart card is not a purse to carry electronic money, but a purse to carry around all the various pieces of information that currently take up one dedicated card apiece

Interoperability WS: Win9X/NT/2000 Data Servers PDC / BDC Mail Server File Servers FTP Server HTTP Server Router WS: Win9X/NT/2000 Data Servers PDC / BDC Internet File Servers FTP Server HTTP Server Mail Server Remote User Mail Server FTP Server HTTP Server FTP Server HTTP Server Mail Server Remote User Router Data Storage Internet Access

Data storage access via Internet Information Assurance Smart Card Disposable anonymous 64 bits - 64K bits (Danmont) US$0.70 Reusable personalized PIN (no FSI) US$1-3 Memory Single app.- stored value (chip cards) Microprocessor Multi-app. capability (“really smart” cards) Standard processor 1-16K memory (Proton, most FSI) US$3-6 2 Processor crypto engine (Mondex) US$8-15 PKI Biometrics Information Assurance Private

Objective? So... A smart card may look as a card, but it is actually the smallest portable computer in the world !!!

A Smart Card is a Multi-application solution business Application 1 Application 3 Application 4 Application 2 Provide the “best practice” infrastructure Integration Approach

Questions:  What do I do if my card is lost or stolen ?  How are they replaced ?  Who provides customer service and how is it made seamless to the employee using it ?  Who is going to develop, certify, install and upgrade the applications ?  How are privacy, accuracy and security insured ?  What are the industry (hardware & software) standards?  Who can integrate all this to make it work? Challenges

Electric utilities Consumer electronic companies Consumer software companies Cable companies Information providers Retailers Bank/ financial services Communications companies The poor consumer Database creation Transactions Payments Disintermediation Build and manage “Communities of Interest” The consumer demands : Comfort Convenience Customization Independence Smart Card can hide the complexity and end the confusion Implementation Approach

Objective? Smart Cards are a reality not a technology looking for an application

Smart Card

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.