Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity on the Internet

Published byWarren Stokes Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity on the Internet"— Presentation transcript:

1 Identity on the Internet
A trusted digital identity ecosystem is a critical component of a trusted Internet. Introduction A trusted digital identity ecosystem is a critical component of a trusted Internet. You unlock the front door of your house with a regular key. But to check your you often have to use a username and password. How you are verified as being you online, forms your digital identity in that context. Digital identities help users protect their privacy; segregate personal, social, and professional online presences; and engage in trusted transactions with storefronts, banks, medical providers, and governments. A trusted digital-identity ecosystem is a critical component of a trusted Internet.

2 Digital Identities Electronic Identities 1 Attribute-Based Identities
Government issued identification 1 Attribute-Based Identities A specific characteristic (i.e. at least 18 years old) 2 Authentication-Based Identities Login credentials (i.e. username and password) 3 Electronic Signatures Identification which can result in a recognized legal effect 4 Identifiers Any data that identifies information about a device and/or a user 5 Types of digital identities: There are five main types of digital identity, all used in different contexts. We adapt our online identity depending on the context. For example, we likely reveal our “real” identity to access e-government services, but use a fictitious name or pseudonym on social media, and anonymously access public websites for medical information. Electronic Identities Some governments issue their citizens electronic identities for online use. In some cases, the issuing entity or identity provider is an approved organization (i.e. a post office). Attribute-Based Identities Some interactions do not require identification. It is enough that an individual possesses a specific attribute (i.e. is at least 18 years old or is a student). Authentication-Based Identities Users access an account with login credentials (commonly a username and password) which allow the service provider to verify that the user is who they say they are. Unlike government-issued electronic identities, login credentials can be anonymous or pseudonymous. Electronic Signatures Many countries have enacted laws to recognize the legal effect of electronic signatures. In addition to being a means of identification, electronic signatures may have consequences, such as confirmation or acceptance of a contract. Identifiers All Internet interactions involve the use of identifiers. Some help the Internet function (i.e. IP addresses), others identify or recognize a device and/or user (i.e. security at financial institutions), and others track users’ online interactions (i.e. targeted advertising). Information about a device may include type of device, operating system, browser version, browser plug-ins, among other things. Information about a user may include preferences, such as font size, screen colors, and contrast, among other things.

3 Key Considerations Electronic Identities 1 Attribute-Based Identities
generally require proof by presenting government-issued identification. 1 Attribute-Based Identities can include a single attribute or a combination of attributes. 2 Authentication-Based Identities those that require only a username and password and are notoriously insecure; two-factor authentication provides additional protection. 3 Electronic Signatures can confirm that a user adopts the contents of a document, and confirms who wrote the communication. 4 Identifiers can be used to identify a specific device or user, or track a device or device user’s online interactions. 5 Key Considerations: For each of the five main types of digital identities we discussed, there are specific use cases and privacy considerations. Electronic identities To obtain a government-issued electronic identity, citizens typically must prove who they are by presenting a form of government-issued identification. As a result, the two types of identity are linked. Typically the primary use of these digital identities is government services (i.e. filing tax returns and claiming benefits). Secondary uses of these electronic identities are typically services that require a high degree of certainty or assurance that an individual is who he or she claims to be (i.e. banking and medical records). Attribute-based identities One attribute (i.e. age) might not indicate an individual’s actual identity, but a combination of attributes often can (i.e. date of birth, zip code, and gender). Authentication-based identities Authentication mechanisms that require only a username and a password are insecure because: the username is often an address or other obvious identifier (i.e. a name or nickname), and people frequently reuse passwords or use easily guessed passwords (i.e ). Many service providers offer additional access-control protection via two-factor authentication. Two-factor authentication requires a combination of something a user obtains (i.e. a one-use time-sensitive code sent to the user’s smartphone) and something the user knows (i.e. username or password). Single-sign-on mechanisms (i.e. Facebook) offer users greater convenience, but may expose users to tracking across the connected services. Electronic signatures Electronic signatures can be used to confirm that a user adopts the contents of a document and/or to confirm who wrote the communication. Cross-border legal recognition of electronic signatures is critical to efficient global trade. Identifiers Identifiers can be used to identify a specific device or user, or track a device or device user’s online interactions. Some identifiers are easily observable (i.e. browser features), others are deliberately placed within a device to make tracking easier (i.e. cookies). Identifiers can be aggregated, linked, and used to infer connections.

4 Challenges and Guiding Principles
Privacy on the Internet is the biggest challenge. Most Internet users are more easily identified than ever before. An internet user’s identity can be inferred by someone with enough access to either their data or their attributes. Guiding principles for governments and citizens: Individuals should be able to use pseudonymous and anonymous digital identities. Digital identities need not be government-issued to be trustworthy. Challenges: Most Internet users today can be easily identified. Privacy online is thus the biggest challenge. In many cases, although a user’s actual identity may not immediately be known, it can be determined by someone with enough access to either their data or their attributes (i.e. Facebook friends, geolocation data, time and date stamps). Guiding principles for governments and citizens to consider: Individuals should be able to use pseudonymous and anonymous digital identities, depending on the context and with whom they are interacting. Individuals should have access to reliable, secure, privacy-by-design, trustworthy digital identities for online transactions. These are the characteristics that will support a secure, reliable, and protective consumer environment. Governments should consider offering electronic identification for more-secure access to e-government services and commercial transactions (i.e. banking) that require a high level of authentication. However, digital identities need not be government-issued to be trustworthy.

5 Guiding Principles It is good privacy and security practice to separate the use of digital identities and the data they are used to access. In considering the principles for an electronic identity system, the following questions are relevant: What form(s) of electronic identity are most useful for their projected use? Is the identity system technically interoperable and legally compatible? Does it collect and use only the data that is necessary? Can the electronic identity be revoked if necessary? Guiding Principles: It is good privacy and security practice to separate the use of digital identities and the data they are used to access. If you are a business or political leader thinking about what form of electronic identification system to use for your own online service, take the following steps: Consider what form(s) of electronic identity are most useful for their projected uses and identify the economic, social, or other issues that could hinder their deployment or use; Ensure that their electronic identity system is technically interoperable and legally compatible with the identity systems deployed by other governments for cross-border transactions; Prevent the issuer and relying parties from tracking the use of electronic identities across services and institutions; Collect and use only the data that is necessary (applying the principle of data minimization in this way enhances consumer trust and choice); Make electronic identities revocable when necessary (i.e. in the event of compromise); and Conduct a thorough risk-benefit analysis before considering the use of biometric data for electronic identities. In the event that biometric data is leaked or compromised, it cannot be revoked (i.e. a person cannot change his or her fingerprint). For this reason, it should not be collected unless absolutely necessary.

6 Download the Briefing Paper.
Thank You: Effective digital identities facilitate trusted Internet communications and business transactions. It is therefore critical that governments: continue to encourage the open development and use of new technologies to express identity on the Internet, whether they are identified, pseudonyms, or anonymous; and refrain from activities that might stifle economic and/or social progress (i.e. mandating the level of identification required to access the Internet activities).

Download ppt "Identity on the Internet"

Similar presentations

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April 2014 23rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Electronic Payment Systems

Electronic Payment Systems
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.
Risks of data manipulation and theft Gateway Average route travelled by an email sent via the Internet from A to B Washington DC A's provider Paris A.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
1 Privacy & Preference Committee Update Ensuring a healthy ecosystem via transparency & trust Date: January 13, 2009 Alan Chapell, President.

1 Privacy & Preference Committee Update Ensuring a healthy ecosystem via transparency & trust Date: January 13, 2009 Alan Chapell, President.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
Unlinking Private Data

Unlinking Private Data

Similar presentations

Ads by Google