Download presentation
Presentation is loading. Please wait.
1
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems Lallen@wavesys.com
2
Privacy Challenges The Internet ‘exposes’ and ‘creates’ as by-products significant amounts of personal information in its normal mode of operations Personal information was the primary ‘currency’ which funded the explosive era of the Internet Most tools were created to track, market, profile, spam, etc. Success was measured in “eyeballs” and personal data Current architectural and legislative approaches to privacy focus on restricting uses of information after it is collected, not minimizing the collection of personal information New identity credentials planned to contain significantly more personal information and biometrics, ie. DMV license Evolving identity systems will connect more information 11/27/012
3
Strategic New Approach to Privacy User manages release of personal information from a secure ‘wallet’ or local repository Personal tools provide full range of protection from anonymous to full disclosure mode ‘Trusted’ user devices for authentication, access, processing, storage, and protection at the perimeter of the Internet provide local authentication and selective release of required, authorized and essential data into network and centralized sites. All personal information is ‘bound’ to privacy preferences throughout life of the data to control usage. 11/27/013
4
Authentication and Privacy n Privacy is growing social issue, even post 9/11 n EU, Canada and others with tough Data Protection laws n Authentication and Privacy must find acceptable ‘balance’ n Where authentication is done will affect privacy concerns n With trusted, intelligent edge devices authentication can be accomplished without releasing personal information User ‘Near’ User Local Regional National Intrn’l. Privacy Concerns Location of Authentication
5
Distributed Trust and Intelligent Web Agents New Privacy and Security Approach Trusted Client Platform XML Web Agents Strong Security in User Devices for Protection and Distributed Handling of Personal Information
6
Trusted Client Input Device EMBASSY Trusted Client Platform Secure Display Secure Input Secure Processing Storage Time Strong Cryptography
7
EMBASSY Trusted Client Subsystem Processor Memory Interfaces /Storage Clock Crypto Wallet Digital Signature Strong Auth Trust Assurance Network Digital Signature Digital Signature Identity App. Music DRM Hard Disk Digital Signature Strong Auth Authentication Application EMBASSY CHIP/ Trusted OS Wallet ‘Sovereign and Protected Place in a Hostile Territory’ Device Trust Services, Secure Applet Management
8
Intelligent Identity Solution XNS is a global identity protocol that uses Web agent technology to: Create a foundation of identity management Link real-world identities to each other Establish permissions governing the exchange or use of identity-related data Based on XML web agent technology for intelligent exchange and processing of information Automatically synchronize changes to this data Build in extensibility to accommodate change XNS (eXtensible Name Service) OneName Corporation
9
Trusted Input Device - Architecture PC Cards Tokens ID PIN Password Biometrics Authentication Internet FW Server Trusted Device Authentication Untrusted Trusted Authentication must be done in a trusted location Trusted devices can communicate securely over untrusted networks and through untrusted devices
10
Internet FW Server Extending Trust to the Network Edge Cards Tokens ID / PIN Password Biometrics PC End-end security Multi-layer protections Workgroups and peer-peer enabled Data / user level Trust Boundaries
11
Selective Personal Information Access Smart Card Identity Credential Contains: Name and Address Age Biometrics Fingerprints Facial Image DNA Signature Criminal History Healthcare Info Digital IDs, etc. Intelligent, Trusted Reader Information Accessible Bar Applet Age Police Applet Name / Address Age Biometrics Criminal History Hospital Applet Name / Address Age Healthcare Info Benefits: Distributed Scalable Enforceable Local Auth Applet Yes or No ▒▒▒▒▒▒▒▒▒
12
Benefits – User Managed Privacy nAllows users to have much more control over the release and usage of personal information Minimize release of information Privacy preferences more granular and situation based nAuthentication at the network edge with information release Strong, multi-factor authentication Addresses major security exposure – The untrusted PC Minimized need for centralized data bases Solution for selective release of personal information – satisfies basic tenets of ‘need to know’ nSecure, multifunction identity credentials Addresses key issues for including finger prints, criminal history, medical information, age, etc. on driver’s licenses More easily addresses issues context based identity needs
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.