Presentation is loading. Please wait.

Presentation is loading. Please wait.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008."— Presentation transcript:

1 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 1 Privacy Policy, Law and Technology Identity October 9, 2008

2 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 2 Identifiers  Labels that point to individuals –Name –Social security number –Credit card number –Employee ID number –Attributes may serve as (usually weak) identifiers (see next slide)  Identifiers may be “strong” or “weak” –Strong identifiers may uniquely identify someone while weak identifiers may identify a group of people –Multiple weak identifiers in combination may uniquely identify someone –Identifiers may be strong or weak depending on context

3 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 3 Attributes  Properties associated with individuals –Height –Weight –Hair color –Date of birth –Employer

4 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 4 Identification  The process of using claimed or observed attributes of an individual to determine who that individual is

5 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 5 Authentication  “About obtaining a level of confidence in a claim” –Does not prove someone is who they say they are  Types –Individual authentication –Identity authentication –Attribute Authentication  Three approaches –Something you know –Something you have –Something you are

6 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 6 Credentials or authenticators  Evidence that is presented to support the authentication of a claim

7 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 7 Authorization  The process of deciding what an individual ought to be allowed to do

8 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 8 Identity  The set of information that is associated with an individual in a particular identity system  Individuals may have many identities

9 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 9 What does it mean to be identifiable?  Identifiable person (EU directive): “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

10 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 10 Identifiable vs. identified  P3P spec distinguishes identifiable and identified  Any data that can be used to identify a person is identifiable  Identified data is information that can reasonably be tied to an individual Identified Non-identifiable (anonymous) Identifiable Non-identified

11 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 11 Linkable vs. linked  P3P requires declaration of data linked to a cookie  Lots of data is linkable, less data is actually linked  Where do we draw the line? Draft P3P 1.1 spec says:Draft P3P 1.1 –A piece of data X is said to be linked to a cookie Y if at least one of the following activities may take place as a result of cookie Y being replayed, immediately upon cookie replay or at some future time (perhaps as a result of retrospective analysis or processing of server logs): A cookie containing X is set or reset. X is retrieved from a persistent data store or archival media. Information identifiable with the user -- including but not limited to data entered into forms, IP address, clickstream data, and client events -- is retrieved from a record, data structure, or file (other than a log file) in which X is stored.

12 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 12 Privacy and identification/authentication  To better protect privacy: –Minimize use of identifiers Use attribute authentication where possible –Use local identifiers rather than global identifiers –Use identification and authentication appropriate to the task

13 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 13 Identity 2.0  http://identity20.com/media/OSCON2005/ http://identity20.com/media/OSCON2005/  http://identity20.com/media/ETECH_2006/ http://identity20.com/media/ETECH_2006/

14 C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ 14 Homework 3 discussion  http://cups.cs.cmu.edu/courses/privpolawt ech-fa08/hw/hw3.html http://cups.cs.cmu.edu/courses/privpolawt ech-fa08/hw/hw3.html

Download ppt "C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008."

Similar presentations

The Grid Job Monitoring Service Luděk Matyska et al. CESNET, z.s.p.o. Prague Czech Republic.

The Grid Job Monitoring Service Luděk Matyska et al. CESNET, z.s.p.o. Prague Czech Republic.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
Legal Aspect of IPv6 and of the IPv4 to IPv6 transition Ashok.B.RADHAKISSOON Legal Adviser/Policy&Regulatory Affairs Liaison.

Legal Aspect of IPv6 and of the IPv4 to IPv6 transition Ashok.B.RADHAKISSOON Legal Adviser/Policy&Regulatory Affairs Liaison.
Chain of Custody Records Proper Documentation Techniques Dr. Richard Medina Environmental Testing and Consulting, Inc.

Chain of Custody Records Proper Documentation Techniques Dr. Richard Medina Environmental Testing and Consulting, Inc.
Informed Consent.

Informed Consent.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Access Control Methodologies

Access Control Methodologies
Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.

Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Search Engines and Social Networks October.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Search Engines and Social Networks October.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.
Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.

Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Similar presentations

Ads by Google