Contents. The Genesis of i-pin. The Concept of i-pin & Integrated IDM. The Trust Foundation of i-pin. The Function of i-pin. The Future of i-pin



Similar documents
Network Security Protocols

Digital Identity Management

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)

User Authentication Platform using Provisioning in Cloud Computing Environment

Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals

Accredited Certification Services on Cloud Environment. SungEun Moon KOSCOM 17 September, 2012

How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

Network-based Access Control

BC SERVICES CARD DIRECTION

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

Identity management [TSA]

Business Banking Customer Login Experience for Enhanced Login Security

Personal Information Protection Policy

Identity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September

AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

Knowledge Based Authentication (KBA) Metrics

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Public Key Infrastructure

TELSTRA RSS CA Subscriber Agreement (SA)

Using Strong Authentication for Preventing Identity Theft

InCommon Bronze Self-Certification September 26, 2014

Eskom Registration Authority Charter

A Method of Risk Assessment for Multi-Factor Authentication

Digital identity: Toward more convenient, more secure online authentication

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

esign Online Digital Signature Service

Identity Theft Prevention Program

Canadian Access Federation: Trust Assertion Document (TAD)

Establishing and Protecting Digital Identity in Federation Systems

NIST s Guide to Secure Web Services

FIDO Trust Requirements

SWIFT: Advanced identity management

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Ericsson Group Certificate Value Statement

LIFE INSURANCE ASSOCIATION IRELAND LIMITED MEMBERSHIP TERMS AND CONDITIONS

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association

Student Administration and Scheduling System

Table Of Contents. Code of Practice regarding customer affairs

policy All terms used in this policy that are defined in 16 C.F.R shall have the same meaning provided in that section.

DISCLOSURES WEB PRIVACY POLICY

PRIVACY IMPACT ASSESSMENT (PIA) For the

Next Business Telecom is also subject to other laws relating to the protection of personal information.

Neutralus Certification Practices Statement

Requirements set for account holders and representatives of emissions trading accounts

Class 3 Registration Authority Charter

eid Security Frank Cornelis Architect eid fedict All rights reserved

An Overview of Korea Information Security Stats

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

Identity Management. Critical Systems Laboratory

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

ONLINE PAYMENT PRIVACY POLICY

A Study on Information Technology Plan and Status of University 2013

Secure distribution of the device identity in mobile access network. Konstantin Shemyak senior security specialist, Nokia Siemens Networks

PostSignum CA Certification Policy applicable to qualified personal certificates

An NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM

Information Technology Branch Access Control Technical Standard

Types of Information That May Be Collected

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008

PRIVACY IMPACT ASSESSMENT (PIA) For the

TERMS AND CONDITIONS FOR THE ICICI BANK INDIAN RUPEE TRAVEL CARD

Information Security Basic Concepts

Implementation Rules of the China Internet Network Information Center for Domain Name Registration (2012)

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us)

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY

We may collect the following types of information during your visit on our Site:

Identity, Credential, and Access Management. Open Solutions for Open Government

IBM WebSphere Application Server

3.Practices and procedures. v

ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC. CHAPTER I GENERAL PROVISIONS

HOL9449 Access Management: Secure web, mobile and cloud access

Collection and Use of Information

PKI - current and future

2. What personal information do we collect and hold?

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Internet Usage (as of November 1, 2011)

ZEN Telecom Pty. Ltd. Privacy Policy

IDENTITY THEFT VICTIMS: IMMEDIATE STEPS

Ford Motor Company CA Certification Practice Statement

BANK OF UGANDA MOBILE MONEY GUIDELINES, 2013 ARRANGEMENT OF PARAGRAPHS

Regulations for Non-Trading Operations

Infocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz

Information technology - Security techniques. Secretariat: DIN, Germany

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010

DHHS POLICIES AND PROCEDURES

Federation Proxy for Cross Domain Identity Federation

Korea s s Approach to Network Security

IDENTITY THEFT AND MUNICIPAL UTILITIES

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

RealMe. Technology Solution Overview. Version 1.0 Final September Authors: Mick Clarke & Steffen Sorensen

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

PRIVACY POLICY. Mil y Un Consejos Network. Mil y Un Consejos Network ( Company or we or us or our ) respects the privacy of

Best safe and secure practices

Transcription:

i-pin Service (internet-personal Identification Number Service) Identity Management across the Public and Private Sectors in Korea 1 Contents The Genesis of i-pin The Concept of i-pin & Integrated IDM The Trust Foundation of i-pin The Function of i-pin The Future of i-pin 2

The Genesis of i-pin A Korean has an RRN (Resident Registration Number) Contains various kinds of personal information Unique and permanent number assigned to an individual by Government Example of Resident Registration Number : 880101-1234568 Web site Joining Web Site Credit Inquiry Company name Resident Registration Number Alice 881213-1234567 DB Server Bob 811104-2345678 Bob Zeus 740311-1245678 DB Table 3 The Genesis of i-pin Personal information disclosure, through RRN theft are posing a serious threat to Korean society The primary type of privacy infringement is to create a website membership using other s RRN 10,835 9,810 (46.4%) (53.9%) 2,565 1,140 (11.0%) (6.3%) 916 917 (5.0%) (3.9%) : The # of complaints in 2005 (Total : 18,206) : The # of complaints in 2006 (Total : 23,333) 923 771 (3.9%) (4.2%) 8,093 5,569 (34.8%) (30.6%) RRN infringement Collection without agreement Usage except purpose Request refusal Others : infringements not specified by law, management inadequacy, etc. Others 4

The Concept of i-pin i-pin issuance procedure Website(SP) 1 Request Membership Joining 2 Request i-pin 3 apply for i-pin issuance User <Verification methods> 5 Send user s information < 5 TTPs > 4 Interaction for i-pin issuance - proof of owner s RRN - registration of i-pin ID & PW, etc Trusted Third Parties (IDSP) After issuance of i-pin, users use i-pin ID & PW instead of RRN Prevent privacy from infringement caused by RRN theft User information is real name, i-pin, protection information for multiple subscription, birth date, sex, etc. 5 The Concept of Integrated IDM Integrated ID issuance procedure Village Office 2 Registration of User s info. 1 Face-to-Face Confirmation - registration of user s information 3 Join the IDSP Integrated ID Center (IDSP) 5 Request ID federation after user s agreement 6 Establishment of ID federation User 4 Request the Joining the SP Trust relationship (SAML 2.0 Protocol) Governmental Website (SP) ID federation means that user s information is transferred by IDSP to SP. User information is real name, unique number, birth date, sex, etc. 6

The Trust Foundation of i-pin Authentication based knowledge Accredited Certificate : private key of certificate Accredited certificate is issued by ACA (Accredited Certification Authority), after user visit ACA or RA (Registration Authority) Credit Card Information : Secret Number of Credit Card Credit Card is issued by CCC (Credit Card Company), after user identification is confirmed by CCC. Cell Phone SMS : Authentication Number Cell phone is sold by CPTC (Cell Phone Telecommunication Company), after user identification is confirmed by CPTC. Authentication based possession Face-to-Face User visit TTP with his certificate of residence 7 The Function of i-pin Difference with using RRN on the Internet Re-issuance i-pin at any time (changeable with no restriction, cost) No Personal information into i-pin (Only issuer information) Strong identity verification method than RRN Non-traceable of other website registration information Improving Expediency of i-pin Whenever i-pin service users choose among 5 different TTPs, they can access to any websites applied i-pin service Protection information for multiple subscription Provide only unique information into website Non-traceable of other website unique information Other information for marketing Birth date, Sex, Real name, etc. 8

The Future of i-pin Facilitation of i-pin usage Current No. of i-pin users : 25,000 persons Future : Every user owns more than one i-pin Developing Next i-pin version Interoperability with Integrated ID Management System for Governmental web site served by MOGAHA (Ministry of Government Administration and Home Affaires) Interoperability with Electronic Wallet by ETRI (Electronics and Telecommunication Research Institute), KISA (Korea Information Security Agency), and MS (Microsoft Korea) Enhancing Security, User Control, etc 9 Question & Answer Do you want to more information about i-pin, contact me cjchung@kisa.or.kr 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information