Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.

Published byTobias Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics."— Presentation transcript:

1 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 1 Identity and biometrics Week 8 - October 19, 21

2 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 2 Identifiers Labels that point to individuals  Name  Social security number  Credit card number  Employee ID number  Attributes may serve as (usually weak) identifiers (see next slide) Identifiers may be “strong” or “weak”  Strong identifiers may uniquely identify someone while weak identifiers may identify a group of people  Multiple weak identifiers in combination may uniquely identify someone  Identifiers may be strong or weak depending on context

3 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 3 Attributes Properties associated with individuals  Height  Weight  Hair color  Date of birth  Employer

4 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 4 Identification The process of using claimed or observed attributes of an individual to determine who that individual is

5 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 5 Authentication “About obtaining a level of confidence in a claim”  Does not prove someone is who they say they are Types  Individual authentication  Identity authentication  Attribute Authentication Three approaches  Something you know  Something you have  Something you are

6 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 6 Credentials or authenticators Evidence that is presented to support the authentication of a claim

7 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 7 Authorization The process of deciding what an individual ought to be allowed to do

8 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 8 Identity The set of information that is associated with an individual in a particular identity system Individuals may have many identities

9 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 9 What does it mean to be identifiable? Identifiable person (EU directive): “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

10 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 10 Identifiable vs. identified P3P spec distinguishes identifiable and identified Any data that can be used to identify a person is identifiable Identified data is information that can reasonably be tied to an individual Identified Non-identifiable (anonymous) Identifiable Non-identified

11 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 11 Linkable vs. linked P3P requires declaration of data linked to a cookie Lots of data is linkable, less data is actually linked Where do we draw the line? Draft P3P 1.1 spec says:Draft P3P 1.1  A piece of data X is said to be linked to a cookie Y if at least one of the following activities may take place as a result of cookie Y being replayed, immediately upon cookie replay or at some future time (perhaps as a result of retrospective analysis or processing of server logs): A cookie containing X is set or reset. X is retrieved from a persistent data store or archival media. Information identifiable with the user -- including but not limited to data entered into forms, IP address, clickstream data, and client events -- is retrieved from a record, data structure, or file (other than a log file) in which X is stored.

12 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 12 Privacy and identification/authentication To better protect privacy:  Minimize use of identifiers Use attribute authentication where possible  Use local identifiers rather than global identifiers  Use identification and authentication appropriate to the task

13 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 13 Identity theft 7-10 million victims each year Causes  Widespread use of SSN  Credit industry practices  Minimal attention from law enforcement

14 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor http://lorrie.cranor.org/courses/fa04/ 14 Homework 9 http://lorrie.cranor.org/courses/fa04/hw 9.html http://lorrie.cranor.org/courses/fa04/hw 9.html

Download ppt "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics."

Similar presentations

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Legal Aspect of IPv6 and of the IPv4 to IPv6 transition Ashok.B.RADHAKISSOON Legal Adviser/Policy&Regulatory Affairs Liaison.

Legal Aspect of IPv6 and of the IPv4 to IPv6 transition Ashok.B.RADHAKISSOON Legal Adviser/Policy&Regulatory Affairs Liaison.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Informed Consent.

Informed Consent.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Access Control Methodologies

Access Control Methodologies
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.

Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.
Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.

Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.

Similar presentations

Ads by Google