Thomas Myrup Kristensen EU Internet Policy Director Microsoft Corporation

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
3SKey 3SKey.
The World Internet Security Company ID Management in e-Health February 2007.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
Confidentiality and Privacy Controls
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
Using Digital Credentials On The World-Wide Web M. Winslett.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Online Banking Security Magdalena Padyasek. Why Security?  Computer-based businesses  Advances in technology  Internet crimes  September 11 th attacks.
National Smartcard Project Work Package 8 – Security Issues Report.
Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Information Assurance Management Telecommunications and Information Security Workshop 2000.
Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
E-GOVERNMENT : AUTHENTICATION OF IDENTITY By Hon Trevor Mallard Minister of State Services, State Services Commission, NZ Government, 16 April Available:
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Workshop IV Current Developments in Digital Trust.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Brian A. LaMacchia Director, XCG Security & Cryptography, Microsoft Research.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
1 X.509-style PKI Revolves around the distribution and management of digital identity certificates Invented in 1978 to facilitate message encryption In.
Using Public Key Cryptography Key management and public key infrastructures.
Digital Signatures and Digital Certificates Monil Adhikari.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
TAG Presentation 18th May 2004 Paul Butler
Information Technology Sector
TAG Presentation 18th May 2004 Paul Butler
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Class 3 Digital Signature Certificate Noida
Pooja programmer,cse department
Confidentiality and Privacy Controls
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Secure Electronic Transactions (SET)
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Reiniger LLC.
Presentation transcript:

Thomas Myrup Kristensen EU Internet Policy Director Microsoft Corporation

Copyright © Microsoft Corporation. All Rights Reserved. The Internet was built without a way to know who and what you are connecting to. People have been trained to accept any information request from any website as being the normal way to conduct business online Goal: to give Internet users mechanisms to ensure safety, privacy and certainty about who they are relating to in cyberspace. 2

Dubious preconceptions? Everybody knows : to get authorized to access a system a person must disclose their identity ? …but suppose thats not true the accepted principles of privacy protection are technology-neutral …but perhaps some technologies are intrinsically better for privacy than others cyber-security and privacy is a tradeoff …but perhaps both can be improved together

The issue with PKI (public-key infrastructure) certificate contains identity attributes verifiable by a digital signature must disclose entire certificate in order for verification mechanism to work ….results in disclosure of excessive data for any particular transaction Cert ID is inescapable persistent identifier Too bad! - just the way the math works? Well, no…can do (much) better 20 years of research into multi-party security and privacy techniques

Name:Alice Smith Address:1234 Crypto, Seattle, WA Status:gold customer DOB: Reputation:high Gender:female Name:Alice Smith Address:1234 Crypto, Seattle, WA Status:gold customer

Prove that you are from WA and over 21 Name:Alice Smith Address:1234 Crypto, Seattle, WA Status:gold customer Which adult from WA is this? ? ? DOB: Reputation:high Gender:female Over-21 proof

Copyright © Microsoft Corporation. All Rights Reserved. Avoid unnecessary (excessive) data trails in transactional systems Access services based on proof-of-age-limits, or class of entitlement reduce liabilities, exposure to breaches / insider-attacks safe private-sector use of data in national eID systems Apply different policies to different risks Inherently more proportionate for ECHR These capabilities are counter-intuitive !

Copyright © Microsoft Corporation. All Rights Reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.