Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.

Slides:



Advertisements
Similar presentations
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Advertisements

Legal Aspect of IPv6 and of the IPv4 to IPv6 transition Ashok.B.RADHAKISSOON Legal Adviser/Policy&Regulatory Affairs Liaison.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Informed Consent.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Access Control Methodologies
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.
Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
How It Applies In A Virtual World
Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
WHO’S IN YOUR “WALLET” WHO’S IN YOUR “WALLET” YOU BETTER “RECOGNIZE” YOU BETTER “RECOGNIZE” STEPPING $200 $200 $300 $400 $500 $400 $300 $200 $500 $400.
© 2003 SHRM SHRM Weekly Online Poll: March 9, 2004 QOTW - Identity Theft Analyzing 340 responses of s sent, 1628 received (response rate = 20.9%).
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Welcome to the world of Identity Theft and Identity Fraud. Will YOU be the next victim? “Once considered primarily an economic crime or a juvenile pastime,
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Artificial, Composite and Secondary UIDs
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
System Analysis and Design
CptS 401 Adam Carter. Change in schedule  Updated online copy  Tomorrow: read
Survey on Privacy-Related Technologies Presented by Richard Lin Zhou.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Identity, Anonymity, and.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Data Privacy Week 9 - October.
Module 3: Configuring File Access and Printers on Windows 7 Clients
C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013.
Ethical Issues1 Ethics. Ethical Issues2 Modern Problems Change in cost of duplication of information –before xerox & computer disks vs. after Change in.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Current Issues Week 12 -
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Staff addresses Availability tradeoffs December 13, 2012.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.
CSCE 201 Identification and Authentication Fall 2015.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Issues for Computer Users, Electronic Devices, Computer and Safety.
2.6 CRIMES AGAINST PROPERTY AND RELATED DEFENCES.
Crimes against property and related defences. Although offences against the person like murder are most likely to draw media attention, many of us are.
1 Privacy & Preference Committee Update Ensuring a healthy ecosystem via transparency & trust Date: January 13, 2009 Alan Chapell, President.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.
Identity on the Internet
Amandine Jambert - IT Experts Department
The General Data Protection Regulation act (GDPR)
Data protection.
Information Security 101 Richard Davis, Rob Laltrello.
Who Uses Encryption? Module 7 Section 3.
Laws for Secure Credentialing
Introduction to Computers
Legal Framework for Civil Registration, Vital Statistics
INFS 452 – Computer Ethics & Society
Employee Self-Service (ESS) Portal
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics Week 8 - October 19, 21

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 2 Identifiers Labels that point to individuals  Name  Social security number  Credit card number  Employee ID number  Attributes may serve as (usually weak) identifiers (see next slide) Identifiers may be “strong” or “weak”  Strong identifiers may uniquely identify someone while weak identifiers may identify a group of people  Multiple weak identifiers in combination may uniquely identify someone  Identifiers may be strong or weak depending on context

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 3 Attributes Properties associated with individuals  Height  Weight  Hair color  Date of birth  Employer

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 4 Identification The process of using claimed or observed attributes of an individual to determine who that individual is

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 5 Authentication “About obtaining a level of confidence in a claim”  Does not prove someone is who they say they are Types  Individual authentication  Identity authentication  Attribute Authentication Three approaches  Something you know  Something you have  Something you are

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 6 Credentials or authenticators Evidence that is presented to support the authentication of a claim

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 7 Authorization The process of deciding what an individual ought to be allowed to do

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 8 Identity The set of information that is associated with an individual in a particular identity system Individuals may have many identities

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 9 What does it mean to be identifiable? Identifiable person (EU directive): “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 10 Identifiable vs. identified P3P spec distinguishes identifiable and identified Any data that can be used to identify a person is identifiable Identified data is information that can reasonably be tied to an individual Identified Non-identifiable (anonymous) Identifiable Non-identified

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 11 Linkable vs. linked P3P requires declaration of data linked to a cookie Lots of data is linkable, less data is actually linked Where do we draw the line? Draft P3P 1.1 spec says:Draft P3P 1.1  A piece of data X is said to be linked to a cookie Y if at least one of the following activities may take place as a result of cookie Y being replayed, immediately upon cookie replay or at some future time (perhaps as a result of retrospective analysis or processing of server logs): A cookie containing X is set or reset. X is retrieved from a persistent data store or archival media. Information identifiable with the user -- including but not limited to data entered into forms, IP address, clickstream data, and client events -- is retrieved from a record, data structure, or file (other than a log file) in which X is stored.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 12 Privacy and identification/authentication To better protect privacy:  Minimize use of identifiers Use attribute authentication where possible  Use local identifiers rather than global identifiers  Use identification and authentication appropriate to the task

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 13 Identity theft 7-10 million victims each year Causes  Widespread use of SSN  Credit industry practices  Minimal attention from law enforcement

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 14 Homework html 9.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.