Anonymous, Liberal, User-Centric Electronic Identity – New Systematic Design of e-ID Infrastructure Libor Neumann ANECT a.s. www.oasis-open.org.

Slides:



Advertisements
Similar presentations
Location Based Services and Privacy Issues
Advertisements

Chapter 10 Real world security protocols
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Lecture 23 Internet Authentication Applications
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Anonymous, Liberal and User-Centric Electronic Identity Supports Citizen Privacy Protection in e-Government OASIS eGov Workshop - 1 May 2008 Libor Neumann.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
All rights reserved © 2005, Alcatel Risk Awareness in Enterprise IT Processes and Networks  Dr. Stephan Rupp.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Principles of Information Security, 2nd edition1 Cryptography.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
BioSec Biometrics & Security IST © 2005 BIOSEC Consortium 1February 2005 BioSec Biometrics & Security Orestes SanchezBioSec Coordinator Telefónica.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
A User-centric, Anonymous and Interoperable pan-European eID Pavel Sekanina September 13th, 2006.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Connecting to Secure Wi-Fi in QSB Boardroom Locations 01 September 2013.
Republic of Sudan Ministry of Telecoms & Information Technology National Committee for Digital Certification ELECTRONIC ID IN ONLINE ADMISSION FOR UNIVERSITIES.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.
European Interoperability Architecture e-SENS Workshop : Document Interoperability Solutions use case 7-8 January 2015.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
EGov Interop'05 - Feb 23-24, Geneva (Switzerland) OBSERVATORY ON INTEROPERABLE eGOVERNMENT SERVICES eGov-Interop'05 Annual Conference February.
Österreich 2006 Austria 2006 Autriche 2006 Präsidentschaft der Europäischen Union Presidency of the European Union Présidence de L’Union européenne ★★★★★★
Applying FI-WARE Generic Enablers to Smart Grid Management: Electric Car Charging Scenario Dr. Steven Davy Mobile, Middleware, TSSG Mas2tering.
1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Creating a European entity Management Architecture for eGovernment CUB - corvinus.hu Id Réka Vas
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
FIDIS & PRIME Project Views SecurIST Inaugural Workshop Brussels, Kai Rannenberg Goethe University Frankfurt
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.
On Requirements for Mobile Commerce By Aj.Pongthep Termsnguanwong.
The German eID and eIDAS
ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Strategy and experience of Spain in interoperability for eGovernment.
Conference Pan-European eGovernment services for citizens & enterprises E.3 Services for enterprises Development and improvement of Information Systems.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
E-Government in Germany: The Example of Process Chains Federal Chancellery Better Regulation Unit
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION Frank LEYMAN Manager International Relations 04/06/2009.
The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
Identity on the Internet
Tor Good + Evil.
Private and Secure Biometric User Authentication in the Web Master Thesis Defense Zaki Alsubhi Department of Computer Science University of Colorado.
Authentication.
WORKING ACROSS BORDERS - eIdentity & Authentication
Reiniger LLC.
E-identities (and e-signatures)
Presentation transcript:

Anonymous, Liberal, User-Centric Electronic Identity – New Systematic Design of e-ID Infrastructure Libor Neumann ANECT a.s.

Motivation n Big ideas, current needs l Single European Information Space l Pan-European e-gov services l E-Government 2.0 n Current challenges l Lack of interoperability l Underestimated privacy threats l Unaccepted complexity by the end-user l Lack of personification n E-ID (authentication) is key enabler

New e-ID design n Searching of e-ID solution n Systematic analysis n Design from scratch l System design methodology was used l New way of thinking about e-ID l New principles, new methods n ALUCID ® - Anonymous, Liberal, and User-Centric electronic IDentity

Anonymous identity n Anonymous identity – Nonsense? n Real life examples of anonymous identity l Dog and its master l Mother and her baby l Program variable in virtual memory n ALUCID ® separates distinguishing between subjects from naming of subjects (claims) l Identifiers and credentials are very large random (or pseudorandom) numbers with limited validity in time. l Names (claims) can be protected application data

Open Standard Interfaces

Missing entities n No login names, no passwords. No forgotten password, no phished password, … n No user certificate. No recertification, no extra charges, no names on the network,… n No identity provider. No user communication with an identity provider, no personal information managed by third party, … n No government-issued identity. No “numbering” of citizens, no misuse of state- issued identifiers,… n No biometric data without access control. No cloned biometric data from e-ID use, no remote verification of biometric data origin,...

End-user n Extremely simple use – have a PEIG ® (Personal Electronic Identity Gadget) and activate/deactivate it. n User freedoms: l Selecting a product, producer, form, size, features,… l Selecting an activation method l No obligation to use that PEIG l Possibility to use more than one PEIG l Possibility to change his/her mind in future n Direct access to personified services n Service provider takes care of his/her security n Virtually private Internet (“My Internet”) n Universal use of PEIG

End-user point of view

End-User scenario n The user scenario should be: l The user selects a PEIG ®. It is sold empty. l The user teaches his or her PEIG to recognize him or her when activated. l The user connects the first time to the service provider and uses the activated PEIG. l The user can (but need not) give his or her personal data to the service provider l The user will be able to open his or her personified service directly if he or she activates his or her PEIG. l The same procedure can be used with any other service provider supporting ALUCID ®.

Prototype demo

Thank you for your attention n

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.