Presentation is loading. Please wait.

Presentation is loading. Please wait.

State of e-Authentication in Higher Education Bernie Gleason

Published byJanis Oliver Modified over 5 years ago

Similar presentations

Presentation on theme: "State of e-Authentication in Higher Education Bernie Gleason"— Presentation transcript:

1 State of e-Authentication in Higher Education Bernie Gleason
Stronger Authentication – Issues, Techniques, Security Tokens & Biometrics State of e-Authentication in Higher Education Bernie Gleason August 20, 2004

2 Acknowledgements ”Most Trusted University”
University of Miami has a strategic goal to become respected as one of the “Most Trusted Universities.” Illustrations and strategies in this presentation have been provided with the permission of the University of Miami. Identity management and authentication concepts have been contributed by members of the Information Technology department at Boston College. Special thanks to IBM for their sponsorship and support

3 E-Business Progression

4 Academic Environment Heterogeneous Disparate Authentication Mechanisms
Redundant Identity Data “Weak Passwords” – the norm Proprietary Integration Methods Expanding User Base and Access Methods Trust Agreements Elusive

5 Basic Transitive Trust Model

6 Trust Model Progression
More Customer Types More Access Devices Weak Passwords Single Sign-On Identity Management Directory Services Portals Federations PKI XML Standards Web services ASPs – Rebirth Grids Service-oriented Architectures (SOA)

7 Weak Password Authentication
Often pretending passwords are strong Can build from the current base Need to add more muscle – second factors Maintain privacy Maturation is going to take time

8 Two-Factor Authentication
ATM requires that I use two factors: “something I have” Bankcard “something I know” Password/PIN On-line transaction requires one factor: What should be the on-line equivalent on the ATM second factor?

9 Authentication – Three Factors
Passwords “something we know” Tokens and Cards – “something we possess” (e.g., ID cards, smart cards, digital certificates) Biometrics “something that is part of us” (e.g., retina scan, fingerprints, facial recognition)

10 Smart Cards and Security Tokens
USB Tokens Dartmouth University of Texas Medical

11 Interim Two-Factor Authentication Practices

12 Biometrics in Practice
Hand Scans Facial Recognition Retina Scans Conversational Voice Fingerprints Don Estridge High School in Boca Raton Dormitory surveillance in combination with security cameras Swift & Company tracking cattle in conjunction with GPS system Spoken secret (e.g. password) is used to verified identity with the voice Piggly Wiggly stores - fingerprints r for credit and debit card processing and check cashing

13 Biometrics in Practice -- Fingerprints

14 Biometrics in Practice – Facial Recognition

15 Managing Biometrics Database – Identity is authenticated against a central database or directory Local – Biometric is stored in the device or token and authentication test is simply that the user of the device is the person assigned.

16 Biometric Acceptance Required authentication strength for the transaction Privacy precautions and requirements Cost and customer convenience Customer audience and customer access device capabilities Adopted institutional standards and supporting infrastructure (e.g., PKI) Accepted practices, both within and outside of Higher Education

17 Charting a Strategy Accept passwords as a way of life
Concentrate on building a stronger security and identity management infrastructure – what users don’t see or experience but take for granted Implement innovative ways that make the user experience easier and more intuitive Apply new methods universally in a non-intrusive, transparent manner Require second factors of authentication only at the time that access to sensitive data and transactions is needed

18 New Paradigm Existing ID Numbers and Passwords – “something we know”
Existing CaneID Cards – “something we possess” for low-level authentication and existing applications, but upgraded with standard credit card security features Public Key Infrastructure – underlying security framework but the keys and complexity masked from the users Smart USB Tokens -- “something we possess” for higher-level authentication and distributed to all core constituents (faculty, students and staff) Fingerprint Scans -- “something that is part of us” and optionally imbedded in USB tokens

19 Matching Risk to Authentication Technique
Authorization Risk Assessment Minimal Risk Low Risk Substantial Assurance High Assurance Authentication Technique PIN Password + PIN Two Factors Three Factors with Biometric

20 Future PKI Infrastructure Most Trusted Passwords Smart Devices
Biometrics Central Authentication Authority PKI Infrastructure

21 Questions?

22 Trust Agreements is the User is Central Authentication Service
is the Target Application Transitive Trust – B trusts A and B trusts C, so C trusts A Proxy – B trusts A and B trusts F, F trusts C, so C trusts A Federated – B trusts A, B trusts Circle, so C trusts A

Download ppt "State of e-Authentication in Higher Education Bernie Gleason"

Similar presentations

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.
3SKey 3SKey.

3SKey 3SKey.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Digital Identity Management Strategy, Policies and Architecture Kent Percival 2005 06 23 A presentation to the Information Services Committee.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Joseph Ferracin Director IT Security Solutions Managing Security.

Joseph Ferracin Director IT Security Solutions Managing Security.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Similar presentations

Ads by Google