Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems."— Presentation transcript:

1 User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems Lallen@wavesys.com

2 Privacy Challenges  The Internet ‘exposes’ and ‘creates’ as by-products significant amounts of personal information in its normal mode of operations  Personal information was the primary ‘currency’ which funded the explosive era of the Internet Most tools were created to track, market, profile, spam, etc. Success was measured in “eyeballs” and personal data  Current architectural and legislative approaches to privacy focus on restricting uses of information after it is collected, not minimizing the collection of personal information  New identity credentials planned to contain significantly more personal information and biometrics, ie. DMV license  Evolving identity systems will connect more information 11/27/012

3 Strategic New Approach to Privacy  User manages release of personal information from a secure ‘wallet’ or local repository  Personal tools provide full range of protection from anonymous to full disclosure mode  ‘Trusted’ user devices for authentication, access, processing, storage, and protection at the perimeter of the Internet provide local authentication and selective release of required, authorized and essential data into network and centralized sites.  All personal information is ‘bound’ to privacy preferences throughout life of the data to control usage. 11/27/013

4 Authentication and Privacy n Privacy is growing social issue, even post 9/11 n EU, Canada and others with tough Data Protection laws n Authentication and Privacy must find acceptable ‘balance’ n Where authentication is done will affect privacy concerns n With trusted, intelligent edge devices authentication can be accomplished without releasing personal information User ‘Near’ User Local Regional National Intrn’l. Privacy Concerns Location of Authentication

5 Distributed Trust and Intelligent Web Agents New Privacy and Security Approach Trusted Client Platform XML Web Agents Strong Security in User Devices for Protection and Distributed Handling of Personal Information

6 Trusted Client Input Device EMBASSY Trusted Client Platform Secure Display Secure Input Secure Processing Storage Time Strong Cryptography

7 EMBASSY Trusted Client Subsystem Processor Memory Interfaces /Storage Clock Crypto Wallet Digital Signature Strong Auth Trust Assurance Network Digital Signature Digital Signature Identity App. Music DRM Hard Disk Digital Signature Strong Auth Authentication Application EMBASSY CHIP/ Trusted OS Wallet ‘Sovereign and Protected Place in a Hostile Territory’ Device Trust Services, Secure Applet Management

8 Intelligent Identity Solution XNS is a global identity protocol that uses Web agent technology to:  Create a foundation of identity management  Link real-world identities to each other  Establish permissions governing the exchange or use of identity-related data  Based on XML web agent technology for intelligent exchange and processing of information  Automatically synchronize changes to this data  Build in extensibility to accommodate change XNS (eXtensible Name Service) OneName Corporation

9 Trusted Input Device - Architecture PC Cards Tokens ID PIN Password Biometrics Authentication Internet FW Server Trusted Device Authentication Untrusted Trusted Authentication must be done in a trusted location Trusted devices can communicate securely over untrusted networks and through untrusted devices

10 Internet FW Server Extending Trust to the Network Edge Cards Tokens ID / PIN Password Biometrics PC End-end security Multi-layer protections Workgroups and peer-peer enabled Data / user level Trust Boundaries

11 Selective Personal Information Access Smart Card Identity Credential Contains: Name and Address Age Biometrics Fingerprints Facial Image DNA Signature Criminal History Healthcare Info Digital IDs, etc. Intelligent, Trusted Reader Information Accessible Bar Applet Age Police Applet Name / Address Age Biometrics Criminal History Hospital Applet Name / Address Age Healthcare Info Benefits: Distributed Scalable Enforceable Local Auth Applet Yes or No ▒▒▒▒▒▒▒▒▒

12 Benefits – User Managed Privacy nAllows users to have much more control over the release and usage of personal information Minimize release of information Privacy preferences more granular and situation based nAuthentication at the network edge with information release Strong, multi-factor authentication Addresses major security exposure – The untrusted PC Minimized need for centralized data bases Solution for selective release of personal information – satisfies basic tenets of ‘need to know’ nSecure, multifunction identity credentials Addresses key issues for including finger prints, criminal history, medical information, age, etc. on driver’s licenses More easily addresses issues context based identity needs

Download ppt "User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems."

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Secure Communication Architectures.

Secure Communication Architectures.
HID Global Corporate Overview Natacha Jaramillo Regional Sales Manager (Latin America) September 2014 Presentation Title Slide.

HID Global Corporate Overview Natacha Jaramillo Regional Sales Manager (Latin America) September 2014 Presentation Title Slide.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
2003 1 Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.

Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
The Internet & The New IT Infrastructure Chapter 9.

The Internet & The New IT Infrastructure Chapter 9.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Similar presentations

Ads by Google