Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intra-ASEAN Secure Transactions Framework Project Progress Report

Published byErnest McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "Intra-ASEAN Secure Transactions Framework Project Progress Report"— Presentation transcript:

1 Intra-ASEAN Secure Transactions Framework Project Progress Report
Chaichana Mitrpant

2 Project Information Support AIM 2015 under
Strategic Thrust 2 :People Engagement and Empowerment Initiatives 2.4 : Building Trust Action : Promote Secure transaction with in ASEAN Description : Promote the use of two-factor authentication ASEAN ICT Master Plan 2015 Finished Need Collaboration Review if practical , ask for comments in practicality, in stage implementation Please join Stand in ASEAN : Authentication NRCA : LOA_4, Level CP/CPS

3 Intra-ASEAN Secure Transactions Framework Project
Scope of work Status update on : Laws, Policies, Regulations related to e-signature , certification Propose e-authentication recommendation for Intra-ASEAN secure electronic transactions Methodology Desk Research : Review from the data available to public Questionnaire Survey : Distributed to 10 ASEAN member countries Period : 1 year Budget : 10,000 USD

4 Executive Summary Three main components of e-authentication have been identified as follows: Assurance Levels and Risk Assessments – Levels of assurance are defined so that different levels of importance of getting e-authentication right can be distinguished. Identity Proofing and Verification – For each level of assurance, an objective of authentication and a set of controls are defined. Then details about identity proofing and verification methods are provided for the registration process. Authentication Mechanism – Different token technologies are listed and mapped to the levels of assurance. Moreover, how identity should be managed is recommended.

5 Executive Summary Standards and Best Practices
Assurance Levels and Risk Assessments ISO/IEC 29115:2013 OMB M-04-04 NeAF Identity Proofing and Verification Authentication Mechanism NIST Special Publication

6 Executive Summary Assurance Levels and Risk Assessment
Description 1 – Low Little or no confidence in the asserted identity’s validity 2 – Medium Some confidence in the asserted identity’s validity 3 – High High confidence in the asserted identity’s validity 4 – Very High Very high confidence in the asserted identity’s validity

7 Executive Summary Identity Proofing and Verification Approach
Assurance Level Objectives Control Method of processing 1 – Low Identity is unique within a context Self-claimed or self-asserted Local or remote 2 – Moderate Identity is unique within context and the entity to which the identity pertains exists objectively Proof of identity through use of identity information from an authoritative source 3 – High Identity is unique within context, entity to which the identity pertains exists objectively, identity is verified, and identity is used in other contexts Proof of identity through use of identity information from an authoritative source identity information verification 4 – Very High Identity is unique within context, entity to which the identity pertains exists objectively, identity is verified, and identity is used in other context use of identity information from multiple authoritative sources entity witnessed in-person Local

8 Executive Summary Examples of Token Types for Different LoAs
Assurance Level Level 1 Level 2 Level 3 Level 4 Memorized Secret Token ✓* Pre-registered Knowledge Token Look-up Secret Token Out of Band Token Single-factor (SF) One-Time Password (OTP) Device Single-factor (SF) Cryptographic Device Multi-factor (MF) Software Cryptographic Token Multi-factor (MF) One-Time Password (OTP) Device Multi-factor (MF) Cryptographic Device

9 Needs for ASEAN Legal Infrastructure
The cooperation among Member States is necessary in creation of the legal framework for Information Technology Legal Infrastructure development to be in equivalence and conform to international principle especially in the following matters: Legal Infrastructure for Cross Boarder Electronic transactions Principle on organization or unit for supporting and controlling the reliance on Electronic Transactions Clear policy relating to Authentication technology in Electronic Transaction Clear and appropriate principle on Identification and Authentication in Electronic Transaction, for example, the principle that allows a Certification Authorities (Foreign CA) to issue foreign digital certificate Relevant measurements regarding data confirmation, such as, Electronic Signature and the responsibility of data owner for the accuracy of data. The principle on Personal Data Protection, including the principle on a request of data in Authentication system in Cross Boarder Transaction by authority or relating person, or data sharing between Government Sector and Private Sector.

Download ppt "Intra-ASEAN Secure Transactions Framework Project Progress Report"

Similar presentations

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget
Levels of Assurance OGF Activity Michael Helm ESnet/LBNL 27 Feb 2007.

Levels of Assurance OGF Activity Michael Helm ESnet/LBNL 27 Feb 2007.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Similar presentations

Ads by Google