![Questions or Comments Contact: [email_address]](https://image.slidesharecdn.com/reidbrombybileta08-100226102955-phpapp02/95/digital-identity-security-16-728.jpg?cb=1267180211)
Upcoming SlideShare
Digital Identity & Security
- 1. Digital Identity & Security Serendipity Interactive Ltd & Glasgow Caledonian University Michael Bromby & Laura Reid
- 2. What is the problem? <ul><li>Do you know who you’re communicating with? </li></ul><ul><li>Local communication vs. </li></ul><ul><li>Global Communication </li></ul>vs.
- 3. Solution – A Signature <ul><li>A signature implies </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Authorisation </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Non-repudiation </li></ul></ul><ul><li>Digital proof of identity </li></ul><ul><li>Use electronic signature </li></ul>
- 4. Electronic Signatures Regulations 2002 <ul><li>Defines Advanced Electronic Signature as: </li></ul><ul><ul><li>uniquely linked to the signatory </li></ul></ul><ul><ul><li>capable of identifying the signatory </li></ul></ul><ul><ul><li>created using means that the signatory can maintain under his sole control </li></ul></ul><ul><ul><li>linked to the data to which it relates in such a manner that any subsequent change of the data is detectable </li></ul></ul><ul><li>Also: Electronic Communications Act 2000 </li></ul><ul><ul><li>Allows use of electronic signature </li></ul></ul>
- 5. Implementation <ul><li>linked to data & uniquely linked to signatory </li></ul><ul><ul><li>PKI </li></ul></ul><ul><li>created using means that the signatory can maintain under his sole control </li></ul><ul><ul><li>Biometrically secure </li></ul></ul><ul><li>capable of identifying the signatory </li></ul><ul><ul><li>Good Issuance Process </li></ul></ul>
- 6. PKI – Public Key Infrastructure <ul><li>Digital Signature </li></ul><ul><li>Uses Public Key Infrastructure </li></ul><ul><ul><li>Consists of linked Public and Private ‘keys’, or codes </li></ul></ul><ul><li>Private Key </li></ul><ul><ul><li>Used to sign a document </li></ul></ul><ul><ul><li>Must be kept secure, to ensure authentication </li></ul></ul><ul><li>Public Key </li></ul><ul><ul><li>Used to verify signature </li></ul></ul><ul><ul><li>Is available to anyone </li></ul></ul>
- 7. Public Keys - Alice & Bob
- 8. PKI - linked to data & signatory <ul><li>Each key pair is unique </li></ul><ul><li>Key can encrypt the whole document </li></ul><ul><li>Integrity is ensured via a hash function </li></ul><ul><li>Authenticates – if private key is secure </li></ul><ul><li>Public key verifies authenticity and integrity </li></ul>
- 9. Identity Security - Biometrics <ul><li>Security uses </li></ul><ul><ul><li>Something you know </li></ul></ul><ul><ul><li>Something you have </li></ul></ul><ul><ul><li>Something you are </li></ul></ul><ul><li>Biometrics can’t be lost or forgotten </li></ul><ul><li>Only you can use it </li></ul><ul><li> Non Repudiation </li></ul>********
- 10. Implementation <ul><li>Why a USB token? </li></ul><ul><ul><li>Portable </li></ul></ul><ul><ul><li>Standard interface </li></ul></ul><ul><ul><li>Ability for data storage and </li></ul></ul><ul><ul><li>Secure – signature only on token </li></ul></ul><ul><ul><li>Separate from data/comm. being secured </li></ul></ul><ul><ul><li>Fingerprint on matched on token </li></ul></ul>
- 11. Non-Repudiation <ul><li>Token Functionality </li></ul><ul><ul><li>Authenticate user as token owner </li></ul></ul><ul><ul><li>Allow user to sign documents </li></ul></ul><ul><li>Token Requirements </li></ul><ul><ul><li>Electronic trail </li></ul></ul><ul><ul><li>Guarantee of identity </li></ul></ul>
- 12. Good Issuance – Identify Signatory <ul><li>Requires: A trusted process for issuance </li></ul><ul><ul><li>Proof of identity </li></ul></ul><ul><ul><li>Proof of address </li></ul></ul><ul><ul><li>Recording of data presented for proof </li></ul></ul><ul><ul><li>Organisation </li></ul></ul><ul><ul><ul><li>Proof of employment </li></ul></ul></ul><ul><ul><ul><li>Authorisation from manager </li></ul></ul></ul><ul><ul><ul><li>Record of authorised activities </li></ul></ul></ul>
- 13. Trust Chain Serendipity Trusted Root Company Lawyers/ accountants/ notarised services Company Issuer Ordinary Public Employees Background / database / server
- 14. Pros and Cons <ul><li>Pros </li></ul><ul><ul><li>Meets legal signature requirements – easy global communication & commerce </li></ul></ul><ul><ul><li>No password to forget </li></ul></ul><ul><ul><li>Portable </li></ul></ul><ul><li>Cons </li></ul><ul><ul><li>Strict issuance – not everyone meets the standard </li></ul></ul><ul><ul><li>Not everyone has fingerprints </li></ul></ul><ul><ul><li>Bio-tokens are expensive </li></ul></ul>
- 15. Secure Digital Identity <ul><li>PKI + Biometrics + Secure Issuance </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Authorisation </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Non-repudiation </li></ul></ul><ul><li>A Secure Digital Identity </li></ul>
- 16. Questions or Comments Contact: [email_address]
Be the first to comment