9. ตัวอย่างการใช้เทคโนโลยี PKI ในปัจจุบัน
9
ระบบ e-Payment Service (Security)
9
PCC SITE
EFT
Payment
Gateway
Security
Server
S/S
S/S
S/S
S/S
BT
S/S
Enterprise A
Enterprise B CA
Source: Thai Digital ID Co,Ltd.
Internet
10. ตัวอย่างการใช้เทคโนโลยี PKI ในปัจจุบัน
10
ระบบ e-Payment Service (Workflow)
10
E-Payment Gateway
&
EFT Clearing System
1. Payment Entry
5. Debit Entry
7. Debit Advice
8. Credit Entry
Security
System
Security
System
Security
System
PCC System
Digital
Signature
CA
Directory
12. Credit Advice
10. Credit Advice
Digital
Signature
3. Acct. Inq.
4. Acct. Reply
Corp A
Corp B
Debit Bank
Credit Bank
Source: Thai Digital ID Co,Ltd.
Internet
14. มาตรฐานHealth Informatics
• ISO 27799:2008 defines guidelines to support the interpretation and
implementation in health informatics of ISO/IEC 27002 and is a
companion to that standard.
• ISO 27799:2008 specifies
• a set of detailed controls for managing health information security
• health information security best practice guidelines
• a minimum requisite level of security that is appropriate to their
organization's circumstances and that will maintain the confidentiality,
integrity and availability of personal health information
• ISO 27799:2008 applies to health information in all its aspects;
• whatever form the information takes (words and numbers, sound recordings,
drawings, video and medical images),
• whatever means are used to store it (printing or writing on paper or
electronic storage) and
• whatever means are used to transmit it (by hand, via fax, over computer
networks or by post)
The information must always be appropriately protected.
14
http:// http://www.iso.org
15. Definition of personal health
information in ISO 27799
• personal health information
• information about an identifiable person which relates to the physical or mental
health of the individual, or to provision of health services to the individual, and
which may include:a) information about the registration of the individual for the
provision of health services;
• b) information about payments or eligibility for healthcare with respect to the
individual;
• c) a number, symbol or particular assigned to an individual to uniquely identify
the individual for health purposes;
• d) any information about the individual collected in the course of the provision
of health services to the individual;
• e) information derived from the testing or examination of a body part or bodily
substance;
• f) identification of a person (e.g. a health professional) as provider of healthcare
to the individual.
• Note 1 to entry: Personal health information does not include information that,
either by itself or when combined with other information available to the holder,
is anonymized, i.e. the identity of the individual who is the subject of the
information cannot be ascertained from the information. 15
17. 1995
1998
BS 7799 Part 1
BS 7799 Part 2
Swedish standards SS 62 77 99 Parts 1 and 21999
Updated version of BS 7799 Parts 1 and 2
December 2000 ISO/IEC 17799:2000
2001 Review of BS 7799-2
September 2002 Updated version of BS 7799-2
(revised and corrected)
June 2005 ISO/IEC 17799:2005
(Change Name to ISO/IEC 27002:2005)
ISO/IEC 27001:2005
(Revised BS 7799-2)
October 2005
1992 - 1993BSI &Industry working group: Developed « Code of Practice »
Historyof ISMSStandard
September 2013 ISO/IEC 27001:2013
18. ISO27002
● ISO/IEC 27002:2005 Code of Practices
○ Provide suggested controls with implementation guidelines – how to implement
○ Not a certifiable or auditable standard
○ The controls in ISO27002 are
contained in Annex A of ISO 27001
27. 27
CaseStudyประเทศแคนาดา
Givingthechoiceto thepeopleweserve
Present Future
Single Authentication Provider
Single Credential Option
Single Level of Assurance
Bundling of Services (Costly)
Multiple Recognized Providers
Multiple Credential Options
Multiple Levels of Assurance
GC Access Key
Service
Authentication
Mandatory Service
Cyber-Auth
Service
Federation
Commercial
GC Branded
ePass Service
Authentication
Encryption
Digital Signature
PKI
Mandatory Service
Past
Single Authentication Provider
Single Credential Option
Single Level of Assurance
Standards-based
User Choice
Mandatory Services
Approach approved by TB Ministers
Source: Mr. Robert.Sunday <Robert.Sunday@tbs-sct.gc.ca>