1 / 15

Protecting Identities at FSU

Protecting Identities at FSU. Principles of SSN replacement Jeff Bauer Florida State University http://fsuid.fsu.edu/admin. The SSN Problem. SSN is used as a method for authenticating students and employees via web and in-person challenges Mandates to protect & hide SSN abound

oberon
Download Presentation

Protecting Identities at FSU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protecting Identities at FSU Principles of SSN replacement Jeff Bauer Florida State University http://fsuid.fsu.edu/admin

  2. The SSN Problem SSN is used as a method for authenticating students and employees via web and in-person challenges Mandates to protect & hide SSN abound SSN is still required for certain business processes (HR, external identity of students to Feds, etc.)

  3. The Proposal (2003) This proposal was an attempt to combine identity terms and solve the SSN/multiple identity problem Proposal: FSUID = new public “login name”/password FSUSN = new “SSN-like” private number A combined directory will manage this information

  4. FSU Identifier (FSUID) Unique public identifier First part of a person’s email address (for the most part) Easy to remember (even student ones) Rarely changes Log in for key systems (OMNI, Bb, VPN, etc.) Everybody gets one as soon as officially associated with the University

  5. FSU Security Number (FSUSN) Unique private identifier (nobody should know this but the owner) 9 characters long (same as SSN), with letters thrown in to distinguish from a real SSN A little more difficult to remember, but not impossible Will never change (unlike some SSNs) Everybody gets one as soon as officially associated with the University Currently ONLY used by instructors as a secondary challenge for on-line grade submission

  6. Moving Away from SSN use Two categories of SSN use: Appropriate/required: IRS purposes for employees, external agency identification for students (Financial Aid) Inappropriate: Any use as an identifier where the information can be easily compromised or Undesired: An alternate unique identifier could be used instead (SSNs in person, email, printouts; SSNs on web forms that aren’t SSL’d nor blocked, etc.)

  7. Appropriate use of SSN example Web registration for classes

  8. Current State of Affairs Acknowledge that many student systems still use SSNs in a variety of ways (Admissions, Registration, Fee Payments, Housing, etc.). Acknowledge that new development in student systems have a desire to try and not use SSNs (difficult to do though). Realize that the cost of replacing SSNs with FSUSNs in student systems will take time and money (not unlike the Y2K time & expense problem seven years ago). ** resource intensive ** (currently unfunded)

  9. OTI Proposal FSU should mandate that all computer systems & business processes move away from inappropriate use of SSNs to a suitable SSN replacement. FSU should mandate that customers of identity information from now on obtain Vice President approval for providing SSNs.

  10. Proposals All FSU offices (Admissions & Registrar, Orientation, Financial Aid, Student Financial Services, F&A, etc.) do an internal audit to discover inappropriate uses of SSNs in normal business practices. Any inappropriate use in these offices should change their business process to use an alternate method for identification other than SSN. (immediately for servers that have SSNs and that could be compromised) OTI can assist in technological solutions to be researched and developed to lessen the impact on business practices (card swipes of FSUCard for FSUCard <--> SSN mapping, customized FSUID helpdesk lookup utility, etc.)

  11. Proposals Students systems, with the dominance of SSNs on CICS “green screens”, printed forms and other business processes require the largest effort to replace SSNs. Proposed that $200K for 3 years in time-limited E&G positions be established to convert existing mainframe-based student systems that use SSN as primary key. Note that movement to Oracle/PeopleSoft student systems will solve the SSN problem, but will be more expensive to implement.

More Related