replacement ssn rsn l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Replacement SSN (RSN) PowerPoint Presentation
Download Presentation
Replacement SSN (RSN)

Loading in 2 Seconds...

play fullscreen
1 / 15

Replacement SSN (RSN) - PowerPoint PPT Presentation


  • 157 Views
  • Uploaded on

Replacement SSN (RSN). Overview July 21, 2008. Presentation Overview. Part I -The Problem What problem is being addressed? How does the service solve the problem? Part II - How to use the RSN Service Convert your database Invoke the RSN Service as a Web Service

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Replacement SSN (RSN)' - lexiss


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
replacement ssn rsn

Replacement SSN (RSN)

Overview

July 21, 2008

presentation overview
Presentation Overview
  • Part I -The Problem
    • What problem is being addressed?
    • How does the service solve the problem?
  • Part II - How to use the RSN Service
    • Convert your database
    • Invoke the RSN Service as a Web Service
    • Invoke the RSN Service via an MVS batch subroutine
    • How the RSN Service Works
    • Apply for access at your campus
    • Current Status of RSN Service Development
  • Questions
part i
Part I

The Problem

the problem
The Problem

True SSNs are maintained by UC in:

  • Operational Systems, e.g., PPS
  • Data Warehouse systems, e.g., CPS
  • Interface files between systems

Recent Security Breaches have demonstrated that it’s “when” not “if” one of these systems are compromised. Many interface files contain full campus rosters of PII.

proposed solution overview
Proposed Solution Overview
  • Replace SSNs with a Replacement SSN.
  • Replacement SSN (RSN) is randomly generated. It is not an algorithm or a hash.
  • RSN-SSN correspondence is maintained in the “SSN Vault” at UCOP.
  • For ease of implementation, RSN is also a 9-digit number.
  • Web services (SOA) will be provided to exchange RSNs and SSNs.
  • Implementation is University-wide, beginning with Payroll going downstream (UCRS, etc.)
intended use
Intended Use
  • SSNs are replaced upon initial entry into any application, e.g., PPS
  • RSNs are stored in application databases
  • RSNs are used in interface files, e.g., PPS to UCRS, PPS to CPS, etc.
  • SSNs are obtained from the “vault” using RSNs when needed for external purposes (e.g., W-2 files, user display)
  • The services only provide one RSN-SSN exchange at a time.
what will we provide
What Will We Provide?
  • One Web Service to convert an SSN to RSN
  • One Web Service to convert a RSN to SSN
  • A utility which calls the service to convert

existing files (or unloaded tables) to RSN

  • A pair of services and database design that can be used at a campus that is coordinated with the UCOP services
  • Activity Logging
  • A strategy for re-mapping SSNs to new RSNs in case of a breach
part ii
Part II

How to use the RSN Service

how the rsn service works
How the RSN Service Works

RACF provides the authorization ID associated with the certificate presented by the requester

RSN / SSN mapping is encrypted at rest

A request for SSN lookup using RSN that is not found results in +100 return code and a strike against the requester. Once a requester exceeds his allotted number of strikes further access to denied.

All Web Service requests use SSL. The LUW server or CICS region hosting the requesting application must have an X.509 certificate.

RACF authorization ID of batch job submitter is the userid under which the RSN Service CICS transaction runs. The requester passes an application key (which identifies the application) with the request.

Once authenticated all requests for an RSN lookup using SSN are honored.

apply for access at your campus
Apply for access at your campus
  • Requires CIO approval
  • Provide as appropriate
    • Userids
    • IP addresses
    • Application key name
    • CSR
  • We will provide
    • Certificate
    • Authorization to use
    • WSDL
current status of rsn service development
Current Status of RSN Service Development
  • Coding and development testing nearly complete
  • Vetting process underway
    • UCOP Internal Audit
    • External Technical Review
    • Vulnerability assessment
  • Production rollout date not yet known
questions
Questions
  • We will answer as many as possible until time runs out
  • Anyone who still has questions after the presentation should feel free to ask us later