slide1 n.
Skip this Video
Download Presentation
Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b

Loading in 2 Seconds...

play fullscreen
1 / 33

Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b - PowerPoint PPT Presentation

  • Uploaded on

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy. Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b 10 April 2003. Introduction. Future – Ubiquitous Computing Ginger Segue Identity Management

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Joe Pato, Principal Scientist Trust, Security & Privacy HP Labs Guest Lecture - CPSC 155b' - vilina

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Identity Management: Enterprise, E-Commerce and Government applications and their implications for privacy

Joe Pato, Principal Scientist

Trust, Security & Privacy

HP Labs

Guest Lecture - CPSC 155b

10 April 2003

  • Future – Ubiquitous Computing
    • Ginger Segue
  • Identity Management
    • What is Identity
    • Authentication
    • Enterprise / Internet / Government contexts
  • Privacy Considerations

(c) 2003 Hewlett-Packard

identity management
Identity Management

Identity Management is:

  • the set of processes, tools and social contracts surrounding
    • the creation
    • maintenance
    • and termination of a digital identity
  • for people or, more generally, for systems and services
  • to enable secure access to an expanding set of systems and applications.

(c) 2003 Hewlett-Packard

views of identity
Views of Identity

“The Aggregate Me”


“My view of me”

Government view

Employer view of me view of me

(c) 2003 Hewlett-Packard

some definitions
Courtesy of Some Definitions

Who Goes There? Authentication Through the Lens of Privacy

  • Committee on Authentication Technologies and Their Privacy Implications

Computer Science and Telecommunications Board

The National Academies

Washington, D.C.

(c) 2003 Hewlett-Packard


An individual is a person.

(c) 2003 Hewlett-Packard


“Lamont Cranston”

“Employee #512657”

An identifier identifies an individual.

(c) 2003 Hewlett-Packard


An Attribute describes a property associated with an individual

(c) 2003 Hewlett-Packard


“The Shadow”


“an identity of X” is the set of information about an individual X

associated with that individual in a particular identity system Y

(c) 2003 Hewlett-Packard


Identification is the process of using

claimed or observed attributes of an individual

to infer who the individual is

(c) 2003 Hewlett-Packard


An authenticator is evidence which is presented

to support authentication of a claim.

It increases confidence in the truth of the claim

(c) 2003 Hewlett-Packard


Authentication is the process of establishing confidence

in the truth of some claim

There are different types of authentication…

(c) 2003 Hewlett-Packard

attribute authentication
Attribute Authentication


Attribute Authentication is the process of establishing

an understood level of confidence

that an attribute applies to a specific individual

(c) 2003 Hewlett-Packard

individual authentication
Individual Authentication

“Lamont Cranston”


Individual Authentication is the process of

establishing an understood level of confidence that

an identifier refers to a specific individual

(c) 2003 Hewlett-Packard

identity authentication
Identity Authentication

“The Shadow”


Identity Authentication is the process of establishing

an understood level of confidence

that an identifier refers to an identity

(c) 2003 Hewlett-Packard


Authorization is the process of deciding

what an individual ought to be allowed to do

(c) 2003 Hewlett-Packard

internet vs enterprise
Internet vs. Enterprise
  • Organizational control of population
  • Ability to issue tokens
  • Ability to mandate desktop software
  • Direct vs. network access
  • Scale of population
  • Privacy Issues

(c) 2003 Hewlett-Packard

government s unique role
Government’s Unique Role
  • Regulator, Issuer of identity documents, Relying Party
  • Unique Relationship with Citizens
    • Many transactions are mandatory
    • Agencies cannot choose their markets
    • Relationships can be cradle-to-grave
    • Individuals may have higher expectations for government
  • Provider of Services
    • A common identifier may be in tension with principles of Privacy Act

(c) 2003 Hewlett-Packard

foundational documents pose risks
Foundational Documents Pose Risks
  • Many of these documents are very poor from a security perspective
    • Diverse issuers
    • No ongoing interest on part of issuer to ensure validity/reliability
  • Birth certificates are particularly poor
    • Should not be sole base identity document

(c) 2003 Hewlett-Packard

identity management components


Single Sign-On


Access Management





Policy Control




Identity Management Components

(c) 2003 Hewlett-Packard

authentication technologies
Authentication Technologies
  • Passwords
  • Tokens
  • Smartcards
  • Biometrics
  • PKI
  • Kerberos

(c) 2003 Hewlett-Packard

federated identity liberty alliance
Federated Identity: Liberty Alliance



Liberty Identity Federation Framework (ID-FF)

Liberty Identity Services Interface Specifications(ID-SIS)

Liberty Identity Web Services Framework(ID-WSF)

(c) 2003 Hewlett-Packard

  • Numerous philosophical approaches
  • Four types discussed here
    • Information privacy
    • Bodily integrity
    • Decisional privacy
    • Communications privacy

(c) 2003 Hewlett-Packard

general privacy implications
General Privacy Implications
  • Authentication can implicate privacy – the broader the scope, the greater the potential privacy impact
  • Using a small number of identifiers across systems facilitates linkage, affects privacy
  • Incentives to protect privacy are needed
  • Minimize linkage and secondary use

(c) 2003 Hewlett-Packard

multiple stages at which privacy is affected
Multiple Stages at which Privacy is Affected
  • Authentication, generally
  • Choice of Attribute
  • Selection of Identifier
  • Selection of Identity
  • The Act of Authentication
  • These are just in the design stage, before transactional data collection, linkage, secondary use issues, etc.
  • Chapter 7’s toolkit describes each of these in detail

(c) 2003 Hewlett-Packard

1 authentication s implications separate from technology
1. Authentication’s Implications Separate from Technology:
  • The act of authentication affects privacy, regardless of the technology used
  • Requires some revelation and confirmation of personal information
    • Establishing an identifier or attribute
    • Potential transactional records
    • Possible exposure of information to parties not involved in authentication

(c) 2003 Hewlett-Packard

2 attribute choice affects privacy
2. Attribute Choice Affects Privacy
  • Informational privacy
    • Distinctive vs. more general
    • Minimize disclosure
    • Ensure data quality
    • Avoid widely-used attributes
  • Decisional – If sensitive, may impinge willingness
  • Bodily integrity – If requires physical collection, may be invasive
  • Communications – If attribute reveals address, phone, network

(c) 2003 Hewlett-Packard

3 identifier selection affects privacy
3. Identifier Selection Affects Privacy
  • Informational privacy
    • Identifier itself may be revealing
    • Will link to the individual
  • Decisional – Fewer effects if random or if allows for pseudonymous participation
  • Bodily integrity – Minimal effects
  • Communications – Problem if identifier is address or number (telephone, IP address, etc.)

(c) 2003 Hewlett-Packard

4 identity selection affects privacy
4. Identity Selection Affects Privacy
  • Three possibilities
    • Identifier is only information available to the system
    • Identifier is not linked to information outside of the system
    • Identifier may be linked to outside records
  • Tracking transactional information poses risk to decisional privacy
  • All issues related to identifier choice remain relevant here

(c) 2003 Hewlett-Packard

5 act of authentication affects privacy
5. Act of Authentication Affects Privacy
  • Authentication usually accomplished by observing the user or requiring support of the claim
  • Informational – If records are kept
  • Decisional – Intrusiveness and visibility may affect
  • Bodily Integrity – If close contact is required
  • Communications – If communication systems use is required

(c) 2003 Hewlett-Packard

additional issues
Additional Issues
  • When is authentication really necessary?
  • Secondary use of identifiers
    • Without original system limits in mind, usage can become highly inappropriate
    • This can lead to privacy and security problems, compromise original mission, and generate additional costs
  • Explicit recognition of the appropriateness of multiple identities for individuals
  • Usability
    • Design systems with human limits in mind!
    • Employ user-centered design methods
  • Identity theft as a side effect of authentication system design choices

(c) 2003 Hewlett-Packard

as for nationwide identity systems
As for Nationwide Identity Systems…
  • Driver’s licenses are a nationwide identity system
  • The challenges are enormous
    • Inappropriate linkages and secondary use likely without restrictions
  • Biometrics databases and samples would need strong protection
  • Any new proposals should be subject to analysis here and in IDs—Not That Easy

(c) 2003 Hewlett-Packard




Joe Pato

HP Labs

One Cambridge Center – 11’th Floor

Cambridge, MA 02142

(c) 2003 Hewlett-Packard