4-i-pin service(ppt 2003) - oecd. · pdf filethe concept of the concept of ii-pin &...
TRANSCRIPT
1
i-PIN Service(internet-Personal Identification Number Service)
Identity Management across the Public and Private Sectors in Korea
22
Contents
The Genesis of i-PINThe Genesis of i-PIN
The Concept of i-PIN & Integrated IDMThe Concept of i-PIN & Integrated IDM
The Function of i-PINThe Function of i-PIN
The Future of i-PINThe Future of i-PIN
The Trust Foundation of i-PINThe Trust Foundation of i-PIN
33
The Genesis of i-PIN
A Korean has an RRN (Resident Registration Number) Contains various kinds of personal informationUnique and permanent number assigned to an individual by GovernmentExample of Resident Registration Number : 880101-1234568
Web site JoiningWeb Site
Credit InquiryCompany
DB Server
Bob
nameResident Registration
Number
Alice 881213 - 1234567
Bob 811104 - 2345678
… …
Zeus 740311 - 1245678
DB Table
44
Personal information disclosure, through RRN theft are posing a serious threat to Korean societyThe primary type of privacy infringement is to create a website membership using other’s RRN
█ : The # of complaints in 2005 (Total : 18,206)█ : The # of complaints in 2006 (Total : 23,333)
9,810(53.9%)
1,140(6.3%)
10,835(46.4%)
2,565(11.0%)
RRN infringement Collection without agreement
Usage except purpose
916(5.0%)
917(3.9%) 771
(4.2%)
923(3.9%)
Request refusal
5,569(30.6%)
8,093(34.8%)
Others
※ Others : infringements not specified by law, management inadequacy, etc.
The Genesis of i-PIN
55
The Concept of i-PIN
i-PIN issuance procedure
After issuance of i-PIN, users use i-PIN ID & PW instead of RRNPrevent privacy from infringement caused by RRN theft
※ User information is real name, i-PIN, protection information for multiple subscription, birth date, sex, etc.
<Verification methods>
< 5 TTPs >
Website(SP) User① Request Membership Joining
② Request i-PIN
③ apply for i-PIN issuance
Trusted Third Parties(IDSP)
④ Interaction for i-PIN issuance- proof of owner’s RRN- registration of i-PIN ID & PW, etc
⑤ Send user’s information
66
The Concept of Integrated IDMIntegrated ID issuance procedure
※ ID federation means that user’s information is transferred by IDSP to SP.※ User information is real name, unique number, birth date, sex, etc.
Governmental Website(SP)
UserIntegrated ID Center
(IDSP)
Village Office ① Face-to-Face Confirmation- registration of user’s information② Registration of User’s info.
③ Join the IDSP
④ Request the Joiningthe SP
⑤ Request ID federation after user’s agreement
⑥ Establishment of ID federation
Trust relationship(SAML 2.0 Protocol)
77
The Trust Foundation of i-PIN
Authentication based knowledgeAccredited Certificate : private key of certificate
Accredited certificate is issued by ACA (Accredited Certification Authority), after user visit ACA or RA (Registration Authority)
Credit Card Information : Secret Number of Credit CardCredit Card is issued by CCC (Credit Card Company), after user identification is confirmed by CCC.
Cell Phone SMS : Authentication NumberCell phone is sold by CPTC (Cell Phone Telecommunication Company), after user identification is confirmed by CPTC.
Authentication based possessionFace-to-Face
User visit TTP with his certificate of residence
88
Difference with using RRN on the InternetRe-issuance i-PIN at any time (changeable with no restriction, cost)No Personal information into i-PIN (Only issuer information)Strong identity verification method than RRNNon-traceable of other website registration information
Improving Expediency of i-PINWhenever i-PIN service users choose among 5 different TTPs, they can access to any websites applied i-PIN service
Protection information for multiple subscriptionProvide only unique information into websiteNon-traceable of other website’ unique information
Other information for marketingBirth date, Sex, Real name, etc.
The Function of i-PIN
99
The Future of i-PIN
Facilitation of i-PIN usageCurrent No. of i-PIN users : 25,000 personsFuture : Every user owns more than one i-PIN
Developing Next i-PIN versionInteroperability with “Integrated ID Management System for Governmental web site” served by MOGAHA (Ministry of Government Administration and Home Affaires)Interoperability with “Electronic Wallet” by ETRI (Electronics and Telecommunication Research Institute), KISA (Korea Information Security Agency), and MS (Microsoft Korea)Enhancing Security, User Control, etc
1010
Question & Answer
Do you want to more information about i-PIN, contact [email protected]