1 / 18

National ID management system in Korea

ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014). National ID management system in Korea. Daeseon Choi, Section Leader, ETRI sunchoi@etri.re.kr. Content. Identifier ID proofing PKI Authentication SSO

egandy
Télécharger la présentation

National ID management system in Korea

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) National ID management system in Korea Daeseon Choi, Section Leader, ETRI sunchoi@etri.re.kr

  2. Content • Identifier • ID proofing • PKI • Authentication • SSO • Attribute Sharing • Future of IDM

  3. Identity Management Issues • What is used as an identifier of person? • How to validate a person’s claimed identity? • How to authenticate a person online ? • How to provide service without repeating logon process? • How to share personal information among service providers?

  4. Unique Identifier • National Registration Number • Given by gov. at birth registration • 13 digits (unique number) 0 0 0 0 0 0 - 0 0 0 0 0 0 0 sequence number of the day’s regist gender checksum birth year month day regist office code (birth location)

  5. NRN for Service Enrollment • Offline (everywhere) • Bank account open, cell-phone enroll • Every contract • Passenger list • Even, video rental • Online (almost everywhere) • Real name internet regulation • Online service registration requires ID proofing (NRN) • NRN is used as a primary key for DB

  6. NRN for Identification • Offline • Bank account transfer is possible with only ID card (NRN) • Online • Call-in help desk : NRN input with phone keypad • Forgotten id/pw search

  7. NRN for Information Sharing • Common identifier between different services • Example : for income tax deduction in National Tax Service Report all expense of a person (identified by NRN) School Credit Card Transport Hospital Insurance

  8. NRN, an Unique Identifier • Powerful and convenient tool for computerization and information sharing • Privacy invader • Nearly every Korean’s NRN were leaked • Easy to derive : 70 thousands NRN derivable from Facebook information • Unchangeable • A person’s all life trace can be connected with NRN

  9. Privacy Countermeasure for NRN • NRN use is prohibited 7th Aug ~ • Except) finance, hospital, tax, school.. • Replaced by birth date, account #, My-pin • My-pin • 13 digit number issued by gov as a replacement for NRN • Changeable • Hard to derive • Another unique number..

  10. ID Proofing - Offline • ID Proofing = Proofing ownership of NRN • National ID card • Issued to +17yr person • When enroll to offline service, NID Card is usually photocopied name photo NRN address

  11. ID proofing - Online • Based on offline ID proofing • I-PIN • SMS Auth Code 0. offline ID proofing (NRN) & get phone 0. offline ID proofing (NRN) & get I-PIN id/pw Telco I-PIN 3. SMS Auth Code 4. ID proof token 3. I-PIN login 4. ID proof token 2. redirect to I-PIN Svc 2. redirect to I-PIN Svc Online Service Online Service 1. ID proof 1. ID proof

  12. PKI • National PKI : Root CA + 5 CAs • +30 million users (of 50M People) • Finance, shopping, e-gov, … almost every area Root CA -KISA CA Cert. b. Regist CA -KTFC RA -Bank • Online ID proofing • Strong Authentication • Digital Signature c. Issue PK Cert.(NRN Hash) a. Offline ID proofing(NRN) Online Service CA’s public Key 1. NRN + Sig.+ Cert. 2.Verify Cert. & Validate NRN

  13. PKI – Current Issues • Many users feel uncomfortable • Too many plug-ins by every service provider • PKI, Key-logging protection, anti-virus, etc. • Regulation • Must use PK authentication for $300+ purchase • Plug-in free PKI solutions • HTML5 webcrypto • PKI via Smartphone • Regulation out of use lately • Various authentication methods (bio, token, ..) will be used for remote authentication

  14. Authentication • Strong Authentication • PKI • Security card • OTP • 2 Channels : SMS, phone call, smartphone app. Auth. Svr. 2nd Ch. celluar net Internet auth code ID push auth code input auth code

  15. SSO • Enterprise IAM system • e-gov • Large companies • Web SSO • O-Auth • Proprietary SSO 3. login 4. O-auth token 2. redirect to daum login Online Service 1. login

  16. Attribute sharing • Common identification based on NRN • Well used in e-gov • Common identification without NRN • ID-Federation considered lately Information Broker Information Consumer Information Provider Directory Authentication & Access Control

  17. Future Challenges of Korean IDM • Identification without NRN • Different ID for each service + ID federation • ID proofing without PKI • Offline ID proofing + online authentication • Authentication • Bio, behavior dynamics, H/W token,.. • SSO • Web SSO proliferation • Attribute Sharing • Cloud based identity provider + mobile privacy control

  18. Conclusions and Recommendations • Unique ID • Good for Computerization • Bad for Privacy • PKI + Offline ID proofing • Good for online ID proofing, authentication • Inconvenient without web browser native support • Not a standard problem • Korean e-gov system • Best system • Current) e-gov 3.0 : big data open

More Related