html5-img
1 / 11

Authentication Methods and the Privacy Issue

Authentication Methods and the Privacy Issue. Takato NATSUI Professor at Meiji University Attorney at law. Table of Contents. General Aims My Opinions and Arguments Distinction between authentication methods Problems – Confusion caused by misunderstanding or by wrong purposes

garren
Télécharger la présentation

Authentication Methods and the Privacy Issue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Methodsandthe Privacy Issue Takato NATSUI Professor at Meiji University Attorney at law ILPF Conference 2002

  2. Table of Contents • General Aims • My Opinions and Arguments • Distinction between authentication methods • Problems – Confusion caused by misunderstanding or by wrong purposes • Discussions ILPF Conference 2002

  3. General Aims • Authentication methods are not created equally - just look at their price range. We explore authentication options and how to identify legally appropriate methods for various uses. ILPF Conference 2002

  4. Distinction between authentication methods • In theory, there are 2 main types of authentication method in accordance with their fundamental natures and social functions. • Person oriented authentication methods • Function oriented authentication method • These 2 types of authentication method have to be distinguished between. ILPF Conference 2002

  5. Rigid User Identification by data matching with personal data is usually or often necessary. Specific User only Accessible Server User Machine Anonymous User also Accessible Server Rigid User Identification is not necessary ILPF Conference 2002

  6. Person oriented authentication methods • Explanation: • For this type of authentication, it is important to distinguish between who is accessing the system. • The data matching for the certification process uses the human identifier information, and is a necessary process. • There are many commercial and non-commercial methods of this kind on the Web. But, commercial authentication services would be very expensive for private use. • Privacy data protection issues may occur mainly in this field, including SPAM problems and problems relating to misuse of private customer data. ILPF Conference 2002

  7. Function oriented authentication method • Explanation: • For this type of authentication, it is important to distinguish between information being processed and who is logging on. • The data matching for the certification should be done from the access data itself without using any human identifier information. ILPF Conference 2002

  8. ProblemsConfusion caused by misunderstanding or by wrong purposes • However, for the Internet Service Providers (ISPs), it is equally necessary to authenticate the users who use the specific access account that is processing in each method at the time. • In fact, these might be confused as being the same certification process. ILPF Conference 2002

  9. Explanation: • With prepaid Card type access accounts, guest ID logging, free access accounts or with digital tokens of anonymous type electronic money, the function oriented authentication method should be used. It is not important to verify or certify who is using this type of account. For example, his/her social security number, postal address, telephone number or ID number and so on should be not used. • Thus, for example, the guest ID should be open to everyone who has the intention of using it. The system should only check the guest ID itself, and not access any personal information stored in their database. Then everyone would be verified as a certified user, and have the right to access the specified computer system with having had their privacy compromised. • But, in the practical processing in the transactions operated by ISPs, some human identifier process would be or may be necessary. For instance, checking the user account would also be done at the function oriented certification process stage. • In theory, such checking should be unnecessary. For example, in such a function oriented certification process, only the correctness or validity of the Guest ID etc. should have to be checked. There is no need for user identification. • Nevertheless, in fact, user identifier information might also be corrected and checked in such a process. This would indicate the existence or probability of some kind of privacy issues. ILPF Conference 2002

  10. On the other hand, in the person oriented authentication method also, there are some confusions or inadequate use. • Explanation: • A kind of over-collection of personal use would be observed in this process. For example, needless personal data may also be corrected in the course of authentication. This needless personal data may be misappropriated for other commercial purposes. • In addition, if the authentication security level is not that high enough, it would not be necessary to collect and certify so many elements for personal identification. Of course, for the rigid and complete certification at higher levels, more detailed elements of personal data would be necessary to collect and examine. But, this difference in necessity of element collection of personal data in accordance with each level is not so clearly recognized. It may be caused by the overflowing or over-supplied specs or technical functions of commercial based authentication software or services. ILPF Conference 2002

  11. Discussions • How to educate the relevant people as to the right way to choose appropriate authentication methods for each user • How to recognize wastefulness • How to block any illegal use of personal data ILPF Conference 2002

More Related