1 / 7

Implementation Proposal for UID and PIN System at NIH for Enhanced Security

This proposal outlines the implementation of a dual identification system utilizing a Unique ID (UID) and Personal ID Number (PIN) for new NIH employees. Upon reporting to work, employees will be assigned a public 9-digit UID and a private 5 to 8-digit PIN, securely provided in person. The UID and PIN will be stored in a secure, central database, enabling authorized systems to validate an employee’s identity. This system aims to enhance convenience, security, and trust when interacting with automated systems for essential services such as login and certificate registration.

mary
Télécharger la présentation

Implementation Proposal for UID and PIN System at NIH for Enhanced Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UID + PIN Proposal NIH AMG Technical Subcommittee September 17, 1997

  2. UID + PIN Proposal • When a new employee reports to work at NIH, assign both: • A public 9-digit Unique ID (UID) • A secret 5 to 8 -digit Personal ID Number (PIN) • The employee receives the PIN in person from an AO or badge issuing office • The employee receives the PIN in printed form, including instructions for protection and use

  3. UID + PIN Proposal • To protect from loss or theft, the printed PIN form does not contain any employee ID • The UID + PIN are stored in a secure central database • A centrally managed service enables authorized applications to validate a UID + PIN • NOTE: existingemployees may not need PIN

  4. PIN Purpose • Knowledge of the UID + PIN enables an individual to prove to an automated system that they are the same person that met with the AO or badge issuer • Employees can use UID + PIN to conveniently and securely obtain from an automated system: • login name + password • public + private key pair and certificate registration

  5. Alternative #1: Do Less • Do Less = do nothing • Lost opportunity--no way to prove personal contact with AO/badge issuer • Establishing equal or better trust level later on will require the inconvenience of a second meeting

  6. Alternative #2: Do More • Doing more involves a device (e.g. smart card or PC) • Inefficient: all employees do not require computer accounts or certificates • Wrong time: need for computer access may not be known on first day; PC may not be available • Wrong people: can/will AO/badge issuer properly handle technically complex process?

  7. Modifications and Extensions • Assign PINs to other badge holders (contractors) • Allow UID + PIN to be used only once; login name + password or certificate used thereafter • password stronger than PIN • login name + password easier to remember than UID + PIN • UID + PIN used for other ATM-style services for employees

More Related