Ask the Expert

If my security policy from a privacy perspective does not allow one to use PKI due to linkage, how w

If my security policy from a privacy perspective does not allow one to use PKI due to linkage, how would I randomize the authentication assertions from various governmental program areas? The privacy legislation does not allow one to have linkages along the lines of a SPKI environment. How would one introduce entropy into the token with PKI to get around the privacy concerns?

    Requires Free Membership to View

The more secure the procedure, the more invasive to privacy. While PKI and privacy issues have been the most debated and published topics, there still lies confusion. Several SIG's are working with federal agencies in this area. One of the recommendations is to get a Privacy Impact Assessment done to clearly identify the information leakages. Further, in order to avoid the privacy issues, implement pseudonyms or basically pseudonym identifiers for users and map the same to attributes that can be validated. Since, this can't be explained in few lines, it would be better to direct you to the knowledgebase.

These papers will give you enough information on PKI as it relates to privacy issue and also outlines the proposed solutions and assertion mechanisms:

  • PKI assertion issues and proposed alternatives
  • Federal PKI initiative
  • Authentication and introduction of entropy in PKI
  • This was first published in June 2005

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: