Auflistung P223 - Open Identity Summit 2013 nach Erscheinungsdatum
1 - 10 von 24
Treffer pro Seite
- KonferenzbeitragAuthentication on Mobile Devices for Business Application(Open Identity Summit 2013, 2013) Müller, Martina; Zoller, Fabian; Pansa, Ingo; Gerlicher, AnsgarIdentity management faces new challenges of protecting resources that are aces from different and maybe unknown devices. This is caused by the fact that employees bring their own mobile devices to their offices and work with them [Gar12]. Consequently users, programmer and companies have to face challenges that arise from mobile authentication: the need for accessing business application is based on the employees user identity. This paper describes a methodical analysis and evaluation of the current state of the art authentication methods. The resulting evaluation is the basis for a prototypical implementation of the best evaluated authentication methods on mobile devices. To test and confirm the theoretical architectures implemented on mobile devices a usability test has been made. A conclusion sums up the lessons learned and recommendations are made.
- KonferenzbeitragAn Open eCard Plug-in for accessing the German national Personal Health Record(Open Identity Summit 2013, 2013) Kuhlisch, Raik; Petrautzki, Dirk; Schmölz, Johannes; Kraufmann, Ben; Thiemer, Florian; Wich, Tobias; Hühnlein, Detlef; Wieland, ThomasAn important future application of the German electronic health card (elektronische Gesundheitskarte, eGK) is the national Personal Health Record (PHR), because it enables a citizen to store and retrieve sensitive medical data in a secure and self-determined manner. As the stored data is encrypted with an eGK- specific certificate and retrieving the encrypted data is only possible after TLS- based authentication, the citizen needs to use a so called “PHR Citizen Client”, which allows to use the eGK for strong authentication, authorization, and decryption purposes. Instead of building such an application from scratch, this paper proposes to use the Open eCard App and its extension mechanism for the efficient creating of a PHR Citizen Client by developing an Open eCard Plug-in for accessing the German national Personal Health Record.
- KonferenzbeitragAuthentication and security integration for eCampus services at the University of Applied Sciences Harz using the German Electronic Identity Card/eID and eGovernment Standards(Open Identity Summit 2013, 2013) Strack, HermannA eCampus security shell architecture was developed and deployed to improve the security of existing university management systems (legacy UMS), integrating innovative eGovernment Standards e.g. the German Electronic Identity Card (GeID), the eGovernment Protocol OSCI and qualified Signatures (QES).
- KonferenzbeitragNot built on sand – How Modern Authentication Complements Federation(Open Identity Summit 2013, 2013) Lindemann, RolfEven after 40 years of IT innovations, passwords are still the most widely used authentication method. They are inherently insecure. Neither users nor service providers handle passwords appropriately. On the other hand more than 1 billion Trusted Platform Modules (TPMs) and more than 150 million secure elements have been shipped; microphones and cameras are integrated in most smart phones and fingerprint sensors and Trusted Execution Environments (TEEs) are on the rise. There are better ways for authentication than passwords or One- Time-Passwords (OTPs). The Fast Identity Online (FIDO) Alliance has been founded to define an open, interoperable set of mechanisms that reduce the reliance on passwords. We explain how secure hardware in conjunction with a generic protocol can help overcoming today's authentication challenges and how this protocol can be used as a solid basis for federation.
- KonferenzbeitragAn extensible client platform for eID, signatures and more(Open Identity Summit 2013, 2013) Wich, Tobias; Horsch, Moritz; Petrautzki, Dirk; Schmölz, Johannes; Hühnlein, Detlef; Wieland, Thomas; Potzernheim, SimonThe present paper introduces an extensible client platform, which can be used for eID, electronic signatures and many more smart card enabled applications.
- KonferenzbeitragIdentity management in cloud computing in conformity with European Union law? – Problems and approaches pursuant to the proposal for a regulation by the European Commission on electronic identification and trust services for electronic transactions in the internal market(Open Identity Summit 2013, 2013) Sädtler, StephanOn 4 June 2012, the EU Commission submitted a draft of a regulation on “electronic identification and trust services for electronic transactions in the internal market“ [EC12]2. Due to its impact onto the infrastructure of the new German identity card (nPA) it is subject to fierce criticism, particularly from Germany. This essay seeks to address that criticism and to discuss potential approaches, amongst others that of the research project „SkIDentity – Trusted Identities in the Cloud“ of the „Trusted Cloud“ programme3, whilst also addressing accompanying questions of law in the context of identity management in cloud computing.
- KonferenzbeitragAuthentication on high critical infrastructures using interoperable federated identities(Open Identity Summit 2013, 2013) Lunkeit, Armin; Großmann, JürgenThe technical guideline TR-03109 divides between the roles of the SMGW technician and the Gateway administrator whereas the Gateway administrator gains full access to the SMGW and the service technician has only very limited access rights. In many scenarios the service technician will also need full access to the Smart Meter Gateway which means that he must be able to change its role. Federated identities can help to create a solution that keeps the strict role enforcement between service technician and Gateway Administrator. This article presents an approach on the background of the current Smart Grid development and identity technology adopting approaches used for the German national ID card. A short discussion pertaining threats and risks completes the discussion.
- KonferenzbeitragSelective LDAP Multi-Master Replication(Open Identity Summit 2013, 2013) Bauereiss, Thomas; Gohmann, Stefan; Hutter, Dieter; Kläser, AlexanderLDAP directory services are widely used to store and manage information about the assets of organisations and to ease the administration of IT infrastructure. With the popularity of cloud computing many companies start to distribute their computational needs in mixed-cloud infrastructures. However, distributing an LDAP directory including sensitive information to partially trusted cloud servers would constitute a major security risk. In this paper, we describe an LDAP replication mechanism that allows for a fine-grained selection of parts of an LDAP directory tree that are replicated to another server using content-based filters, while maintaining the availability and performance advantages of a full multi-master replication. We discuss sufficient conditions on replication topology and admissible operations such that the replication mechanism provides eventual consistency of selectively replicated data.
- KonferenzbeitragMobile Devices as Secure eID Reader using Trusted Execution Environments(Open Identity Summit 2013, 2013) Stein, MaximilianThis work presents a prototype implementation of a smartphone as secure eID reader using NFC technology. The presented approach aims to reach a security level close to standalone smart card readers. This security level will be allowed by the means of a trusted execution environment (TEE) which allows strong isolation and separation for critical applications and provides trusted, not interceptable user input and output. The prototype supports the German eID (nPA) and follows the relevant guidelines.
- KonferenzbeitragCommon Criteria certified open source software – fact or fiction?(Open Identity Summit 2013, 2013) Gustavsson, TomasIn 2012 the two open source projects CESeCore and EJBCA were Common Criteria certified [CCP], using open source tools and open source methodologies. As the actual software and its long term evolution is perhaps the most important result for most users, we will look at how certification, distribution and maintenance is managed. Can they be done in an open source way, and is certification always suitable? The Common Criteria for Information Technology Security Evaluation (Common Criteria) is a standard for IT security certification defined by ISO/IEC 15408 [WP]. The Common Criteria provides trust that processes for specification, implementation and evaluation has been performed in a rigorous and standardized way. Recognized world wide and governed by national certification bodies, Common Criteria is used as requirement for procurement and use of security software in governments, banks and enterprises. Common Criteria has been criticized for large costs and potential discrimination against Open Source Software [DW]. Given the rigorous system that Common Criteria enforces, how can open source software be certified, and maintained as certified? Drawbacks and benefits of a Common Criteria certification will be described, and how certification limits the maintenance of an open source project. Common Criteria certified open source software – fact or fiction? After this presentation software developers will be able to determine if their open source project is suitable for Common Criteria certification, whilst software users will have a good idea if they should require certification.