90 likes | 268 Views
Intra-ASEAN Secure Transactions Framework Project Progress Report. Chaichana Mitrpant chaichana @etda.or.th. Project Information. Support AIM 2015 under Strategic Thrust 2 :People Engagement and Empowerment Initiatives 2.4 : Building Trust
E N D
Intra-ASEAN Secure Transactions Framework Project Progress Report ChaichanaMitrpant chaichana@etda.or.th
Project Information • Support AIM 2015 under • Strategic Thrust 2 :People Engagement and Empowerment • Initiatives 2.4 : Building Trust • Action : Promote Secure transaction with in ASEAN • Description : Promote the use of two-factor authentication
Intra-ASEAN Secure Transactions Framework Project • Scope of work • Status update on : Laws, Policies, Regulations related to e-signature , certification • Propose e-authentication recommendation for Intra-ASEAN secure electronic transactions • Methodology • Desk Research : Review from the data available to public • Questionnaire Survey : Distributed to 10 ASEAN member countries • Period : 1 year • Budget : 10,000 USD
Executive Summary • Three main components of e-authentication have been identified as follows: • Assurance Levels and Risk Assessments – Levels of assurance are defined so that different levels of importance of getting e-authentication right can be distinguished. • Identity Proofing and Verification – For each level of assurance, an objective of authentication and a set of controls are defined. Then details about identity proofing and verification methods are provided for the registration process. • Authentication Mechanism – Different token technologies are listed and mapped to the levels of assurance. Moreover, how identity should be managed is recommended.
Executive SummaryIdentity Proofing and Verification Approach
Needs for ASEAN Legal Infrastructure The cooperation among Member States is necessary in creation of the legal framework for Information Technology Legal Infrastructure development to be in equivalence and conform to international principle especially in the following matters: • Legal Infrastructure for Cross Boarder Electronic transactions • Principle on organization or unit for supporting and controlling the reliance on Electronic Transactions • Clear policy relating to Authentication technology in Electronic Transaction • Clear and appropriate principle on Identification and Authentication in Electronic Transaction, for example, the principle that allows a Certification Authorities (Foreign CA) to issue foreign digital certificate • Relevant measurements regarding data confirmation, such as, Electronic Signature and the responsibility of data owner for the accuracy of data. • The principle on Personal Data Protection, including the principle on a request of data in Authentication system in Cross Boarder Transaction by authority or relating person, or data sharing between Government Sector and Private Sector.