1 / 7

UID + PIN Proposal

UID + PIN Proposal. NIH AMG Technical Subcommittee September 17, 1997. UID + PIN Proposal. When a new employee reports to work at NIH, assign both : A public 9-digit Unique ID (UID) A secret 5 to 8 -digit Personal ID Number (PIN)

mary
Download Presentation

UID + PIN Proposal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UID + PIN Proposal NIH AMG Technical Subcommittee September 17, 1997

  2. UID + PIN Proposal • When a new employee reports to work at NIH, assign both: • A public 9-digit Unique ID (UID) • A secret 5 to 8 -digit Personal ID Number (PIN) • The employee receives the PIN in person from an AO or badge issuing office • The employee receives the PIN in printed form, including instructions for protection and use

  3. UID + PIN Proposal • To protect from loss or theft, the printed PIN form does not contain any employee ID • The UID + PIN are stored in a secure central database • A centrally managed service enables authorized applications to validate a UID + PIN • NOTE: existingemployees may not need PIN

  4. PIN Purpose • Knowledge of the UID + PIN enables an individual to prove to an automated system that they are the same person that met with the AO or badge issuer • Employees can use UID + PIN to conveniently and securely obtain from an automated system: • login name + password • public + private key pair and certificate registration

  5. Alternative #1: Do Less • Do Less = do nothing • Lost opportunity--no way to prove personal contact with AO/badge issuer • Establishing equal or better trust level later on will require the inconvenience of a second meeting

  6. Alternative #2: Do More • Doing more involves a device (e.g. smart card or PC) • Inefficient: all employees do not require computer accounts or certificates • Wrong time: need for computer access may not be known on first day; PC may not be available • Wrong people: can/will AO/badge issuer properly handle technically complex process?

  7. Modifications and Extensions • Assign PINs to other badge holders (contractors) • Allow UID + PIN to be used only once; login name + password or certificate used thereafter • password stronger than PIN • login name + password easier to remember than UID + PIN • UID + PIN used for other ATM-style services for employees

More Related