The framework of user information protection via secure SSO and PKI

Background/Objectives: There has been a necessity of a new system to protect and share user information with cooperative research institutes and manage subjects for managing and providing national R&D information.Methods/Statistical analysis: The National Science & Technology Information Service (NTIS) used the SSO API to share user information with cooperative research institutes safely. The API included minimum information only to prevent personal information such as user ID and authorization code from being leaked and observed related laws. For the authorization and management of user information targeted to open R&D information, moreover, 2-stage authentication has been established, using the certificate authentication system.Findings: Since information is collected and provided in diverse manners by multiple institutes, user information has been scattered, and there has been a risk of the leak of personal information. With the centralized collection and management of user information, however, the protection of personal information and observance of laws have become more convenient. Furthermore, the information is provided to the authorized managers only through the construction of a security system and utilization of access control system, and security has been secured. To make users utilize information properly at access to raw data, authorization procedures were strengthened, keeping national R&D information and users more reliable.Improvements/Applications: Through this framework, secure information-sharing & management systems were applied, improving the safety of information management.