How To Create Trust Online

Transcription

1 Authors: Niall Burns (Symphonic), Professor Bill Buchanan (Edinburgh Napier University), Cassie Anderson (miicard) Overview There is a growing demand within governments, health sectors, social care, police, education authorities and individual citizens to allow and enable controlled access to sensitive information based on trusted rights and privileges; particularly when doing so will lead to improved health and well-being and/or save lives. But this is a highly contentious subject and raises many ethical, political and technological questions. In this paper we explore how, once the ethical and political issues have been resolved, we handle the technical challenges of sharing data across disparate domains and sectors, and how we develop the necessary infrastructure and framework to provide the trust, assurances and confidence in a workable solution The challenge: creating trust online Most organisations share data in some form or another and almost all will have their own bespoke integral security and data governance layers, granting and denying access based on pre-defined claims provided by the user. This mechanism is reasonably effective when the users sharing this information are wellknown and the accessible domains are centrally controlled/owned. But as we open up our data to much wider audiences for greater efficiencies, and span across multiple domains and sectors, we are faced with a number of new problems: How do we identify users (from all walks of life, devices and networks) and assure ourselves that they are who they say they are and with what degree of certainty? How can we impose scalable, cross system, cross-domain policies given the disparity of our systems and their individual, often bespoke security protocols? How can we retain overall control and track who has access or who tried to access what services? "Big data is such a new area that nobody has developed governance procedures and policies, there are more questions than answers Boris Evelson, Forrester Research Inc. August 2012 How do we lock down systems in the case of an emergency? How can we guarantee the effective governance of the data we share? These questions, along with historical technological and political barriers, have prevented, or significantly delayed, the drive to successfully sharing data. The desire to share data is certainly there. A recent survey carried out at the e-health Conference in Edinburgh found that 62% of attendees would like access their health records online. The main restriction and focus now is How do we share relevant data in a highly trusted and governed framework for access to what may be highly sensitive data?

2 A centralised trust framework In order to achieve an accurate and comprehensive view/control of data governance within, and across organisational boundaries there needs to be a centralised approach to defining and distributing a single and binding trust framework. This trust framework contains all definitions related to the data governance, from the legal policy definitions, levels of trust assigned to identity and attribute providers, ontology of domains, roles, relationships and services, down to the granular data and service access policies. All access control is governed by a well-defined trust framework. In creating this centralised trust framework the organisations and domain owners can be assured that this framework forms the only basis on which data governance and service access rights can be granted - ensuring that when any new services or data exchanges are introduced (or when existing services are updated), they cannot simply bypass or make up their own rules for access. Defining trust levels As we make the move away from relying on built-in proprietary system security to more trusted and federated third-party identity providers, we need to implement a scalable and somewhat dynamic way of being able to define our trust levels and base our policies on these levels. PERMIT [MIICARD_USER] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE] As the service begins to support more and more identity providers and introduce different access/trust rights to each provider, we can end up with highly complicated and inflexible governance and access policies. When we introduce hundreds or thousands of services, each with differing access rights depending on identity provider and attribute provider, this can become increasingly complex. PERMIT [MIICARD_USER] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE] PERMIT [FEDERATED_ID_PROVIDER_USER] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE] PERMIT [NHS_FEDERATED_USER] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE] PERMIT [OTHER_FEDERATED_USER] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE]...

3 However, by defining trust levels within a trust framework and matching them to identity providers, attribute providers and the properties of these providers (such as whether they support bank validation, passport checks, password cycling, geo-location verification, etc.) we can then assign access to services based on the level of trust, opening our services to any identity provider defined in the trust framework. For example: Level of Assurance in Identity Identity Providers Attributes Supported Level of Assurance 1 Social accounts addresses [Username], [Password] Level of Assurance 2 Knowledge Based Assessment Upload scans of ID documents Data bureau checks [Username], [Password], [Document Check] Level of Assurance 3 miicard Government Identity Services EU e-passport Scheme Offline Physical ID Document Check [Username], [Password], [Document Check], [Bank Check], [Geo-location], [Mobile Verification], etc PERMIT [LEVEL_3] TO [ACCESS] [MYSECURESERVICE] FOR [READ] AND [WRITE] When new providers are approved, they can be added to the list of trusted providers under the appropriate trust level, making the integration of new identity and attribute providers not only simple but also without any modifications to the core access rights for the affected services.

4 Identifying the user Many industries are faced with the challenges of online identity as more business and services move online and user demand for convenience increases. As businesses look to deliver higher value and regulated products and services online we need to establish a greater level of trust in user identities across a range of industries including retail banking, finance, gaming, healthcare and ecommerce right through to dating, social and peer-to-peer networks. Year on year increases in identity related fraud, which now accounts for more than half of all fraud*, demands online identity verification be strengthened, particularly as the value in the information accessed or service increases. In identifying a user, access, Knowledge Based Assessments and data validation are not enough as they do not provide a level of assurance that a person is who they say they are online. Where high levels of trust are required, the user must be identified to the same level as an in-person physical ID document check such as passport, driver s licence or photo ID.

5 The solution: trusted data governance Symphonic has developed a range of tools based on patented technology to address the core issues surrounding data governance and trust levels. The Symphonic Suite provides the mechanisms to define and build a governance framework and the controls to enable highly assured data sharing from within and beyond organisational domains and sectors; while ensuring all compliance and policy requirements are maintained. miicard (My Internet Identity) has been selected as a trusted identity provider to Level of Assurance 3+ where high levels of trust are required for user access and is included in a number of pilot projects in online healthcare. How miicard works miicard (My Internet Identity) provides high levels of trust and traceability in identities purely online to enable secure access and information sharing across a range of applications. A Bring Your Own Identity (BYOID) solution, miicard provides a single, portable digital passport to use across the web where trust and confidence is required. Members have complete control over their miicard account and the personal information held within it. Using a consent based approach to information sharing and access rights, miicard members control the information they assert on accepting sites at all times and have the ability to revoke access by any party at any time. Delivered through an Identity as a Service platform, miicard provides a configurable Policy Engine to enable the escalation of the required level of trust, dependent on each situation. miicard combines Level of Assurance 3+ (LoA3+) identity proofing with strong authentication to provide the highest level of assurance in the online identity and its assertion, replacing the need for physical identity document checks. Identity proofing Through a patented process that leverages the trust between an individual and their financial institution, miicard establishes proof of identity to passport/ photo ID standard, providing Lo3+ purely online.

6 Strong authentication Hard and soft tokens, biometrics, location and device authentication are added as required to protect member accounts and ensure the true assertion of the identity. Verified attributes miicard is able to verified details of miicard members personal identities such as date of birth, phone number, address, device, signatures, qualifications and professional memberships. Each verified element, or attribute, of our member s identity has been checked with a third party data source to ensure its integrity. Active revalidation and bank-level security Active Revalidation of miicard member identities, through a process that runs nightly, ensures they are always up to date. Bank-level security and a number of member-set features to protect accounts including; multi-factor authentication, Enhanced Security Icons, strong passwords, Individualised Strong Encryption (ISETM), Enhanced SSL Certificates, auto session locking, device based security, activity alerts and detailed activity logging.

7 How Symphonic works The Symphonic suite consists of three core components each of which can operate as stand-alone products or can work with each other or existing systems to provide end-to-end integration. The core components are: Module Description Symphonic Trust This is a trust framework tool which enables the abstraction of roles, services, trust levels and defines their trust relationship. The export from this component provides the requirements for the information sharing/service aggregation policy. Symphonic Governance This takes, as an input, the abstraction of the trust framework, and provides a highly efficient rules engine to quickly and securely determine if an entity has the rights to access a given service based on their claims. This crosses domain boundaries and enables authentication and attribute provision from multiple identity and attribute providers. Symphonic Gateway This takes the rules from the governance engine, and implements them within a real-time filtering system, which controls and audits all the accesses to services between the domains.

8 Symphonic enables the abstraction, governance and implementation of trust relationships and security policies enabling disparate systems and domains to open up access to their services in a highly governed and secure manner, confident in the knowledge that only the services/data specified in their own managed Trust Framework can be accessed only by those with the necessary claims to gain permission. Example: Symphonic applied in online healthcare

9 About Symphonic and miicard Symphonic Symphonic technology is the culmination of over 5 years research and development within Edinburgh Napier University, through collaborations with both commercial and other academic partners, aimed at revolutionising the way organisations govern the sharing of information, allowing those that operate in highly-regulated environments such as health, social care, law and finance to securely share critical, timedependent and sensitive information. The innovative architecture created by Symphonic allows integration of complex trust and governance frameworks for information-sharing and legal policies to be integrated into the Symphonic solution, so that any information sharing which occurs meets compliance by design. miicard miicard (My Internet Identity) is a global Identity as a Service solution that proves you are who you say you are, purely online, in minutes and to the same level as a physical passport or photo ID check. Through a patented process that leverages the trust between an individual and their financial institution, miicard establishes identity to Level of Assurance 3+ and meets Know Your Customer and Anti-Money Laundering identity guidelines. Combining online identity proofing, verified attributes and strong authentication, miicard provides the trust and security required for people and businesses to meet and transact with confidence in a purely digital environment. As a single, trusted digital ID founded on the principles of Bring Your Own Identity, miicard is convenient and flexible providing members complete control over their online identity and personal information. With coverage across five continents and over 350 million people, miicard is creating trust online across a range of industries including finance, commerce, trading, gaming, healthcare, recruitment, dating, social and professional networking. * CIFAS 2012 Fraud Trends Report :