Daon - your trusted Identity Partner Biometrics in Identity as a Service What is BaaS and who is doing it? Catherine Tilton 28 September 2011
The Need As the world becomes more interdependent, as transactions become more global, and as the world embraces identity management and assurance as an element of conducting business, personal identities will become a form of global currency. Whether you are crossing a border, seeking employment, applying for a public benefit, opening a bank account, combating crime, making a purchase, enforcing immigration policy, granting access to public and private spaces, detecting terrorists ---- identity verification has limitless value. Governor Tom Ridge 1 st Secretary, U.S. Department of Homeland Security 2
The Drivers Business and Government focus on cost reduction and resource allocation through process outsourcing. Cost Pressure Increasing levels of government and industry regulation mandating the validation of a person s identity e.g., Maritime Security Industry Card to protect our ports & offshore facilities Working with Children card to protect the community. Regulation Increased demand for identity services Risk of Identity Fraud Increasing frequency, cost and impact of identity fraud and more sophisticated criminal behaviour requires more stringent identity validation of individuals and entities. 3
Evolution? 4
XaaS Emerging trend to offer various capabilities as a service Software as a service (SaaS) cloud computing Infrastructure as a service (IaaS) Network as a service (NaaS) Platform as a service (PaaS) Everything as a Service Services 5
XaaS Common Attributes Low barriers to entry Initially, services targeted consumers and small businesses Little or no capital expenditure Infrastructure is owned by the provider. Massive scalability Though many of the offerings have yet to achieve large scale Multi-tenancy Enables resources (and costs) to be shared amongst many users. Device independence Enables access regardless of client device (e.g., PC, mobile) Location independence Allows users remote access to systems 6
What is IDaaS? Identity as a service Outsourced identity management Outsourced authentication and attribute services Hosted identity services Identity in the cloud Third party identity services Business model for third party identity provisioning Decentralized identity Application-centric identity management Externalized user identification Primarily viewed from an IT perspective 7
Identity Management Overloaded term! IT context: a discipline which encompasses all of the tasks required to create, manage, and delete user identities in a computing environment [tech-faq] Relates to user accounts Broader context: the combination of technical systems, rules, and procedures that define the ownership, utilization, and safeguarding of personal identity information. The primary goal of the IdM process is to assign attributes to a digital identity and to connect that identity to an individual. [NTSC] Relates to identity assurance 8
Federated Identity Initiatives in the IT space OpenID Kantara IdenTrust InCommon US ICAM NSTIC Facilitated by.. SAML IMI O-Auth Identity, Credential, and Access Mgmt Source: OpenID 9
Federal PKI Trust Framework 10
11
Who is embracing IDaaS? UK Post Australia Post US UPS New Zealand Kiwibank/NZ Post India UID Authentication Service Singapore National Authentication Framework US IRS, TSA, states 12
BaaS areas Services 13
Identity Services Capability Background Checking List Screening Criminal History Check On-line Form On-line Payment Enrollment Data Call Centre Electronic Transmission to Agency or Business Paper Form Interview Document Inspection and Scanning Facial Image Capture Fingerprint Scanning Voice Authentication Electronic Signature 14
Enrollment as a Service More systems becoming biometrically enabled Enrolment can be an expensive and logistically challenging operation Efficiencies to be gained by a common enrolment network Countries looking at how main street vendors can be leveraged e.g., with nationwide outlets Examples: Post offices Considerations: Ensuring sample quality Security & privacy, trust Auditing, payment processing Enrolment Service Providers SP 1 SP2 SP3 Consolidation (optional) System 1 e.g., Passport Processing System 2 e.g., Drivers Licensing Systems of Record 15
Screening Services Many needs today for screening individuals Positions of trust Critical infrastructure protection (e.g., transportation workers) Those working with vulnerable persons (children, elderly, & disabled) Licenses & certifications Types & levels of screening/vetting Proof of identity, residence, status Criminal history records check Financial history Threat screening (e.g., KST) 16
Screening applications Identity screening & vetting Healthcare Families and concerned citizens look to regulating agencies to protect the sick and vulnerable from unscrupulous care providers. Visitor Access Physical assets, national or religious treasures and critical infrastructure and facilities can be protected from unauthorized access by checking visitors and contractors. Banking Protect bank assets from fraudulent access and comply with federal regulations by thoroughly background screening employees. Child Care and Elderly Care Those caring for the old and the young must be vetted by law to ensure that caregivers do not have a criminal history. Corporate Credential Corporate resources can be quickly and irrevocably damaged by disgruntled or malicious employees without appropriate physical and logical access controls in place. 17
Identity credentialing Employee/contractor/ visitor badging ` Identity Collection Internet IDMS CJIS Life cycle management services: Initial card issuance Activation Physical Access Control System Single Sign On System Identity Enablement Vetting Source 1 Vetting Source n Renewal Replacement Revocation Provisioning to access control systems 18
Authentication services Biometric Registration Process Subscriber Identity + Biometric Credential Est. Identity + biometric Credential Applies Biometric Authentication Process Identity proofing Enrolls biometric Biometric Authentication Service Provider Registers Biometric Binds identity to reference biometric Claimant Claimed identity + Live biometric Assertion Access Requests access Verifies identity (through biometric matching) Checks authorization Grants access 19
Singapore NAF example Need for stronger authentication in government & commercial/ consumer sectors Support for online transactions Intent to be market driven, with multiple service providers Source: IDA 20
The UPS Store UPS provides its 4,400 locations in the United States as well as nearly 1,300 locations outside the US as professional, convenient, and consistent settings for people to access when they need to have their biometric data collected and submitted for a variety of purposes, including background screening and credentialing. 21
Internal Revenue Service The Tax Preparer Initiative was created to fingerprint and background check the 1.2M individuals that prepare tax returns as well as those individuals that file tax returns electronically, and provide additional education/training to the tax return preparers and conduct competency testing. IRS needs a provide tax preparers with a cost effective and convenient way to prove that they meet the ethical standards of conduct set forth by the IRS. 22
Australia Post Trust Based Services Building on the ubiquity if its outlets and citizen trust in its agents, Australia Post desires to provide identity verification and biometric enrollment services for a wide variety of provincial, national, and commercial clients. 23
Future Market Directions Identity-as-a-Service (IDaaS) Modular and coherent set of services for managing identities Outsourced Identity Management Complex and expensive to implement in-house Industry-specific requirements/regulations In-person proofing Need increased assurance on in-person identity verification Increasing need to collect biometrics Identity Management Forecast: Forrester Research 24
Conclusion Identity becoming increasingly important to security & commerce The world is moving towards a services model Benefits to be gained by shared services Identity services are no exception Trusted service providers required 25
Next Up 26
Thank You! Catherine J. Tilton, CBP VP, Standards & Technology, Daon 11955 Freedom Drive, Suite 16000 Reston, VA 20190 703-984-4080 cathy.tilton@daon.com 27