Biometrics in Identity as a Service



Similar documents
Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Cloud-Based Identity Services

Online Identity Attribute Exchange Initiatives

Online Identity Attribute Exchange Initiatives

Biometrics and Cyber Security

Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19

NISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference

Audio: This overview module contains an introduction, five lessons, and a conclusion.

The Leading Provider of Identity Solutions and Services in the U.S.

Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals

Can We Reconstruct How Identity is Managed on the Internet?

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

WHITE PAPER Usher Mobile Identity Platform

Operational and Policy Considerations. Glenn R. Cook Department of Information Sciences Naval Postgraduate School Monterey, CA

Identity, Credential, and Access Management. Open Solutions for Open Government

The Intermediate Unit And Electronic Signatures

THE LEADING EDGE OF BORDER SECURITY

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

The Convergence of IT Security and Physical Access Control

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Date: Wednesday March 12, 2014 Time: 10:00 am to 2:45 pm ET Location: Virtual Hearing

Information Technology Policy

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

Identity: The Key to the Future of Healthcare

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

Application of Biometric Technology Solutions to Enhance Security

Security Issues in Cloud Computing

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices

Voice Authentication On-Demand: Your Voice as Your Key

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Identity and Access Management Initiatives in the United States Government

The Virginia Electronic Notarization Assurance Standard

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

IDaaS: Managed Credentials for Local & State Emergency Responders

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

Report to the Council of Australian Governments. A Review of the National Identity Security Strategy

2. APPLICABILITY AND SCOPE

esign Online Digital Signature Service

SecurityManager. Enterprise Personnel & Physical Security Case Management Solution for Federal Agencies

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Is Your Vendor CJIS-Certified?

ACI - NA PUBLIC SAFETY & SECURITY FALL CONFERENCE 2012 AVIATION BADGING EFFICIENCIES

Trust Elevation Using Risk-Based Multifactor Authentication. Cathy Tilton

The Top 5 Federated Single Sign-On Scenarios

US Security Directive FIPS 201

GLOBAL TELECOM INVOLVEMENT in the I D E N T I T Y E C O S YS T E M. July 2013

An Operational Architecture for Federated Identity Management

U.S. Senate Homeland Security and Government Affairs Committee

How much do you pay for your PKI solution?

Agency Information Collection Activities: REAL ID: Minimum Standards for Driver s

Moving to Multi-factor Authentication. Kevin Unthank

Internet Banking Internal Control Questionnaire

Cloud Computing and the Regulatory Compliance Labyrinth

Executive Summary P 1. ActivIdentity

Identity Cards. The Next Steps

UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Federal Identity, Credential, and Access Management Trust Framework Solutions. Overview

Module 1: Facilitated e-learning

Your secure identity. Meeting proof of identity requirements

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

Top 5 Reasons to Choose User-Friendly Strong Authentication

SIGNIFICANT CHANGES DOCUMENT

NC CJIN Governing Board. 13 October, George A. White

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Justice Management Division

SUPPLIER SECURITY STANDARD

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Physical Access Control System

Identity Access Management: Beyond Convenience

IDENTITY-AS-A-SERVICE IN A MOBILE WORLD. Cloud Management of Multi-Modal Biometrics

Independent Accountants Report

How To Create Trust Online

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010

VASCO: Compliant Digital Identity Protection for Healthcare

Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

US-VISIT Five Country Joint Enrollment and Information-Sharing Project (FCC)

DEA's New Proposed Regulations For E-Prescribing

Personal Identity Verification

Dynamic Security for the Hybrid Cloud

SECURITY INFRASTRUCTURE Standards and implementation practices for protecting the privacy and security of shared genomic and clinical data

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

TESTIMONY. Kelli Ann Burriesci. Deputy Assistant Secretary for Screening Coordination. Office of Policy U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE

HomeConvenience.com. Creating Trust Online CASE STUDY. Comodo Identity and Trust Assurance Suite. Content Verification Certificate.

AIRSPACE WAIVERS AND FLIGHT AUTHORIZATIONS FOR CERTAIN AVIATION OPERATIONS (INCLUDING DCA) (Amended)

DEPARTMENTAL REGULATION

Department of Veteran Affairs VA HANDBOOK 6510 VA IDENTITY AND ACCESS MANAGEMENT

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

General HIPAA Implementation FAQ

Intelligent Security Design, Development and Acquisition

The Convergence of IT Security and Physical Access Control

Cloud Computing Security Considerations

Transcription:

Daon - your trusted Identity Partner Biometrics in Identity as a Service What is BaaS and who is doing it? Catherine Tilton 28 September 2011

The Need As the world becomes more interdependent, as transactions become more global, and as the world embraces identity management and assurance as an element of conducting business, personal identities will become a form of global currency. Whether you are crossing a border, seeking employment, applying for a public benefit, opening a bank account, combating crime, making a purchase, enforcing immigration policy, granting access to public and private spaces, detecting terrorists ---- identity verification has limitless value. Governor Tom Ridge 1 st Secretary, U.S. Department of Homeland Security 2

The Drivers Business and Government focus on cost reduction and resource allocation through process outsourcing. Cost Pressure Increasing levels of government and industry regulation mandating the validation of a person s identity e.g., Maritime Security Industry Card to protect our ports & offshore facilities Working with Children card to protect the community. Regulation Increased demand for identity services Risk of Identity Fraud Increasing frequency, cost and impact of identity fraud and more sophisticated criminal behaviour requires more stringent identity validation of individuals and entities. 3

Evolution? 4

XaaS Emerging trend to offer various capabilities as a service Software as a service (SaaS) cloud computing Infrastructure as a service (IaaS) Network as a service (NaaS) Platform as a service (PaaS) Everything as a Service Services 5

XaaS Common Attributes Low barriers to entry Initially, services targeted consumers and small businesses Little or no capital expenditure Infrastructure is owned by the provider. Massive scalability Though many of the offerings have yet to achieve large scale Multi-tenancy Enables resources (and costs) to be shared amongst many users. Device independence Enables access regardless of client device (e.g., PC, mobile) Location independence Allows users remote access to systems 6

What is IDaaS? Identity as a service Outsourced identity management Outsourced authentication and attribute services Hosted identity services Identity in the cloud Third party identity services Business model for third party identity provisioning Decentralized identity Application-centric identity management Externalized user identification Primarily viewed from an IT perspective 7

Identity Management Overloaded term! IT context: a discipline which encompasses all of the tasks required to create, manage, and delete user identities in a computing environment [tech-faq] Relates to user accounts Broader context: the combination of technical systems, rules, and procedures that define the ownership, utilization, and safeguarding of personal identity information. The primary goal of the IdM process is to assign attributes to a digital identity and to connect that identity to an individual. [NTSC] Relates to identity assurance 8

Federated Identity Initiatives in the IT space OpenID Kantara IdenTrust InCommon US ICAM NSTIC Facilitated by.. SAML IMI O-Auth Identity, Credential, and Access Mgmt Source: OpenID 9

Federal PKI Trust Framework 10

11

Who is embracing IDaaS? UK Post Australia Post US UPS New Zealand Kiwibank/NZ Post India UID Authentication Service Singapore National Authentication Framework US IRS, TSA, states 12

BaaS areas Services 13

Identity Services Capability Background Checking List Screening Criminal History Check On-line Form On-line Payment Enrollment Data Call Centre Electronic Transmission to Agency or Business Paper Form Interview Document Inspection and Scanning Facial Image Capture Fingerprint Scanning Voice Authentication Electronic Signature 14

Enrollment as a Service More systems becoming biometrically enabled Enrolment can be an expensive and logistically challenging operation Efficiencies to be gained by a common enrolment network Countries looking at how main street vendors can be leveraged e.g., with nationwide outlets Examples: Post offices Considerations: Ensuring sample quality Security & privacy, trust Auditing, payment processing Enrolment Service Providers SP 1 SP2 SP3 Consolidation (optional) System 1 e.g., Passport Processing System 2 e.g., Drivers Licensing Systems of Record 15

Screening Services Many needs today for screening individuals Positions of trust Critical infrastructure protection (e.g., transportation workers) Those working with vulnerable persons (children, elderly, & disabled) Licenses & certifications Types & levels of screening/vetting Proof of identity, residence, status Criminal history records check Financial history Threat screening (e.g., KST) 16

Screening applications Identity screening & vetting Healthcare Families and concerned citizens look to regulating agencies to protect the sick and vulnerable from unscrupulous care providers. Visitor Access Physical assets, national or religious treasures and critical infrastructure and facilities can be protected from unauthorized access by checking visitors and contractors. Banking Protect bank assets from fraudulent access and comply with federal regulations by thoroughly background screening employees. Child Care and Elderly Care Those caring for the old and the young must be vetted by law to ensure that caregivers do not have a criminal history. Corporate Credential Corporate resources can be quickly and irrevocably damaged by disgruntled or malicious employees without appropriate physical and logical access controls in place. 17

Identity credentialing Employee/contractor/ visitor badging ` Identity Collection Internet IDMS CJIS Life cycle management services: Initial card issuance Activation Physical Access Control System Single Sign On System Identity Enablement Vetting Source 1 Vetting Source n Renewal Replacement Revocation Provisioning to access control systems 18

Authentication services Biometric Registration Process Subscriber Identity + Biometric Credential Est. Identity + biometric Credential Applies Biometric Authentication Process Identity proofing Enrolls biometric Biometric Authentication Service Provider Registers Biometric Binds identity to reference biometric Claimant Claimed identity + Live biometric Assertion Access Requests access Verifies identity (through biometric matching) Checks authorization Grants access 19

Singapore NAF example Need for stronger authentication in government & commercial/ consumer sectors Support for online transactions Intent to be market driven, with multiple service providers Source: IDA 20

The UPS Store UPS provides its 4,400 locations in the United States as well as nearly 1,300 locations outside the US as professional, convenient, and consistent settings for people to access when they need to have their biometric data collected and submitted for a variety of purposes, including background screening and credentialing. 21

Internal Revenue Service The Tax Preparer Initiative was created to fingerprint and background check the 1.2M individuals that prepare tax returns as well as those individuals that file tax returns electronically, and provide additional education/training to the tax return preparers and conduct competency testing. IRS needs a provide tax preparers with a cost effective and convenient way to prove that they meet the ethical standards of conduct set forth by the IRS. 22

Australia Post Trust Based Services Building on the ubiquity if its outlets and citizen trust in its agents, Australia Post desires to provide identity verification and biometric enrollment services for a wide variety of provincial, national, and commercial clients. 23

Future Market Directions Identity-as-a-Service (IDaaS) Modular and coherent set of services for managing identities Outsourced Identity Management Complex and expensive to implement in-house Industry-specific requirements/regulations In-person proofing Need increased assurance on in-person identity verification Increasing need to collect biometrics Identity Management Forecast: Forrester Research 24

Conclusion Identity becoming increasingly important to security & commerce The world is moving towards a services model Benefits to be gained by shared services Identity services are no exception Trusted service providers required 25

Next Up 26

Thank You! Catherine J. Tilton, CBP VP, Standards & Technology, Daon 11955 Freedom Drive, Suite 16000 Reston, VA 20190 703-984-4080 cathy.tilton@daon.com 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information