BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
1. BUSINESS CASES AND IDENTITY
RELATIONSHIP MANAGEMENT
Jean-Marc Meslin
Portfolio Partner - Verizon
jean-marc.meslin@fr.verizon.com November 2014
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
2. Identity Protection Is Critical
Many passwords are easily
detected or guessed.
Hackers use increasingly
sophisticated methods and tools.
Using the same login credentials
across multiple sites increases risk.
82%
of crimeware incidents
targeted user credentials.*
*Source: Verizon 2014 Data Breach Investigations Report
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
3. The Connected World Today:
Mobility & M2M Ecosystem
Machines
Consumers
Enterprise
Users
Business
Partners
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
4. Mobility is Driving a New Mindset among
Consumers (Employee, Consumer, Citizen, etc)
A New Mobile
Mindset
“I need better tools for
managing my digital personas
and profiles—not just Facebook
but bank accounts and
relationships with retailers and
loyalty programs”
Consumer
Community
“My local government and
healthcare providers are too
slow and inaccessible. There
are too many forms and
redundancies”
Citizen
Patient
“To stay connected I need the
ability to jump from work to my
personal life without worrying
about restrictive policies or
outdated devices”
Employee
Colleague
Friend
Family
Need for Seamless and secure access to anyone, anywhere on any device
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
5. Machines Are Communicating
More Than Ever
• VPNs and wireless networks
• BYOD devices
• Smart card authentication systems
• TV set-top boxes
• Vehicle communications systems
• Tachograph devices
• Power grids
• Street and traffic lights
• Smart-home systems
• Factory and industrial
machine systems
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
6. Relationship between Identities
to increase security
Verify and
Authenticate
Devices
Verify and
Authenticate
People
Employees
Patients
Citizens
Consumers
People
Identity
Partners
Telematics
Identity Cards
Physical
Access
M2M
Devices
Device
Identity
Wired
Devices
Identity Relationship management is already available for Enterprise and
allows links between identities of people and devices and strengthen Identity
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
7. A need for White Label Identity Services
People
Devices
Identity Form factors
Login/password
Digital signature
HW tokens
Soft tokens
Identity Form factors
Open
Standards
Open
Standards
Services needed
Open
Standards
Business Applications
Work Login
Healthcare
Shopping
Banking
Identity Issuance
Services (IDP)
Federation &
Identity Broker
Services
Risk
Services
RFID
Digital Certificates
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
8. So what relationships?
Relationship between two entities that can be authenticated
This includes:
• Users
• Devices
• Third Parties
• Identified locations
Relationship between entities can be leveraged to strengthen
authentication and secure transaction or any exchange of data
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
9. IRM example in the online Payment world:
3D Secure
3D Secure defines a framework where the Issuing bank will
authenticate the cardholder for a an online transaction allowing the
merchant to pass the liability (in case of fraudulent transaction) to
the Issuing Bank.
3D Secure leverage the relationships between actors/entities
involved in the transaction:
• The Merchant (and its acquired bank)
• The Issuing bank
• The cardholder/consumer (and a device)
• The Interoperability Domain (infrastructure provided by the card
schemes)
Authentication of cardholder involve in most cases the use of a
device (Mobile phone to receive token via SMS or other devices
for token generation)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
10. 3D Secure overview
Online Merchant
Client (cardholder)
1:Order and Card details
3D Secure
Merchant
Plugin
Directory Server
Access Control
Server
Authentication
History Server
6: Authorization 6: Authorization request request
Payment System
6: Authorization request
Issuing Bank Acquiring Bank
Issuer domain Interoperability domain
Acquirer domain
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
11. IRM for Citizens:
Identity Assurance Program UK Cabinet Office
Assure UK Objectives:
• Provide secure credential to UK Citizens (currently in beta phase)
• Core of the solution is Identity Proofing
• Verizon is one of selected identity providers to provide secure identities to
UK citizens
– Strong authentication
– Users proof their identity online
VERIZON UK IDENTITY PROVIDER
– Fraud / compliancy requirements
– User experience requirements
Integration layer
– Specialized federation protocols
Government
HUB
Profile
Management
portal
Authentication
Portal
(OpenAM)
Identity
Services
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
12. IRM for Citizens:
Belgian Government
• Registration & self management portal
– Number of identities: +2 000 000 (in
database; not including eID users)
• Role management
– Number of roles: 75 000
• Authentication portal
– Federation: SAML2 – Oauth – WSFed
– Number of relying parties: 500
– Peaks of 400 000 authentications per day /
25 authentications per second
– attribute services (10 sources)
– Complicated SSO model: depends on context
(civil servant, citizen), and authentication
level
Local and regional
services Supporting services
Authentication
Roles and permissions
Federal services
User and credential
management
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
13. Other consumer cases for IRM
The Payment & Government ecosystems benefit from an environment
where trust and relationship between parties is established. Nevertheless
using existing relationships or building relationship with user can be done in
many other consumer cases.
• Mobile phone based
– Dedicated location based services
– Mobile Marketing solutions
– Interactions with Service kiosks
• Connected Car
– Car pooling/renting solutions
– Pay-as-you-drive insurances
– Fleet/Drivers management
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
14. Outcomes
Are IAM or IRM needs very different between the consumer and the
enterprise worlds?
• Scale can be bigger but security principles are the same
– Strong authentication is needed when there is value in the proposal
– Use of Standards (emerging & existing) to connect entities is a must
– Trusted Identity providers are needed
– Data privacy and regulations must be addressed
Adding relationship existing between the end-user and other identified to:
• Enhance the security and the level of services that can be provided
• Provide additional services
• Strengthen the links with customers
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14