Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: 020 8275 0102 Mobile: 07771 765789.

Similar presentations


Presentation on theme: "Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: 020 8275 0102 Mobile: 07771 765789."— Presentation transcript:

1 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: Mobile:

2 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Digital Certificates or Electronic Identities? tScheme v ‘tScheme2’ tScheme v ‘tScheme2’ CP/CPS-defined service approval v Security Level (0,1,2,3) risk assurance CP/CPS-defined service approval v Security Level (0,1,2,3) risk assurance Registration (RA) policy statements v ‘real-world identity’ validation/verification Registration (RA) policy statements v ‘real-world identity’ validation/verification Industry-led CA service co-regulation v e-Government service targets Industry-led CA service co-regulation v e-Government service targets

3 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group HMG Minimum Standards [HMGVInd] Service-defined security levels (0,1,2,3) Service-defined security levels (0,1,2,3) Face-to-face or remote Registration Face-to-face or remote Registration Types of evidence & number of items Types of evidence & number of items personal statement personal statement unique details for cross-checking unique details for cross-checking documentary evidence documentary evidence attributed ID and biographic ID attributed ID and biographic ID third party corroboration third party corroboration professional or commercial referees professional or commercial referees existing relationship existing relationship length x frequency of recorded interaction length x frequency of recorded interaction

4 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Personal Identity challenges From Home Office ID Fraud report: Identity authentication = validation + verification Identity authentication = validation + verification Attributed identity [risks of document theft, forgery] Attributed identity [risks of document theft, forgery] Biographic identity [risks appear lower e.g. covert operations] Biographic identity [risks appear lower e.g. covert operations] Biometric identity [risks of untried scale, unreliable results] Biometric identity [risks of untried scale, unreliable results] at the Point of Issue – verifying a ‘real-world’ identity at the Point of Use – authenticating an ‘electronic’ identity

5 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group The evolving role of HMG Passive/Supportive - tScheme Passive/Supportive - tScheme Enabling – Gateway & Intermediaries Enabling – Gateway & Intermediaries Active/Controlling – ID Cards, Benefits ‘push’ Active/Controlling – ID Cards, Benefits ‘push’ - perceived dependencies: Trust Trust Accuracy Accuracy Accessibility Accessibility Privacy Privacy Scrutiny Scrutiny

6 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Ongoing issues & trends Service intermediaries → ‘Data Brokers’ Service intermediaries → ‘Data Brokers’ tScheme Approval → PI ‘Kite Mark’ tScheme Approval → PI ‘Kite Mark’ RIPA → consent-enabled ‘Data Sharing’ RIPA → consent-enabled ‘Data Sharing’ Independent assurance → regulatory control Independent assurance → regulatory control Online security → offline privacy Online security → offline privacy Federated identity → consolidated identity Federated identity → consolidated identity Shared secrets → ‘joined-up’ secrets Shared secrets → ‘joined-up’ secrets Risk control → defensive intrusion Risk control → defensive intrusion

7 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group The challenges remain: Registration security Registration security Data protection Data protection Objective, transparent, proportionate and non-discriminatory regulation Objective, transparent, proportionate and non-discriminatory regulation Risk-based assessment Risk-based assessment Independent assurance Independent assurance

8 Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Conclusions? Travelling hopefully Travelling hopefully Reviewing the road map Reviewing the road map Changing drivers Changing drivers e-commerce e-commerce e-government e-government entitlement/identity entitlement/identity Standards & assessment [ What? How? Who?] Standards & assessment [ What? How? Who?] Arriving [ When? Where? Why?] Arriving [ When? Where? Why?]


Download ppt "Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: 020 8275 0102 Mobile: 07771 765789."

Similar presentations


Ads by Google