Presentation is loading. Please wait.

Presentation is loading. Please wait.

3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah 30 August 2011 V1.00 Northern Europe’s leading Payments and Identity Services Provider.

Published byAmber Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah 30 August 2011 V1.00 Northern Europe’s leading Payments and Identity Services Provider."— Presentation transcript:

1 3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah 30 August 2011 V1.00 Northern Europe’s leading Payments and Identity Services Provider 1

2 3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah 30 August 2011 V1.00 Jon Shamah Work Package 4 Coordinator SSEDIC 2

3 Agile eIDs for Widespread National Use 3 Introduction 1st and 2nd Generation Architectures 3rd Generation Architectures

4 Agile eIDs for Widespread National Use 4 Introduction 1st and 2nd Generation Architectures 3rd Generation Architectures

5 It is a National eID – not National Identity Card 5

6 Agile eIDs for Widespread National Use 6 Introduction 1st and 2nd Generation Architectures 3rd Generation Architectures

7 1 st Generation eID Government Owned Embedded Chip –Contact/contactless interface –ICAO Applet –2 or 3 digital certificates Printed Data on surface –Facial Biometric –Name –Date of Birth T1 form factor polymer card On-line or off-line use 7

8 1 st Generation eID Schemes eGovernment access ICAO Travel Document Digital signing via contact interface with digital certificate (EU Qualified) Authentication for private applications with limited liability Expensive to implement, slow to deploy, and heavy on support 8

9 1 st Generation eID Architecture 9

10 2 nd Generation eID On-line use only Mainly Bank or Private Sector owned PKI stored centrally Released by a On-Time Password device Multiple authentication methods with ‘platformless’ option Example: 10

11 2 nd Generation eID Schemes No travel document Cannot be used for ad-hoc digital signing Server form and on-line digital signing Uses existing registration processes via banks, telco operators and local government Simple to use Fast deployment Low-support costs Low cost to implement, fast to deploy, and light to support, but no off-line capability and cannot be used as an ID card 11

12 2 nd Generation eID Architecture Central server stores keys Private Sector provides Identity Assurance One Time Password authenticates and instructs to release keys User is logged in 12

13 Agile eIDs for Widespread National Use 13 Introduction 1st and 2nd Generation Architectures 3rd Generation Architectures

14 3 rd Generation eID – EcoSystem A multitude of brands providing credentials 14

15 3 rd Generation eID – EcoSystem Mixed with existing government issued credentials 15

16 What are the Benefits? eID Card may already be distributed –Travel Document –Offline ID Card Many Governments may be nervous to have 3 rd party applications residing on the credential Many 3 rd parties may not be happy to be associated with the State and/or give up their own branding 3 rd Generation eID enables Relying Parties to benefit from privately operated eIDs anchored to a government credential. 16

17 3 rd Generation eID Architecture eID as a 3–Tier Architecture HUB ApplicationsHubs ? eGov 17

18 3 rd Generation eID Assurance Levels Identrust** Standard Certificate High Assurance eID Credentials High* Assurance Hub High* Assurance Hub Standard * Assurance Hub Standard * Assurance Hub Application Multi Assurance Hub Multi Assurance Hub Session Cert Enterprise Level Assurance eID Credential * Assurance levels to be defined ** Example only 18

19 Why is this better? Government eID Card can be used as breeder document –Government acceptance of private eID service signed by citizen using eID Card Trust flows through Government credential Improves cost of offsetting risk by IdPs and relying parties Familiar branding encourages uptake Increased trust –Ability to ‘spread’ segments of identity across multiple service providers –Less direct connection to government in day-to-day use However….. –The cost of establishing an IdP is high 19

20 3 rd Generation eID Architecture Hubs in 3–Tier Architecture HUB Hubs ? eGov 20

21 Hubs - Classic Middle-Tier Component Hub Identity Providers Relying Parties Multiple Protocols SAML Hub SAML 21

22 Hubs - Additional Roles Preserve data integrity, security and privacy both up and down tiers Mediate Assurance Levels, Minimum Information Datasets Perform auditing and logging at request of the relying application and agreement of individual Provide anti-fraud protection similar to credit-card transaction monitoring Provide assurance to individuals that data is only retained for agreed lengths of time - Can it be totally “stateless” ? Accept routing interfaces and trust paths for inter-hub and cross-border requests (example: STORK) 22

23 Hubs - Validating the State of Identity Identity Credentials must be checked against –Revocation –Suspension Source Identity Provider must be checked for –Current Certified Assurance Level Demonstration must provide Relying Party Application with –Auditable proof that the credential is fit for purpose against a pre- defined set of policies 23

24 Hubs - Ownership Needs to have ownership –Independent of Identity Providers ? –Independent of Relying Parties (If multi-RP?) Will require bilateral agreements with all relying parties and IDPs if they require –SLAs –Liabilities –Compliance Strong regulation required for higher roles 24

25 Attribute Management As authentication becomes accepted attributes and ‘mandates’ will be seen as desirable: –Who will be responsible for managing these mandates? Government owned Attribute Provider Citizen owned Attribute Provider –How and when will mandates be certified for accuracy? –How and when will mandates be validated for timeliness? –What are the rules which govern the release? Who determines what is needed? Choice of automatic mandate or prompt Minimal disclosure –How will anonymous credentials be incorporated? –Should they be incorporated via the IdPs or hubs Is there any conflict of interest? 25

26 Key Features Ethics –Minimum Data Disclosure –User Centric Permission (and revocation) –Usage Governance and remedy management Technology –Privacy enhancing –Security Assurance 26

27 Attribute Types Public Sector ‘Owned’ –Social Security –Driving Licence –Medical reference number –VAT –Passport Privately owned –Biometrics –Personal Preferences –Bank details –Medical Data –……….. 27

28 Uses for Attributes Establishing Identity Credentials –‘Primary’ type attributes –High Assurance –Critical for ecosystem integrity Supplementing Identity Credentials –‘Secondary’ Type Attributes –Providing Service Providers with data –Additional Authentication 28

29 Introducing Attributes IdPs Hubs Relying Party Relying Parties / Applications Attribute Providers 29

30 Introducing Attributes IdPs Hubs Relying Party Relying Parties / Applications Attribute Providers 30

31 Example of Use - Primary Attributes Level n Assurance 31

32 Example of Use - Primary Attributes Level n + 1 Assurance Level n Assurance 32

33 Example of Use - Secondary Attributes Step 1 33 Enquire

34 Example of Use - Secondary Attributes Step 1 Step 2 34 Enquire Order

35 Example of Use - Secondary Attributes Step 1 Step 2 Fulfil Enquire Order Step 3 35

36 Business Models & Revenues From Government Savings –Movement to “e-only” Government Front desk outsourced for marginalised citizens –Many statistics available demonstrating savings From Private Sector –Reduction in identity risk Compliance Fraud –Reduced costs Process automation Error reduction “New Business” 36

37 Example: Digitisation of Contract Application Service consisting of a signing and workflow service is used in conjunction with eIDs to digitally process bank loan application Traditionally this process can take over one month in time to complete and require over 70 sheets of paper. Real examples have shown savings in excess of €50 per application and each bank may process many thousands of applications per week. For the case of 10,000 applications per month, the saving to a bank is worth approximately €6 million per year. ApplicationGuaranteeContractTerms & Conditions ApplicantX xx AdvisorXx x ManagerXxx Guarantor xxx 37

38 eID Revenue Flows 38

39 Roles for Telcos Unique place in the market –High penetration of global population and geographies –Interoperable framework experience –Wide scale managed networks and datacentres White-Labelling of IdP Framework Services Attribute Providers Hub Operators Service Providers Network Operators 39

40 Up the Telco Value Chain 40

41 White-Labelling of IdP Framework Services For IdPs, Framework Services will –reduce cost of entry –reduce on-going specialist resources commitments –provide a common governance framework Managed Services to include –PKI Back-Office (3 Assurance levels) –Front Office –Authentication (multiple methods) –Registration –Insurance Management –Data Management IdPs will be able to choose which services that they need 41

42 Managed Services Framework Registration PKI Back Office Authentication Common Governance IdP Managed Services IdPs leveraging own brands and client bases Reduces resource requirements and investment by new IdPs Hubs …….. 42

43 Common Governance Technical Interoperability –Assurance Levels for different applications –Protocols, schemas, profiles Commercial Interoperability –Revenue flows –Liability Exception Management –Complaint Resolution –Regulatory Compliance –Redress –Recovery 43

44 Roles for SDOs Large number of complex interactions –Many cross-border Essential that those interactions are standardised Roles and duties need to be clearly understood by all players Governance needs to be established against clearly defined actions Much of the environment has yet to be defined 44

45 Current EU trend towards eIDs Problems with State issuance of eID credentials –State programs always have long delays –Reluctance to ‘share’ chip space with 3 rd parties –Liability –Need to maintain state/citizen separation for privacy Advantages of private organisations –Agility, innovation and drive –Promotes citizen choice and opt-in –Capability for branding –Multi applications In line with the Digital Agenda for Europe 45

46 46

47 SSEDIC Rational A secure cyberspace is critical to the heart of our economy and security Increasing of online fraud, identity theft and misuse of information online Need to increase the level of trust associated with digital identity SSEDIC has the mission to contribute to build a strategic vision for Europe in defining rules and guidelines for a single European e- Identity ecosystem Individuals and organizations must use secure, efficient, easy to use and interoperable identity solutions to access online services with confidence, privacy, choice and innovation 47

48 SSEDIC Impact “Not just a theoretical exercise, but recommending practical steps in each stakeholder sector towards a vision of the Single European Digital Identity Community” 48

49 SSEDIC Relevance Relevance for the EU Digital Agenda –Goal 2: improve ICT standard-setting and interoperability –Goal 3: enhance trust and security Relevance for Business in general –Interest and motivation of 35 partners (67 experts) –Involvement of “associated” partners (50+) Alignment with STORK –STORK partners in SSEDIC are: ATOS, A-SIT, T-Systems, BSI, CapGemini, and EEMA. Connections with other identity related projects: PEPPOL, SPOCS, SEMIRAMIS, TDL …. 49

50 Summary & Action Needed Public Private Partnerships are becoming more accepted for National eID deployments and 3 rd Generation eID, can open the market for a large scale single federated digital ID community in the near future There is profit to be made as the market grows with telcos being very well placed to take advantage of the new revenues Controls and standards must be in place in order for this new market to flourish. Organisations such as the ITU-T have a duty to provide the standards needed for such a growth and ITU-T needs to be addressing those standards, in coordination with partners urgently. 50

51 Thank You Any questions ? NETS eSecurity Haavard Martinsens vei 54, N-0045 OSLO Jon Shamah Email: jsham@nets.eu UK Mobile: +44 7813-111290 SSEDIC http://www.eid-ssedic.eu 51

Download ppt "3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah 30 August 2011 V1.00 Northern Europe’s leading Payments and Identity Services Provider."

Similar presentations

V1.00 3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah, SSEDIC Coordinator 1.

V1.00 3rd Generation eID Agile eIDs for Widespread National Use Jon Shamah, SSEDIC Coordinator 1.
How to commence the IT Modernization Process?

How to commence the IT Modernization Process?
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Risk & Novelty Collaboration & Engagement Efficiency & Effectiveness Transferability & Scalability ▪Led government as first agency to implement enterprise-wide,

Risk & Novelty Collaboration & Engagement Efficiency & Effectiveness Transferability & Scalability ▪Led government as first agency to implement enterprise-wide,
The GSMA July 2014 Restricted - Confidential Information

The GSMA July 2014 Restricted - Confidential Information
TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.

TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.
In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
UbIdentity Ubiquitous Identity Management in the Cloud 20/03/2014 Dan BUTNARU Product Line Manager Trusted Identity.

UbIdentity Ubiquitous Identity Management in the Cloud 20/03/2014 Dan BUTNARU Product Line Manager Trusted Identity.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ETSI Standardization Activities on M2M communications Joachim Koss, ETSI Board Member Document No:

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ETSI Standardization Activities on M2M communications Joachim Koss, ETSI Board Member Document No:
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

Similar presentations

Ads by Google