Presentation is loading. Please wait.

Presentation is loading. Please wait.

OASIS Trust Elevation Elevate Trust in Electronic Identities www.oasis-open.org Abbie Barbir, Ph.D Co-Chair OASIS Trust Elevation TC.

Published byArlene Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "OASIS Trust Elevation Elevate Trust in Electronic Identities www.oasis-open.org Abbie Barbir, Ph.D Co-Chair OASIS Trust Elevation TC."— Presentation transcript:

1 OASIS Trust Elevation Elevate Trust in Electronic Identities www.oasis-open.org Abbie Barbir, Ph.D Co-Chair OASIS Trust Elevation TC

2 2 Goal OASIS Trust Elevation TC Goal is to define a set of methods or standardized protocols that service providers may use to elevate the trust in an electronic identity presented to them for authentication purposes

3 3 Why are we doing this work? Few consumers have high LOA-credentials. User Name and Password is not good enough More organizations look to implement systems that require authentication at higher Levels of Assurance When dealing with consumers and citizens, there is a clear need for dynamic authentication a customer should only be asked to do multi-factor authentication when they want to do “a high value transaction”, not as a prerequisite to visiting a website. There is an increased interest in transaction-based assurance: “authentication” based on the necessary current conditions of specified, validated attributes and agreements. Use of a step-up approach to multi-factor authentication. Recommendations by the Federal Financial Institutions Examination Council (FFIEC) and the highly publicized breaches in 2011 have made trust elevation a more urgent topic. Responding to suggestions from the public sector, including the U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC).

4 4 Approach 1.Phase I: Catalog of Trust Elevation Methods Create a comprehensive list of methods being used currently to authenticate identities online to the degree necessary to transact business where material amounts of economic value or personally identifiable data are involved. Status: phase is completed – Committee Note pending publication 2.Phase II: Analysis of Trust Elevation Methods Analysis of identified methods to determine their ability to provide a service provider with assurance of the submitter's identity sufficient for elevation between each pair of assurance levels, to transact business where material amounts of economic value or personally identifiable data are involved. Status: phase ending, final stages of delivering work 3.Phase III: Establish Trust Elevation Protocol Propose a protocol for Trust Elevation Status: phase starting

5 5 Definition of Trust Elevation Trust elevation: Increasing the strength of trust by adding factors from the same or different categories of trust elevation methods that don’t have the same vulnerabilities. There are five categories of trust elevation methods who you are, what you know, what you have, what you typically do and the context. What you typically do consists of behavioral habits that are independent of physical biometric attributes. Context includes, “but is not limited” to, location, time, party, prior relationship, social relationship and source. Elevation can be within the classic four X.1254 ITU-T LoA (ISO 29115 (NIST 800-063))

6 6 Categories of Trust Elevation Methods Who you are – biometrics, behavioral attributes What you know – shared secrets, public and relationship knowledge What you have – devices, tokens - hard, soft, OTP What you typically do – described by ITU-T x1254 – behavioral habits that are independent of physical biometric attributes Context – e.g. location, time, party, prior relationship, social relationship and source

7 7 Levels of Assurance Trust Elevation Paths between Levels of Assurance

8 8 Trust Elevation Method List Methods sorted by trust elevation method category What you are – Biometric -- use of distinctive measurements about your physical body and or your behavior that are unique Physical Biometric – considered immutable and unique – Facial recognition – Iris Scan – Retinal Scan – Fingerprint Palm Scan – Voice – Liveliness biometric factors include: » Pulse. » CAPTCHA; » Temperature. Behavioral Biometric -- person’s physical behavioral activity patterns – Keyboard signature – Voice

9 9 Trust Elevation Method List What you know – User Name and Password (UN/PW) – Knowledge Based Authentication (KBA) User is asked one or more (sometimes 3 to 5) challenge questions User-data procured at enrollment time Static KBA – Questions and answers that do not change Dynamic KBA – questions that are user-specific and/or change over time and/or the answers to the questions change over time (e.g., asking the value of the customer’s last VISA transaction)

10 10 Trust Elevation Method List What you have – End Point Identity Landline number; Mobile phone number and or SIM and or OS; IP address, router, provider; Cookie, OS, browser, chip. – Token Hardware tokens – Proprietary tokens – USB tokens – Smart Cards – Mobile phone and or SIM. Software tokens – Digital certificates – Cookies

11 11 Trust Elevation Method List What you have – Out of Band User calls service provider from a registered phone; Response to a phone call from the service provider; Response to an email from the service provider; Response to an SMS message from the service provider; Response to a mobile application transaction initiated by the service provider; Response to a post card; Response to a letter, registered or otherwise. – One Time Password (OTP) Email; Mobile phone voice message; Mobile phone SMS message; Mobile phone application; Landline voice message; Mail (postcard, letter, registered mail, etc.); Proprietary hardware token with password generation capability.

12 12 Trust Elevation Method List What You Typically Do -- an individual’s repeated behaviors or behavioral habits – Browsing patterns (order in which pages are accessed, duration of access, links accessed, etc.); – Time of access; – Type of access, etc.

13 13 Trust Elevation Method List Context -- attributes relevant to the user or situation – Location; – Time of access; – Frequency of access; – Party; – Prior relationship ; – Social relationship; – Source and endpoint identity attributes such as Date of last virus scan IP address Subscriber identity module (SIM) Device basic input/ouput system (BIOS) Virus scan software version CallerID Cookie (presence and or contents); – Multi-channel combination; – Credential lifecycle attributes; – Certificate binding and or other chain of trust attributes; – Secure device with user specific disk allocation.

14 14 Method Examples (Use Cases) Reuse of Primary Authenticator Method Example Customer Retention Method Example Cloud Access Method Example Static KBA Method Example Session Elevation to Level of Identity Proofing Method Example Hub Provider of Pseudonymous Identity Method Example Step-Up Authorization Method Example Multi-channel by Phone Method Example Generic KBA Method Example Address Verification Service Method Example Split Large (Risky) Transactions into Multiple Smaller Transactions Method Example Use of Tokenized Device/Network Attributes Method Example Trust Elevation by Hard Token (OTP Generator) Method Example Multi-Attribute-Based Trust Elevation Service Method Example (AKA Fraud Detection) Emergency Access to Patient Healthcare Information – a European Method Example

15 15 Resources OASIS Trust-El Technical Committee Homepage https://www.oasis-open.org/committees/trust-el abarbir@live.ca

Download ppt "OASIS Trust Elevation Elevate Trust in Electronic Identities www.oasis-open.org Abbie Barbir, Ph.D Co-Chair OASIS Trust Elevation TC."

Similar presentations

FFIEC Agency Supplement to Authentication in an Internet Banking Environment http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf.

FFIEC Agency Supplement to Authentication in an Internet Banking Environment
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Multi-factor Authentication Methods Taxonomy Abbie Barbir.

Multi-factor Authentication Methods Taxonomy Abbie Barbir.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Authentication & Kerberos

Authentication & Kerberos
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.

E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Intra-ASEAN Secure Transactions Framework Project Progress Report

Intra-ASEAN Secure Transactions Framework Project Progress Report
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
Biometrics: Identity Verification in a Networked World

Biometrics: Identity Verification in a Networked World
Security-Authentication

Security-Authentication

Similar presentations

Ads by Google