Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC

Published byChester Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC"— Presentation transcript:

1 Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com

2 Types of Identity Theft Considered Someone impersonates you to access existing accounts/resources –Example: break-in to online bank/financial accounts using stolen passwords or other credentials Use of stolen credit card numbers or bank account numbers to make fraudulent purchases Someone impersonates you to create new accounts –Example: obtain new credit cards, loans, cell phone accounts using your identity

3 Someone impersonates you to access existing accounts/resources –Service Provider knows you –Service Provider or trusted IdP has issued credentials / tokens for authentication Use of stolen credit card numbers, bank account numbers to make fraudulent purchases –Difficult to know if person using credit card numbers, bank account numbers online is authorized to do so Someone impersonates you to create new accounts –Service Provider doesn’t necessarily know you –Identity claimed using Personally Identifiable Information (PII) –Service Provider can’t easily authenticate a claim of identity Does the SP Know It’s You?

4 A Liberty-accredited IdP/CSP has issued High Assurance digital identity credentials / tokens to you –For authentication to existing accounts –Trust relationship established between SP/RP and IdP/CSP –The SP/RP can locate the IdP/CSP in several possible ways: Key Assumption

5 The user tells the RP The RP is pre-configured to know the IdP The RP communicates with a separate service that asks the user The client device tells the RP The client device is synonymous with the IdP (e.g., self-asserted cards or self-hosted IdPs) The client device serves as a proxy for the IdP, removing the need for direct RP communication with the IdP (e.g., managed cards) The Identity Provider Discovery Problem from Concordia Website

6 Use these same digital identity credentials for identity authentication when there is no existing relationship between an identity claimant / new account applicant and a Service Provider. Goal

7 Establish trust relationship between SP/RP and IdP/CSP “on the fly” –Via a brokered trust model using an IdP/CSP intermediary? Ability to discover IdP/CSP on the basis of Personally Identifiable Information (PII) used to establish an identity claim. Two Advances Needed

8 Service Provider / Relying Party Discovery Service 7. Locate IdP for this identity Federation of Accredited IdPs External Data/Information Sources Issuing Identity Provider Contracting Identity Provider Other IdPs 2. Enroll, Provide PII, Documenation 3. Verification of PII, documenation 4. Issue Credentials, Tokens 6. Request Service, Provide PII 5. Register identity assurance service for this identity and Assurance Level 1. Establish business relationship with Contracting IdP 8. Authentication request 10. Identity assertion 9. Authenticate

Download ppt "Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Online Privacy A Module of the CYC Course – Personal Security 8-9-10.

Online Privacy A Module of the CYC Course – Personal Security
Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
S CENARIOS FOR THE F UTURE OF THE C ANADIAN P AYMENTS S YSTEM A UTHENTICATION AND I DENTITY W ORKSHOP N OVEMBER 3, 2010 Greg Wolfond.

S CENARIOS FOR THE F UTURE OF THE C ANADIAN P AYMENTS S YSTEM A UTHENTICATION AND I DENTITY W ORKSHOP N OVEMBER 3, 2010 Greg Wolfond.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.
11 steve plank (“planky”) identity architect microsoft uk.

11 steve plank (“planky”) identity architect microsoft uk.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
9.4M online U.S. adults were victimized by identity theft in year ending April 2004 –Losses amounted to $11.7 billion Online theft is escalating The solution.

9.4M online U.S. adults were victimized by identity theft in year ending April 2004 –Losses amounted to $11.7 billion Online theft is escalating The solution.
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

Similar presentations

Ads by Google