Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Page 1 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Getting to trusted identity online Giving users and RPs what they came for
Page 2 Proprietary & Confidential © SecureKey Technologies Inc.
Online identity today is based on secrets, lies and lies about secrets. It is like the whole thing is run by SAMCRO.
Page 3 Proprietary & Confidential © SecureKey Technologies Inc.
Online, with enough information anyone can be you.
Page 4 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
PSTD - Online Authentication Discombobulation
Page 5 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
The User View Online authentication mousetrap wounds
I hate this
S*$#!
Page 6 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
The RP View Serving online resembles The Matrix
Page 7 Proprietary & Confidential © SecureKey Technologies Inc.
Current Desired Users Hard Easy Crooks Easy Hard
Authentication Scheme
Page 8 Proprietary & Confidential © SecureKey Technologies Inc.
Observation As the security anchor of online identity secrets suck!
Page 9 Proprietary & Confidential © SecureKey Technologies Inc.
My bankcard, which has access to all my money
4 digit PIN
Facebook controls access to nothing I really care about 8+ characters, with crazy
rules (which becomes 12+ chars on mobile)
Yet Facebook has more problems than banks
Page 10 Proprietary & Confidential © SecureKey Technologies Inc.
The definition of identity is polymorphic
Page 11 Proprietary & Confidential © SecureKey Technologies Inc.
Observation Ownership is not a useful concept in the context of identity
Page 12 Proprietary & Confidential © SecureKey Technologies Inc.
“Identity is the new money” David Birch Consult Hyperion
Page 13 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Four fields of identity
Advertising
Reputation/Social
Asset Protection
Transactional
Street ID
Digital ID
Page 14 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Payments and Identity go together
Use case Examples Payment Only (anonymous or self asserted)
Newspaper, bus, ecommerce, etc
Payment & Identity Beer, loans, hotel check in, get a new phone Identity only Voting, bar access, getting on airplanes, benefits
Payments and Identity go together Same use cases, same basic model
Page 15 Proprietary & Confidential © SecureKey Technologies Inc.
i den ti ty 1. A set of attributes forming a personal currency which enables
an individual to perform transactions and/or indicate ownership. synonyms: name, ID
identity 1
Page 16 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Skirmishes at the bits/atoms border
Street Model Digital Model Payments Moving to embrace cloud
Visa One card + many merchants
Moving to break out the cloud (Apple, Paypal, Google, etc) One ‘card’ – many destinations
Identity 6 cards – all destinations Lots of providers
One ‘card’ per destination
Ato
ms
Bits
Page 17 Proprietary & Confidential © SecureKey Technologies Inc.
It takes a village to make an identity.
Page 18 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Identity as a collage of authoritative sources
Who is the authoritative on email address?
1.Birth Certificate (foundational) Name, Date of Birth, Place of Birth, Parent Names
2.Province of Ontario – Drivers license Name, DOB, Address, Picture Uniqueness
3.Passport Canada – Passport Name, DOB, Picture, Na:onali:es Uniqueness
4.Bank Card Name, DOB
5.Credit Card Name, DOB
6.Utility bill Name, Address
7.Ontario College of Teachers Name, Was a Registered Teacher
8.PADI Scuba Instructor Name, Is a Scuba Instructor
9.Transport Canada – Pilot Name, Is a Private Pilot, Lic
10.University of Western Ontario – M B A Name, Degree, Date
11.University of Ottawa- B A Sc Name, Degree, Date
12.University of Maine – B Sc Ed Name, Degree, Date
13.Huntsville Fire Department – Firefighter Name, First Responder
14.Telus – +1 64******44 Name, Mobile #
15.Twitter - @idg*rilla Name, TwiIer Handle
16.Facebook – andre.boysen Name, Facebook email, friend list
17.OHIP – asdf Name, Healthcare #, DOB
Page 19 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Finding trusted providers
Street ID Players Digital ID Players Enrollment Face-to-Face Online
Recovery In -person Other social media
Assurance Base Transactions Surveillance
User Stance Responsible User Attitude Relaxed User Attitude
Standards Regulated: KYC Unregulated
Data Breaches Rare Common
Privacy Secure and Privacy Enhanced Data Mining
Integration Once Multiple Ongoing
Page 20 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Conclusions about Identity
Ü Gotta get beyond secrets! Ü Authentication across branch, phone, web, mobile come together
for user
Ü Auth gets anchored in user devices & cardsI Ü Identity continues as public-private partnership Ü Street ID and Digital ID come together
Ü Identity and credentials goes the way of payment networks § Functions as a two-sided market
§ Fewer but stronger credentials, higher business assurance, less friction
Ü User centric model with privacy and consent directives
Page 21 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
How SecureKey Is Solving It
Consumer BYOD BYOC Simpler and Easier
New Revenue Stream
Unified Channel Access Security
Increase Business Services
Attract and Shift
Eliminate Costs
Credential Provider
Credential Subscriber
Page 22 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Bank Account Anchor credential
Driver’s License Name, address, dob, photo
Passport Nationality, name, dob, photo
Credit Card CC number, ccv
Credit Bureau Credit history
Post Office Verified address,
verified email
Telco Mobile phone, acct type
Identity as money Sources and uses of ‘funds’
Sources Uses
eCommerce
New Utility Account
New Bank Account
Apply for Credit
Name Address Mobility Consent
briidge.net
ü User assembled collage User asserts in pieces Privacy
Page 23 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Case Study Government of Canada
Ü Forgotten passwords frustrating users
Ü Users pushed to higher cost channels b/c of friction in the profile set up
Ü Cost of creating an LOA2 credential prohibitive
Value Solution Problem
Ü SecureKey delivers a privacy-enhanced connection between government services and tier-one branded credential providers.
.
Ü Result: SecureKey is making it easier for users to in to over 120 Canada government agencies
Over one million users now sign in to government service via SecureKey Concierge
Page 24 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Case Study: Government of Canada
§ Trusted Brands § Secure systems § Know Your Customer
(KYC) regulations
§ 127 Government applications § 22 Subscriber Integrations § CRA (IRS in CA) § Launched Apr12; Ramp Aug12 § <8 months contract to launch § Privacy Enforcing: Triple Blind § Improved user experience § National Standard § …expanding to Province, City
Concierge
8/6/13 11:21 PMCUETS.jpg 183×43 pixels
Page 1 of 1https://www.kawarthacu.com/SharedContent/images/CUETS.jpg
briidge.net Exchange Platform deployed as a branded service called “SecureKey Concierge”
Credential Providers Frequently Used Trusted Credentials
Credential Subscribers Infrequently Used Services
SAML SAML
Page 25 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Market Problem (Government)
The Solution (FCCX)
Federal Cloud Credential Exchange (FCCX) enables the NSTIC vision by allowing agencies to securely interact with a single
“broker” to authenticate consumers
FCCX a consumer hub for gov access
FCCX
Page 26 Proprietary & Confidential © SecureKey Technologies Inc. All rights reserved.
Getting to trusted identity online Giving users and RPs what they came for