business cases and identity relationship management
DESCRIPTION
JEAN-MARC MESLIN, Portfolio Partner, Verizon Enterprise Solutions, at the European IRM Summit 2014.TRANSCRIPT
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
Jean-Marc MeslinPortfolio Partner - [email protected] November 2014
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
Identity Protection Is Critical
Many passwords are easily detected or guessed.
Hackers use increasingly sophisticated methods and tools.
Using the same login credentials across multiple sites increases risk.
82%of crimeware incidents targeted user credentials.*
*Source: Verizon 2014 Data Breach Investigations Report
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
The Connected World Today:Mobility & M2M Ecosystem
Machines
Consumers
EnterpriseUsers
BusinessPartners
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
A New Mobile Mindset
Mobility is Driving a New Mindset amongConsumers (Employee, Consumer, Citizen, etc)
Need for Seamless and secure access to anyone, anywhere on any device
Consumer Community
Citizen Patient
“My local government and healthcare providers are too
slow and inaccessible. There are too many forms and
redundancies”
“I need better tools for managing my digital personas
and profiles—not just Facebook but bank accounts and
relationships with retailers and loyalty programs”
Employee Colleague
Friend Family
“To stay connected I need the ability to jump from work to my personal life without worrying about restrictive policies or
outdated devices”
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
Machines Are CommunicatingMore Than Ever
• VPNs and wireless networks• BYOD devices• Smart card authentication systems• TV set-top boxes• Vehicle communications systems• Tachograph devices• Power grids• Street and traffic lights• Smart-home systems• Factory and industrial
machine systems
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Relationship between Identities to increase security
Verify and Authenticate
Devices
Verify and Authenticate
People
Identity Relationship management is already available for Enterprise and allows links between identities of people and devices and strengthen Identity
Employees
Patients
Citizens
Consumers
Partners
Telematics
Identity Cards
Physical Access
M2M Devices
Wired Devices
PeopleIdentity
DeviceIdentity
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
A need for White Label Identity Services
People
Devices
Identity Form factors
Identity Form factors
OpenStandards
OpenStandards
Services neededOpen
StandardsBusiness Applications
Shopping
Banking
Healthcare
Work Login
Identity IssuanceServices (IDP)
Federation &Identity Broker
Services
RiskServices
Login/passwordDigital signature
HW tokensSoft tokens
RFIDDigital Certificates
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
So what relationships?
Relationship between two entities that can be authenticated
This includes:• Users• Devices• Third Parties• Identified locations
Relationship between entities can be leveraged to strengthen authentication and secure transaction or any exchange of data
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
IRM example in the online Payment world: 3D Secure
3D Secure defines a framework where the Issuing bank will authenticate the cardholder for a an online transaction allowing the merchant to pass the liability (in case of fraudulent transaction) to the Issuing Bank.
3D Secure leverage the relationships between actors/entities involved in the transaction:• The Merchant (and its acquired bank)• The Issuing bank• The cardholder/consumer (and a device)• The Interoperability Domain (infrastructure provided by the card
schemes)
Authentication of cardholder involve in most cases the use of a device (Mobile phone to receive token via SMS or other devices for token generation)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
3D Secure overview
Issuer domain Interoperability domain
Issuing Bank Acquiring Bank
Acquirer domain
Online MerchantClient (cardholder)
1:Order and Card details
3D SecureMerchant
PluginDirectory Server
Access ControlServer
Authentication History Server
Payment System
6: Authorization request
6: Authorization request6: Authorization request
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
IRM for Citizens: Identity Assurance Program UK Cabinet Office
Assure UK Objectives:• Provide secure credential to UK Citizens (currently in beta phase)• Core of the solution is Identity Proofing• Verizon is one of selected identity providers to provide secure identities to
UK citizens– Strong authentication– Users proof their identity online– Fraud / compliancy requirements– User experience requirements– Specialized federation protocols
VERIZON UK IDENTITY PROVIDER
Integration layerIntegration layer
GovernmentHUB
GovernmentHUB
Profile Management
portal
AuthenticationPortal
(OpenAM)
Identity ServicesIdentity
Services
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
IRM for Citizens: Belgian Government
• Registration & self management portal
– Number of identities: +2 000 000 (in database; not including eID users)
• Role management
– Number of roles: 75 000
• Authentication portal
– Federation: SAML2 – Oauth – WSFed
– Number of relying parties: 500
– Peaks of 400 000 authentications per day / 25 authentications per second
– attribute services (10 sources)
– Complicated SSO model: depends on context (civil servant, citizen), and authentication level
Roles and permissionsUser and credential
management
Federal servicesLocal and regional
services Supporting services
Authentication
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
Other consumer cases for IRM
The Payment & Government ecosystems benefit from an environment where trust and relationship between parties is established. Nevertheless using existing relationships or building relationship with user can be done in many other consumer cases.
• Mobile phone based– Dedicated location based services
– Mobile Marketing solutions
– Interactions with Service kiosks
• Connected Car– Car pooling/renting solutions
– Pay-as-you-drive insurances
– Fleet/Drivers management
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14
Outcomes
Are IAM or IRM needs very different between the consumer and the enterprise worlds?
• Scale can be bigger but security principles are the same– Strong authentication is needed when there is value in the proposal– Use of Standards (emerging & existing) to connect entities is a must– Trusted Identity providers are needed – Data privacy and regulations must be addressed
Adding relationship existing between the end-user and other identified to:• Enhance the security and the level of services that can be provided• Provide additional services• Strengthen the links with customers