cis13: more nstic pilots: scalable privacy and multi-factor authentication and attribute exchange...

Criterion NSTIC Pilot Presentation Ping Cloud Identity Summit – July 9, 2013

David Coxe

Work described in this presentation was supported by the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office and the National Institute of Standards and Technology (NIST).

The views in this presentation do not necessarily reflect the official policies of the NIST or NSTIC, nor does mention by trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Agenda

•  Overview –  NSTIC AXN Pilots –  AXN Business Model –  Potential NSTIC Pilot Relying Parties (RPs) –  Benefits to RPs

•  AXN Services Framework •  Demonstration •  Pilot Schedule •  Lessons Learned •  Summary

© 2013 Criterion Systems, Inc. Proprietary and Confidential

Attribute Exchange Network

Criterion Systems, Inc. retains ownership of its proprietary information in this presentation.

NSTIC AXN Pilots Pilot Program Outcome: Implement a user-centric online Identity Ecosystem and demonstrate an Attribute Exchange Trust Framework using the ID Dataweb (IDW) Attribute Exchange Network (AXN) Project Approach: •  Demonstrate online attribute exchange operations and basic features of an attribute exchange trust

framework –  User, AP, IdP, and RP interfaces and process/data flows –  Legal, policy, and technical interoperability, security, and scalability –  Business and market monetization models –  Assessor roles and processes

Project Objectives: •  Simplify AP, RP, and IdP participation, deploy new online services and demonstrate asset monetization

via the IDW AXN platform using: –  Real-time AP online verification services –  Out of band verification services – SMS to device, device IDs, Postal mail AP service - PIN code

mail piece •  Live user data from commercial and government RPs •  RP billing (monthly) and AP/IdP transaction/payment statements •  Commercial contracts and Terms of Service that transition pilots to commercial operations NSTIC Pilot Use Case Scenarios: •  Basic Use Case scenarios will initially be limited to key identity attributes: Name, e-mail, Address,

Telephone Number (NEAT) and sending one-time passwords via SMS to a mobile device •  Increasingly complex and advanced Use Cases will include additional attributes, interoperability between

an OpenID or SAML credential, CAC/PIV card credentials, and identity linkage to end-user devices •  For each RP Use Case: Free market trial of verified attribute services for 180 days or 50,000 users,

whichever occurs first

© 2013 Criterion Systems, Inc. Proprietary and Confidential Criterion Systems, Inc. retains ownership of its proprietary information in this presentation.

The AXN Business Model and Technical Infrastructure •  Aligns business objectives of the Identity Ecosystem participants

–  Overcome historical implementation barriers – everyone benefits –  Expand RP participation to efficiently service and monetize existing markets –  Create new business channels currently underserved by the Identity Ecosystem

•  Enables a neutral Internet-scale credential and attribute monetization platform –  Efficient, open, competitive transaction and contractual hub –  Unencumbered by legacy business models, regulations, and technologies –  Free to users, lowers RP costs, and new market potential for IdPs and APs

•  Promotes user trust, online security, and privacy protective services –  Designed to implement and positively transform the online identity ecosystem

AXN Business Model Requirements Solution Affordable AXN serves as a reseller - open, competitive attribute exchange market place

Neutral for User Free to Users – RP pays for credential authentication and attribute verification services to support their risk mitigation (LOA) requirements

Online Attribute Verification and Claims Management Services

75% of the market cannot be efficiently serviced by the large APs; AXN creates a new AP sales channel and enhances online security

Efficient online identity ecosystems

Contractual and transaction hub to enable “Internet” effect IdPs, RPs, APs, and the TFP increase revenue, reduce costs, and increase trust


The First Year NSTIC Use Cases

Industry

Broadridge Use Case B to C

Investor Communications RP Service: Fluent – Online Application Platform for Investor Communications

General Electric (GE) Use Case B to C, B to B

Multiple Market Verticals RP Service: Various Service Sector Applications Corporate, Partner and Consumer Account Access

DHS/FEMA (MIT Lincoln Labs) First Responder Use Case G to G, G to C

First Responders First USA Services RP Service: Account creation and login for the First USA disaster response collaboration portal

eBay Use Case B to C, C to C

Retail RP Service: Retail Seller and Buyer Account Creation and Login


(Pending Final Approval)



AXN Services Framework

6

IdP Services Credential OpenID 2.0, SAML 2.0,

IMI 1.0 Protocol OAuth 2.0, SAML 2.0,

Other LOA LOA 1-4 Cert/TF FICAM, OIX, Kantara,

Other

AP Services Attributes NEAT, SS, DOB,

Gender, Corp Verification Quality Refresh Rate, Coverage,

Sources, Data Types Physical Device ID, BIO, Card, Other Pricing Per Transaction, Per User

Per Year, Annual License Cert/TF FICAM, OIX, Kantara, Other

RP Services Enroll Business Purpose, Attribute

Selection, Claims Refresh Rate, IdP & RP Selections, User Preferences, Contract

LOA LOA 1-4 Admin Logs, Reporting, Billing,

Contract Management Cert/TF FICAM, OIX, Kantara, Other

User Services Attributes Not Stored In AXN, Self

Asserted, Data Minimization PDS PII, Preferences, ABAC,

Encrypted, External Store MAX User Only, Personal Control

and Security, Acct Linking, Federated Access Via RP

Trust Framework Provider

(TFP)

Identity Providers

(IdP)

Relying Parties

(RP)

Assessors & Auditors

Dispute Resolvers

user

Attribute Providers (AP)

Attribute Exchange Network (AXN)

Proxy

AXN Services Billing Pricing and Analytics Acct Management Service Provisioning Contracting Policy Management Marketing Transaction Management Registration Operations and Security Logs, Reporting Administration Audit User Interface


AXN Identity Federation Services

- My Attribute Exchange

2.  Personal Data Services (PDS) •  User attribute data is not stored in the AXN •  PDS data is presented via MAX to create and manage RP accounts •  User-centric, privacy protective, secure, and federated •  No cost to user

1.  Credential Federation •  Verified attributes are used to create new or bind to existing user accounts

3.  User Managed Admin (UMA) Console •  Authenticated users have federated access at each RP •  Created when a user first opts in to share their verified

attribute claims via the AXN with an RP •  Users can securely manage PDS attributes shared with

an RP service accessed by an IdP credential •  Enables user to link and unlink multiple IdP credentials


AXN Business Services •  Credential transaction management services

–  IDP authenticates user credentials as a service to RPs registered on the AXN –  RP credential requirements for a given LOA (e.g., 1 – 4), type (e.g., SAML,

OpenID, IDI), and trust framework certifications

•  Personal (Pii) attribute verification and claims management services

–  RPs designate which Pii attributes they required from users –  User asserted, verified attributes and claims are shared with RPs with user

permission –  Device ID and biometric attributes are verified as required for RP authorization

transactions

•  Preference attribute management services –  RPs can designate preferences to display for users when interacting with the RP

service

•  Attribute Based Access Control (ABAC) management services –  RPs select authoritative role-based attributes for users to assert when accessing

their service

•  User Managed Access (UMA) attribute services –  UMA services define how users (as resource owners) can control protected-

resource access by requesting parties © 2013 Criterion Systems, Inc. Proprietary and Confidential Criterion Systems, Inc. retains ownership of its proprietary information in this presentation.

Device Attribute Verification Services • Mobile Device Verification Services

•  Users log in using a trusted mobile device registered and managed on the AXN via MAX

•  Secure device ID service ensures user RP accounts can only be accessed using a trusted device

• Computer Verification Services •  Over 600 million computers with Trusted Platform

Modules (TPMs) can be managed via the AXN •  Windows 8 requires TPMs on a wide range of

devices from desktops to smart phones

Biometric Attribute Verification Services • Cloud-based Voice, Retinal, Photo and

Fingerprint Verification Services • Daon, CGI, and others

•  Integration with Authoritative AP Services • e.g., driver license attributes and photos

ABAC Services • Fine-grained Policy Authorization Services • UMA Services to Dynamically Control Access

to RP Data and Services

AXN Technology Roadmap Trust Elevation Services

AXN Trust Elevation Services


•  AXN legal agreements –  Standardized agreements with regulatory flow down terms from IdPs and APs –  Limit PII collection to what is necessary to accomplish the specified purpose(s) –  Accountability and audit to protect PII through appropriate safeguards

•  AXN as a proxy - no single service provider can gain a complete picture of a user’s activity •  The AXN data management design mitigates potential threats

–  Does not create a central data store of verified user attributes –  Security and privacy enhancing technology is built into the AXN infrastructure

•  Users opt-in to each control process for collection, verification, and distribution of attributes –  User Admin console for attribute and credential management –  Only the minimum necessary information is shared in a transaction (FIPPS)

AXN Privacy – By Design

10 © 2013 Criterion Systems, Inc. Proprietary and Confidential Criterion Systems, Inc. retains ownership of its proprietary information in this presentation.

AXN Demonstration With Broadridge Fluent


12 | Copyright 2013

Broadridge FluentSM

Fluent is a communica.ons exchange that centrally manages communica.ons across internal and external channels suppor.ng customer choice.

Fluent:

Enables new communica=on channels (approved by firm)

Validates client iden==es across channels

Captures preferences and consents on behalf of firm across channels

Facilitates distribu=on of content across consumer channels

Ensures security and regulatory compliance

Provides insight into the effec=veness of communica=ons

Ensures comprehensive audit trail to measure compliance

BROADRIDGE FLUENT

CHANNEL MGMT

PREFERENCE

IDENTITY

INSIGHT

Innova3ve Consumer Experience

1

2

3

4

5

6

7

FIRM Web Sites & Apps BANKING BROKERAGE

MORTGAGE CREDIT CARDS

E-‐MAIL SOCIAL FUTURE

GLOBAL DIGITAL MAIL

NEWSSTANDS / TABLETS

FIRM

13 | Copyright 2013

The Nature of Communica3ons is rapidly evolving

n  Firms con=nue to spend millions of dollars to migrate Customers to e-‐delivery, these efforts have leveled out below ini=al expecta=ons §  All Industries – 14% of transac=onal documents suppressed §  With the excep=on of retail banking, limited adop=on of firm web sites (Brokerage, Mortgage, Credit

Cards, …) §  A poor Client Experiences has been the primary obstacle

n  Meanwhile the web has migrated from a B to C experience to a C to B experience, with new channels emerging daily

n  Opportunity costs within financial services alone approach $20 billion annually

2012-2014 Attribute Exchange Pilots

Assess POC On Going OperationsBasic Ops Advanced

Evaluate1.   Assess 2.   Proof of Concept 3.   Basic Opera3ons 4.   Advanced 5.   On Going Opera3ons

•  Evaluate – Incorporate lessons learned and repeat WBS element 1.0 •  Assess, for subsequent Use Case Implementa3ons 1.0

Pilot Project Life Cycle


Relying Party Use-‐Case By Task/Month

Oct-‐12 Nov-‐12 Dec-‐12 Jan-‐13 Feb-‐13 Mar-‐13 Apr-‐13 May-‐13 Jun-‐13 Jul-‐13 Aug-‐13 Sep-‐13 Oct-‐13 Nov-‐13 Dec-‐13 Jan-‐14 Feb-‐14 Mar-‐14 Apr-‐14 May-‐14 Jun-‐14 Jul-‐14 Aug-‐14 Sep-‐14Use-‐Case RP#1Operation GraduateUser Verifications -‐ -‐ -‐ -‐ -‐ -‐ 10,000 10,000 10,000 10,000 10,000 BroadridgeUse-‐Case RP#2Operation Assess GraduateUser Verifications -‐ -‐ -‐ -‐ -‐ -‐ -‐ 10,000 10,000 10,000 10,000 10,000 eBayUse-‐Case RP#3Operation GraduateUser Verifications -‐ -‐ -‐ -‐ -‐ -‐ 10,000 10,000 10,000 10,000 10,000 DHS/MITUse-‐Case RP#4Operation POC GraduateUser Verifications -‐ -‐ -‐ 10,000 10,000 10,000 10,000 10,000 GEUse-‐Case RP#5Operation = Production ready Assess POC GraduateUser Verifications -‐ -‐ 10,000 10,000 10,000 10,000 10,000

Use-‐Case RP#6Operation Assess POC GraduateUser Verifications -‐ -‐ 10,000 10,000 10,000 10,000 10,000



Total Verified Users -‐ -‐ -‐ -‐ -‐ -‐ -‐ -‐ 20,000 40,000 40,000 50,000 50,000 40,000 20,000 30,000 20,000 30,000 20,000 20,000 10,000 10,000 400,000

Basic Operations

Basic Operations

Basic Operations

Basic Operations

Advanced

Advanced

Advanced

Advanced

Basic Operations Advanced

Advanced

Project Launch Year 1 Pilot Project Operations Year 2 Pilot Project Operations

Basic Operations

Assess

Assess

Basic Operations Advanced

Assess

POC

POC

Basic Operations AdvancedPOC

Line reflecting May 1


Lessons Learned •  RPs are the customer, and will drive market requirements, adoption, and

policy controls. •  Emerging Trust Frameworks are being driven by Communities of Interest

(COI) who seek market operational efficiencies through business, legal, technical and policy interoperability.

•  Credential federation requires policy changes to enable significant security, user experience (SSO and account creation), and business benefits.

•  Current IdP and RP business practices do not always conform to FIPP’s, and need to be managed.

•  A rigorous Privacy Evaluation Methodology (PEM) implementation resulted in significant benefits

–  AXN technical and architectural enhancements –  Privacy protective enhancements as core messaging in AXN marketing strategy

•  RP risk mitigation strategies (for a required LOA) lack consistency –  Emerging user-centric trust elevation technologies are scalable, cost effective and

interoperable. –  Trust Marks could be used to objectively promote confidence in various

combinations of authentication methods, verified user attributes, and attribute claims from device identities, biometric technologies, etc.

–  It would be helpful to map these risk mitigation methods to NIST SP 800-63.


Summary

•  2013 - 2014 AX initiatives will define how to… –  Protect and extend customer relationships online

–  Increase revenue with existing service infrastructure through new online channels

–  Manage organizational risks with cost effective solutions –  Reduce online fraud and identity theft while enhancing brand

–  Improve User online experience, increase User trust and transaction volumes, and reduce related costs

• Neutral market platform for the emerging identity ecosystem

• Online attribute monetization platform – unencumbered by legacy business models, regulations and technologies
