Daon - your trusted Identity Partner
Biometrics in Identity as a Service
What is BaaS and
who is doing it?
Catherine Tilton
The Need
“As the world becomes more interdependent, as transactions become more global, and as the world embraces identity management and assurance as an element of conducting business, personal identities will become a form of global currency. Whether you are crossing a border, seeking employment, applying for a public benefit, opening a bank account, combating
crime, making a purchase, enforcing immigration policy, granting access to public and private spaces, detecting terrorists ---- identity verification has limitless value.” Governor Tom Ridge
The Drivers
Increased demand for identity services
Regulation
Increasing frequency, cost and impact of identity fraud and more sophisticated criminal behaviour requires more stringent identity validation of individuals and entities.
Business and Government focus on cost reduction and resource allocation through process outsourcing.
Increasing levels of government and
industry regulation mandating the
validation of a person’s identity e.g.,
Maritime Security Industry Card to protect our ports & offshore facilities Working with Children card to
protect the community.
Cost Pressure
Risk of Identity Fraud
XaaS
Emerging trend to offer various capabilities “as a service”
Software as a service (SaaS) – cloud computing
Infrastructure as a service (IaaS)
Network as a service (NaaS)
Platform as a service (PaaS)
…
XaaS
Common Attributes
Low barriers to entry
Initially, services targeted consumers and small businesses
Little or no capital expenditure
Infrastructure is owned by the provider.
Massive scalability
Though many of the offerings have yet to achieve large scale
Multi-tenancy
Enables resources (and costs) to be shared amongst many users.
Device independence
Enables access regardless of client device (e.g., PC, mobile)
Location independence
What is “IDaaS?”
Identity as a service
“Outsourced identity management”
“Outsourced authentication and attribute services” “Hosted identity services”
“Identity in the cloud”
“Third party identity services”
“Business model for third party identity provisioning” “Decentralized identity”
“Application-centric identity management” “Externalized user identification”
Identity Management
Overloaded term! IT context:
“a discipline which encompasses all of the tasks required to create, manage, and delete user identities in a computing environment” [tech-faq]
Relates to user accounts Broader context:
“the combination of technical systems, rules, and procedures that define the ownership, utilization, and safeguarding of personal identity information. The primary goal of the IdM process is to assign attributes to a digital identity and to connect that identity to an individual.” [NTSC]
Federated Identity
Initiatives in the IT space
OpenID Kantara IdenTrust InCommon US ICAM Identity, Credential, and Access Mgmt NSTIC … Facilitated by .. SAML IMI O-Auth Source: OpenID
Federal PKI Trust
Framework
Who is embracing IDaaS?
Australia Post UK Post
US – UPS
New Zealand – Kiwibank/NZ Post India UID Authentication Service
Singapore – National Authentication Framework
BaaS areas
Identity Services Capability
Enrollment Data On-line Form Call Centre On-line Payment Fingerprint Scanning Paper Form Document Inspection and Scanning Facial Image Capture Voice Authentication Interview Electronic Signature Criminal History Check List Screening Background Checking Electronic Transmission to Agency or BusinessMore systems becoming biometrically enabled
Enrolment can be an expensive and logistically challenging operation
Efficiencies to be gained by a common enrolment network
Countries looking at how “main street vendors” can be leveraged
e.g., with nationwide outlets Examples: Post offices
Considerations:
Ensuring sample quality Security & privacy, trust
Auditing, payment processing
Enrollment as a Service
Enrolment Service Providers
System 2 System 1 SP 1 SP2 SP3 e.g., Passport Processing e.g., Drivers Licensing Systems of Record Consolidation (optional)
Many needs today for screening individuals Positions of trust
Critical infrastructure protection (e.g., transportation workers)
Those working with vulnerable persons (children, elderly, & disabled)
Licenses & certifications
Types & levels of screening/vetting Proof of identity, residence, status Criminal history records check Financial history
Threat screening (e.g., KST)
Screening applications
Healthcare – Families
and concerned citizens look to regulating agencies to protect the sick and vulnerable from
unscrupulous care providers.
Banking – Protect
bank assets from fraudulent access and
comply with federal regulations by thoroughly background
screening employees.
Child Care and
Elderly Care – Those
caring for the old and the young must be vetted by
law to ensure that caregivers do not have a
criminal history.
Visitor Access –
Physical assets, national or religious treasures and critical
infrastructure and facilities can be protected from un-authorized access by checking visitors and
contractors.
Corporate Credential – Corporate
resources can be quickly and irrevocably damaged by disgruntled or
malicious employees without appropriate physical and logical
access controls in place.
Identity screening & vetting
Identity credentialing
CJIS ` Identity Collection Internet Identity Enablement Single Sign On System Physical Access Control System Vetting Source 1 IDMS Vetting Source n Employee/contractor/ visitor badgingLife cycle management services: Initial card issuance Activation Renewal Replacement Revocation Provisioning to access control systems
Authentication services
Subscriber Identity + Biometric • Identity proofing • Enrolls biometric • Registers Biometric • Binds identity to reference biometric Est. Identity + biometric Credential • Applies Credential Claimant Claimed identity + Live biometric• Verifies identity (through biometric matching) • Checks authorization • Grants access Assertion Access • Requests access Biometric Authentication Service Provider Biometric Registration Process
Need for stronger authentication in government & commercial/
consumer sectors Support for online transactions
Intent to be market driven, with multiple
service providers
The UPS Store
UPS provides its 4,400 locations in the United States as well as
nearly 1,300 locations outside the US as professional, convenient,
and consistent settings for people to access when they need to
have their biometric data collected and submitted for a variety of
purposes, including background screening and credentialing.
Internal Revenue Service
The Tax Preparer Initiative was created to fingerprint and
background check the 1.2M individuals that prepare tax returns as
well as those individuals that file tax returns electronically, and
provide additional education/training to the tax return preparers and
conduct competency testing. IRS needs a provide tax preparers with
a cost effective and convenient way to prove that they meet the
Australia Post
Trust Based Services
Building on the ubiquity if its outlets and citizen trust in its agents,
Australia Post desires to provide identity verification and biometric
enrollment services for a wide variety of provincial, national, and
commercial clients.
Future Market Directions
Identity-as-a-Service (IDaaS)
Modular and coherent set of services for managing identities
Outsourced Identity Management
Complex and expensive to implement in-house Industry-specific requirements/regulations
In-person proofing
Need increased assurance on in-person identity verification Increasing need to collect biometrics
Conclusion
Identity becoming increasingly important to security & commerce The world is moving towards a services model
Benefits to be gained by shared services Identity services are no exception
Thank You !
Catherine J. Tilton, CBP
VP, Standards & Technology, Daon 11955 Freedom Drive, Suite 16000 Reston, VA 20190
703-984-4080