©2014 Entrust Datacard Corporation. All rights reserved. ACHIEVING SECURITY IN GOVERNMENT IDENTITY PROGRAMS

© DataCard Corporation. All rights reserved. BASICS: IDENTIY VS. CREDENTIAL

© DataCard Corporation. All rights reserved. WHAT IS A TRUSTED IDENTITY? 3 A WELL-RESPECTED DEFINITION Governments want policy and law to promote an identity infrastructure that enables them to serve their citizens more efficiently. On the lightweight end, they want to offer citizens an easy way to interact with agencies and departments. On the heavier end, they want to equip citizens with secure electronic identity documents (eIDs) to prove who they are, as a means for facilitating more critical transactions, such as crossing borders, accessing health records, or paying taxes.” Towards a Policy and Legal Framework for Identity Management: A Workshop Report by Mary Rundle, October 2009

© DataCard Corporation. All rights reserved. IDENTITY VS. CREDENTIAL IDENTITY CREDENTIAL General set of characteristics that uniquely define a person in a defined environment Physical or logical binding of identity to attributes — privileges assigned by an authority Characteristics More unique Changes infrequently Biometrics data Biographic data Relational data — work history, family, addresses Characteristics Multiple credentials for single identity based on various authorities and processes Allows for transactions & interaction Project specifics and risk dictate form factor — paper, badge, password, smart card, mobile Not always a document — can be mobile National ID Drivers License Passport Mobile

© DataCard Corporation. All rights reserved. IDENTITY — SIMPLIFIED EXPLANATION 5 Black Hair Brown Eyes

© DataCard Corporation. All rights reserved. CREDENTIAL — SIMPLIFIED EXPLANATION 6 Black Hair Brown Eyes

© DataCard Corporation. All rights reserved. TRENDS IN E-IDENTITY

© DataCard Corporation. All rights reserved. E-ID MARKET GROWTH & ADOPTION By 2015, eID issuing countries will exceed those issuing traditional NIDs. Acuity Market Intelligence Report Higher end contactless technology adoption drives NID smart card revenue to $7.6B by ABI Research, Oct 2012

© DataCard Corporation. All rights reserved. INCREASE IN SERVICES OFFERED ON-LINE In 2010 nearly 80% of all countries offered on-line access to one-third or less of their services By 2012 that number has dropped to less than half the countries of the world

© DataCard Corporation. All rights reserved. GROWTH OF CHIP ENABLED IDENTITY CARDS More sophisticated on-line service offerings contribute to the growth of chip-enabled ID cards Nearly all of the program growth between 2010 and 2012 can be attributed to the growth in chip- enabled ID card – up 18%

© DataCard Corporation. All rights reserved. KEY REQUIREMENTS DRIVING E-ID ADOPTION Fraud PreventionCost Reduction Service Improvement Standards Compliance Prevent identity fraud Provide strong authentication and secure identification Reduce cost of infrastructure and minimize overhead Support growth needs Enable electronic transactions Streamline core processes Increase access to social benefits Comply with regulations EU Directive, HSPD-12 Adopt global standards – ICAO FIPS, ISO

© DataCard Corporation. All rights reserved. KEY BENEFITS OF ADOPTING E-ID Certificate-based and biometric-enabled credentials ensure trusted identity Reduce program fraud and identity theft Increase Efficiency Improve Satisfaction Increase Security Improve on-line access and enable 24- hour availability Streamline enrollment and approval process Reduce transaction costs Speed benefits delivery Increase citizen access to multiple services Ensure privacy

© DataCard Corporation. All rights reserved. BEST PRACTICES IN E-ID SPACE Trend towards a common portal for citizen access Representing breadth of service offerings with depth through federal and state levels of government Unified Identity Information Privacy Whole Government Key to trust in government is belief in the respect of personal privacy Attribute data may be held distinctly with secure linkage to central identity Single record of authority binding digital identity to the person Link variety of credentials depending on program sensitivity and access assurance requirements

© DataCard Corporation. All rights reserved. DEPLOYMENT MODELS 14 STANDALONE

© DataCard Corporation. All rights reserved. DEPLOYMENT MODELS 15 LEVERAGED INFRASTRUCTURE CREDENTIAL PROVIDER

© DataCard Corporation. All rights reserved. DEPLOYMENT MODELS 16 ALL IN ONE MINISTRY 1 MINISTRY 2 MINISTRY 3

© DataCard Corporation. All rights reserved. BUILDING THE TRUST INFRASTRUCURE — EOCSYSTEM VIEW & PROCESS

© DataCard Corporation. All rights reserved. 18

© DataCard Corporation. All rights reserved. TRUST INFRASTRUCTURE — BORDERS EXAMPLE

© DataCard Corporation. All rights reserved. EVERYTHING BEGINS WITH TRUSTED IDENTITY 20 SECURE ACCESS TO MULTIPLE ECOSYSTEMS ACROSS ALL SECURE CREDENTIALS ONE TRUSTED IDENTITY Passport National ID Driver’s License Borders Benefits Healthcare

© DataCard Corporation. All rights reserved. FIRST PART OF THE PROCESS Pre-enrollment — confirm application details Capture processes — photo, fingerprint, signature Breeder document scanning Check for duplicates 21 ENROLLMENT

© DataCard Corporation. All rights reserved. FIRST PART OF THE PROCESS Pre-enrollment — confirm application details Capture processes — photo, fingerprint, signature Breeder document scanning Check for duplicates 22 ENROLLMENT CORE TO THE ECOSYSTEM

© DataCard Corporation. All rights reserved. SECOND PART OF THE PROCESS Operator and application verification Download trusted identity file If applicant is applying in-person – Biometric verification of applicant – Sign document Personalization on Datacard ® system 23 ISSUANCE PASSPORT NATIONAL ID DRIVER’S LICENSE

© DataCard Corporation. All rights reserved. SECOND PART OF THE PROCESS Operator and application verification Download trusted identity file If applicant is applying in-person – Biometric verification of applicant – Sign document Personalization on Datacard ® system 24 1 CORE TO THE ECOSYSTEM ISSUANCE

© DataCard Corporation. All rights reserved. THIRD PART OF THE PROCESS Portable scan or read at e-gate Field office conformation — photo and biometrics Adjudication process — validation authorities (PKI) Update identity to reflect travel history 25 USE AT BORDER

© DataCard Corporation. All rights reserved. THIRD PART OF THE PROCESS Portable scan or read at e-gate Field office conformation — photo and biometrics Adjudication process — validation authorities (PKI) Update identity to reflect travel history 26 CORE TO THE ECOSYSTEM USE AT BORDER

© DataCard Corporation. All rights reserved. BORDERS ECOSYSTEM – HOW IT COMES TOGETHER 27

©2014 Entrust Datacard Corporation. All rights reserved. eGOV SERVICES EXAMPLES

© DataCard Corporation. All rights reserved. SAME CORE ECOSYSTEM CONCEPTS APPLY TO eGOV

© DataCard Corporation. All rights reserved. SAMPLE E-GOVE ECOSYSTEM 30

© DataCard Corporation. All rights reserved. FOUR PHASES OF E-GOVERNMENT 1.Informational Statistics Archives Downloadable forms Environmental awareness 2. Interaction Online forums Opinion polls Blogs Connection to social media 3. Transactional eAuthentication Tax/Utility payments Payment for birth registration Payment for car registration 4. Transformation Integrated Services Intimate G2B, G2C, G2E relations Performance accountability United Nations E-Government Survey E-Government for the People LOWER SECURITY HIGHER SECURITY CONSTITUENT VALUE Citizens interact with e-gov programs at variety of levels, each with unique requirements for identity verification

© DataCard Corporation. All rights reserved. PROGRAM RISK PROFILES Process Physical security Number of enrollment sites Fulfillment of the credential to the citizen People Program staff Approval processes Roll-based access Production Credential design Issuance model Trust infrastructure Privileges Informational Interaction Transactional Transformation Every program is different — deployment model, budget & privacy concerns significantly impact all areas of the risk profile BUDGET PRIVACY ALL MUST BE CONSIDERED

ESTONIA 33 BACKGROUND 75% of households have internet Estonia covered with possibility of dedicated links, public internet points 1,100+ public WIFI networks officially registered OUTCOMES “We use information technology as an instrument for increasing administrative capacity and ensuring an innovative and convenient living environment for citizens” -Gateway to e-State in place since % of internet users know the State Portal -In 2010 the state portal was visited 2.65 million times -40% of eID card users actively use Digital ID -140,000 people used eVoting in last election -Government issues official address -30,000 users of mID (mobile) -95% of populations declared their taxes electronically -eID is used for public transport -eSchool enables electronic communication between teacher, student and parents FEATURES AND FUNCTIONS IdentificationX PaymentX SmartcardX TravelX PublicX PrivateX BiometricsPhoto

UNITED ARAB EMIRATES 34 BACKGROUND Strong citizen preference among the majority for traditional access channels – in-person or telephone- based interactions with government Need for fundamental infrastructure development to gain trust of citizens Need to expand outreach and accelerate e-gov diffusion OUTCOMES Identity management infrastructures to play a key role to standardize access information authentication across member states. Legislation – Privacy, digital signature Strong centralized identity management in support of domestic service delivery Mutual recognition and validation of identity documents and land/air border crossing for residents Government services using online authentication and digital signature Source: Presentations of Dr. A.M. Al-Kouri

ASIA SOCIAL SECURITY CARD 35 BACKGROUND Physical and electronic verification Access to insurance benefits Instant settlement of medical expenses Access to public services Electronic patient records Social benefit payments OUTCOMES Instant eID issuance issuance solution integrated with social security, bank and police systems for identity verification eID personalized with social security and banking applications Bank accounts linked to Social Security Accounts for deposits and claims Instant issuance systems easily deployed throughout wide network of bank branches 45-day card application process now takes one day FEATURES AND FUNCTIONS IdentificationX PaymentX SmartcardX Travel PublicX PrivateX BiometricsPhoto

ASIA GOVERNMENT MULTI PURPOSE CARD 36 BACKGROUND Government multi-application smart card Contains citizen’s personal data and electronic signature Provides access to government and medical services Other applications include banking, credit, telephone, and transport OUTCOMES 17M+ eIDs issued to citizens 12 years and older Multi-application card replaces current driver license Contains critical health information and hospital visit data Includes passport information and access to auto-gates at airports and other points of entry Verification process linked to watch lists Applications now include electronic purse and ATM Common platform allows for fast, affordable scalability FEATURES AND FUNCTIONS IdentificationX PaymentX SmartcardX TravelX PublicX PrivateX BiometricsPhoto

NORTH AMERICAN ELECTRONIC BENEFITS PROGRAM 37 BACKGROUND Greater access without stigma Uninterrupted operations Maximum program efficiency Fraud reduction OUTCOMES Move program management functions online to simplify enrollment & utilization Replace paper-based check and voucher programs with pre-paid cards to reduce forgeries, theft and misuse Support transaction processing with major retailers with automated validation of each item as program - eligible right at the cash register Provide EBT ATM access Provide reporting and auditing capabilities that help agencies detect and identify fraudulent activity FEATURES AND FUNCTIONS Identification PaymentX Smartcard Travel PublicX PrivateX Biometrics

NORTH AMERICAN ELECTRONIC BENEFITS CARD 38 BACKGROUND Social services issuing and mailing checks to recipients Support infrastructure was labor intensive and very expensive Mailing delays/theft left beneficiaries without payments for long periods OUTCOMES In-person issuance of card linked to a review of case management records to ensure eligibility and reduce fraud Debit card issuance established a valid account in the name of the beneficiary Additional funds can be added to the card by case workers as needed Beneficiaries were able to set up their own unique PINs and use the card immediately as they would with any other credit card Significant program savings realized by eliminating printing and mailing of checks FEATURES AND FUNCTIONS Identification PaymentX SmartcardX Travel PublicX PrivateX Biometrics

© DataCard Corporation. All rights reserved. THANK YOU