Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: 020 8275 0102 Mobile: 07771 765789.

Slides:



Advertisements
Similar presentations
CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.
Advertisements

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
© Fujitsu Services 2004 EURIM PI Data Sharing sub- group 13 January 2005 EURIM PI Group Data sharing in practice A Fujitsu Perspective John Newton Account.
EURIM Personal Identity Group Data Sharing Model for Public Services 13 th January 2005 Jim Lound © Experian Ltd 2005.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Functional component terminology - thoughts C. Tilton.
Department of Labor HSPD-12
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Creating a Winning E-Business Second Edition
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
Ronny Depoortere January 16th, 2012 Chisinau. Identification – Business Case The ability to uniquely identify citizens and foreign residents is the corner.
Intra-ASEAN Secure Transactions Framework Project Progress Report
Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
Digital Delivery of eServices Kerry Munro Group President, Digital Delivery Network, Canada Post Corporation Toronto November 20, 2012 CONFIDENTIAL.
National Smartcard Project Work Package 8 – Security Issues Report.
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
RFID Policy Update 1/23/08 Dan Caprio President DC Strategies, LLC.
Ronny Depoortere 19th March, 2012 Warsaw. Identification – Business Case The ability to uniquely identify citizens and foreign residents.
Identity verification in the private sector Chris Gration 30 March 2006.
Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Creating a Winning E-Business Second Edition Operating Your E-Business Chapter 5.
Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
30/09/09Copyright - The Earl of Erroll1 Lord Erroll - Merlin Member of the HOUSE of LORDS - an Independent Peer PITCOMParliamentary Information Technology.
End Use and User of Ammunition AT05 Slide 1. Types of End Use Documents  End User Certificate (EUC)  Delivery Verification Certificate (DVC) AT05 Slide.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.
Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.
COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Intelligence Reform: The Process Begins National Association for Public Health Statistics and Information Systems June 7, 2005.
PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Monty Faidley Director, Market Planning The Iowa story 3.
Presented by Auth My Doc Why Do We Need Authentication of Documents
TAG Presentation 18th May 2004 Paul Butler
Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.
Nick Mothershaw - Experian
Washington D.C., March 23, 2017 Improving Quality and Reliability of Land Records: Germany’s Experience Dr. Nicola Hoischen, LL.M. (Cologne/Paris 1)
Sandy Porter - Strategy Director Avoco Secure
ESign Aashutosh.
TAG Presentation 18th May 2004 Paul Butler
Chris Farmer Director of Fraud Strategy
Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Legal Framework for Civil Registration, Vital Statistics
Introduction of ISO/IEC Identity Proofing
Appropriate Access InCommon Identity Assurance Profiles
Managing Compliance Early: System Development
Reiniger LLC.
Reiniger LLC.
Jeremy Grant Coordinator Better Identity Coalition
Presentation transcript:

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: Mobile:

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Digital Certificates or Electronic Identities? tScheme v ‘tScheme2’ tScheme v ‘tScheme2’ CP/CPS-defined service approval v Security Level (0,1,2,3) risk assurance CP/CPS-defined service approval v Security Level (0,1,2,3) risk assurance Registration (RA) policy statements v ‘real-world identity’ validation/verification Registration (RA) policy statements v ‘real-world identity’ validation/verification Industry-led CA service co-regulation v e-Government service targets Industry-led CA service co-regulation v e-Government service targets

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group HMG Minimum Standards [HMGVInd] Service-defined security levels (0,1,2,3) Service-defined security levels (0,1,2,3) Face-to-face or remote Registration Face-to-face or remote Registration Types of evidence & number of items Types of evidence & number of items personal statement personal statement unique details for cross-checking unique details for cross-checking documentary evidence documentary evidence attributed ID and biographic ID attributed ID and biographic ID third party corroboration third party corroboration professional or commercial referees professional or commercial referees existing relationship existing relationship length x frequency of recorded interaction length x frequency of recorded interaction

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Personal Identity challenges From Home Office ID Fraud report: Identity authentication = validation + verification Identity authentication = validation + verification Attributed identity [risks of document theft, forgery] Attributed identity [risks of document theft, forgery] Biographic identity [risks appear lower e.g. covert operations] Biographic identity [risks appear lower e.g. covert operations] Biometric identity [risks of untried scale, unreliable results] Biometric identity [risks of untried scale, unreliable results] at the Point of Issue – verifying a ‘real-world’ identity at the Point of Use – authenticating an ‘electronic’ identity

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group The evolving role of HMG Passive/Supportive - tScheme Passive/Supportive - tScheme Enabling – Gateway & Intermediaries Enabling – Gateway & Intermediaries Active/Controlling – ID Cards, Benefits ‘push’ Active/Controlling – ID Cards, Benefits ‘push’ - perceived dependencies: Trust Trust Accuracy Accuracy Accessibility Accessibility Privacy Privacy Scrutiny Scrutiny

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Ongoing issues & trends Service intermediaries → ‘Data Brokers’ Service intermediaries → ‘Data Brokers’ tScheme Approval → PI ‘Kite Mark’ tScheme Approval → PI ‘Kite Mark’ RIPA → consent-enabled ‘Data Sharing’ RIPA → consent-enabled ‘Data Sharing’ Independent assurance → regulatory control Independent assurance → regulatory control Online security → offline privacy Online security → offline privacy Federated identity → consolidated identity Federated identity → consolidated identity Shared secrets → ‘joined-up’ secrets Shared secrets → ‘joined-up’ secrets Risk control → defensive intrusion Risk control → defensive intrusion

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group The challenges remain: Registration security Registration security Data protection Data protection Objective, transparent, proportionate and non-discriminatory regulation Objective, transparent, proportionate and non-discriminatory regulation Risk-based assessment Risk-based assessment Independent assurance Independent assurance

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Conclusions? Travelling hopefully Travelling hopefully Reviewing the road map Reviewing the road map Changing drivers Changing drivers e-commerce e-commerce e-government e-government entitlement/identity entitlement/identity Standards & assessment [ What? How? Who?] Standards & assessment [ What? How? Who?] Arriving [ When? Where? Why?] Arriving [ When? Where? Why?]

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.