Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP Inc. President & CEO May 14, 2014
What is TSCP? Government-Industry Partnership is focused on mitigating the risks, complexity, cost of IT inherent in large-scale, collaborative programs that span national jurisdictions. TSCP provides: Influence to drive a common approach and specifications Efficiency of working together on a common problem Lower costs of development and implementation – leverage common solutions Requirements, architecture, prototypes, deployed capabilities. TSCP member companies have invested over $400M into internal federated systems using TSCP’s common operating rules and specifications. TSCP is the Transglobal Secure Collaboration Program was established 2002, TSCP is a non-profit 501(C)(6) technical association. Common Framework for Federated Collaboration Key focus is on providing the mechanism and governance for: Trust. Member companies’ and governments’ users digital identities can be trusted by others. Identity Assurance. Trusted authority assures that its users with cross-certified- enabled digital identities are who they say they are. Interoperability through Federation. Member companies and credentials are interoperable across the industry and government. PAGE 2 | TSCP
What Does TSCP Do? * Where relevant, TSCP specifications comply with FICAM/PIV-I specifications and guidelines. SPECIFICATIONS DEVELOPMENT.* Develops common specifications for secure collaboration solutions across the TSCP membership that align to government requirements. The specifications fall into these categories: Secure information exchange Identity credentials/digital identities and attributes Federated identity Information assurance Data labeling and protection VALIDATION THROUGH REFERENCE LAB. Before TSCP publishes its specifications, the capability is in production with two or more members. GOVERNANCE. Establishes policy and governance for TSCP Solutions. Interoperable Identity Federation Trust Framework Common Operating Rules Legal Framework & Allocation of Liabilities Accreditation & Trustmark FEDERATED HUB. Hosts a Federated Hub for TSCP Membership that enables secure collaboration between TSCP membership and government customers. PAGE 3 | TSCP
PIV-I Smart Card Illustrative Banking Smart Card Same Smart Card Technology – Different Applications Secure chip stores payment informationChip card authentication prevents counterfeiting Adds cardholder verification methodsOffers online or offline authorizationSecure chip stores strong Identity information.e.g. in-person vetting, biometrics PKI certificates and 3DES encryption prevents cyber threats Adds cardholder verification methods pin and chip and Biometrics verification Offers logical and physical as well as online and offline authorization PAGE 4 | TSCP
TSCP Trust Framework: Bank Card Analogy Bank(s) TSCP Member IdP(s) Retailer Acquirers Agency Relying Parties Issue Visa credit cards to customers. Issue identities/ credentials to users Customers present Visa cards for payment. Retailers transmit payment requests to the bank/card issuer through Visa. Users present member credentials to agency applications; RPs transmit authentication requests to IdPs through TSCP. Routes authentication requests and responses between RPs and IdPs. Routes payment requests and responses between banks and retailers. Visa conducts settlement.. GOVERNANCE: Establishes and enforces standards, specifications and operating rules. UK MOD Federal PKI Bridge Direct Bilateral Trust PAGE 5 | TSCP
TSCP Trust Framework and Specifications TSCP Trust Framework TSCP Trustmark AUTHORIZATION AUTHENTICATION MESSAGE SECURITY Secure Messaging Networking Layer Federated Authentication Service Secure / Messaging (Hosted) Secure Messaging Communications Layer Secure Messaging Applications/Services Layer Identity Provider Services Secure Document Management/ Archiving Secure/Anonymous Shipping Secure Online Payment Interface Secure Mail & Package Tracking Secure Address Validation Secure G2C, B2B Communications TSCP Federation Framework & Specifications & Hub TSCP Secure Specification TSCP Attribute Management/ Data Labeling Specification TSCP Secure Specification TSCP PIV-I Specification Illustrative Secure Messaging Platform TSCP Trust Framework, Common Operating Rules & Governance Documents PAGE 6 | TSCP
Remote & Desktop Login Credential & Rights Management Network Controls Building Access Corporate Access Card User Local or Remote User Host-Based Intrusion Protection Systems Strong Authentication – PIV-I Credentials Credential Management – Centralized Public Key Infrastructure Global A&D Supply Chain Commercial Industry Base User and Privilege Management – Automated Provisioning Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets Data Monitoring & Protection Systems Use Case 1: Multi-Layer Security across the enterprise PAGE 7 | TSCP TSCP Common Operating Rules
Use Case 2: PIV-I into Adjacent Markets: Financial & Retail Sectors PAGE 8 | TSCP
Use Case 2: PIV-I into Adjacent Markets: Financial & Retail Sectors PAGE 9 | TSCP B2GB2BC2B
Use Case 3: PIV-I into adjacent markets: Business Continuity Information Sharing Initiative Private Sector Information is Sensitive and needs to be Secured Media can miss-interpret fleet movement and cause public concern Gangs track fleet movement and can steel copper/supplies from hotel lots where fleets park over night Others can intervene and cause un-needed delays and/or commandeer fleets as in Katrina Need to share PS Fleet Data & Info w/State EMs, DOTs, Police, other agencies at regional/national levels Need info from Government to make operational decision to expedite power restoration efforts at regional level Ultimate solution must: Be trusted, proven and simple Allow state/local government agencies to participate Standards based, scalable in size, adaptable to each organization Must use Trusted Credentials Must have a Trust Framework Model for all entities to legally participate Must have strong security controls PAGE 10 | TSCP
Data ProvidersData Consumers Use Case 3: TSCP Trust Framework PIV-I Information SharingPIV-I Information Sharing Exchange Cloud Environment EOC Identity Claims Providers Commercial Identity Providers State Government Identity Providers TSCP Trust Framework PIV-I Data Access Controls PIV-I GIS Layer Access PIV-IPIV-I PAGE 11 | TSCP ILHDSIF ILHDSIF
PIV-I Smart Card Banking Smart Card Next Steps – Bridge the Gap! PAGE 12 | TSCP The higher-level credentials represent over ~40M users TSCP is looking for applications, technologies and solutions to Bridge the Gap!
TSCP Fall Collaboration Workshop For more information please visit PAGE 13 | TSCP
PAGE 14 | TSCP 14 CONFIDENTIAL Questions? TSCP Inc. Keith Ward 8000 Towers Crescent Drive, Suite 1350 Vienna, VA Phone: (703) Web: