Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Online Privacy A Module of the CYC Course – Personal Security

Service Bus Service Bus Access Control.

S CENARIOS FOR THE F UTURE OF THE C ANADIAN P AYMENTS S YSTEM A UTHENTICATION AND I DENTITY W ORKSHOP N OVEMBER 3, 2010 Greg Wolfond.

Functional component terminology - thoughts C. Tilton.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

Step-up Authentication as-a Service Pieter van der Meulen Technical Product Manager.

11 steve plank (“planky”) identity architect microsoft uk.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

9.4M online U.S. adults were victimized by identity theft in year ending April 2004 –Losses amounted to $11.7 billion Online theft is escalating The solution.

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.

Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?

Identity Management Report By Jean Carreon and Marlon Gonzales.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

What is Identity Theft? How is it accomplished? How might it impact the victim? What can I do to protect myself? What is phishing? By Ellen Justice.

Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Federal e-Authentication Initiative: Federated Identity and Interoperability David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide.

The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.

Levels of Assurance in Authentication Tim Polk April 24, 2007.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Ch9QQ T F 1.Hacking is an example of unauthorized access. T F 2.A Trojan horse is a type of malware that masquerades as another type of program. T F 3.A.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Understanding and Preventing.  Acquiring someone’s identifying information and impersonating them for gain.

Identity Theft. Inform Police and Postal Inspector Contact bank and ask to have account flagged Call credit card fraud units – Register a Fraud Alert/Victim.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Windows CardSpace Martin Parry Developer Evangelist Microsoft

Internet Safety Mr. Richard Orr Technology Teacher Murphy Jr. High School.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Protecting Your Assets By Preventing Identity Theft 1.

Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

Jeff loses his identity! Lesson 5: Identity Theft.

Identity Theft. What Is Identity Theft? – Acquiring someone’s identifying information and impersonating them for gain.

Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.

Identity and Access Management

Secure Single Sign-On Across Security Domains

Sandy Porter - Strategy Director Avoco Secure

Done by… Hanoof Al-Khaldi Information Assurance

Identity Management (IdM)

Federation made simple

Social Engineering Charniece Craven COSC 316.

Chris Wendt, David Hancock (Comcast)

WELCOME TO KUCOIN CUSTOMER SUPPORT NUMBER +1-(855) RELATED LINK-

Laws for Secure Credentialing

What is OAuth and Why?.

Don’t Get Scammed on Your Way to College and Avoiding Identity Theft

“Credit score vocabulary”

Martin Parry Developer Evangelist Microsoft

Presentation transcript:

Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC

Types of Identity Theft Considered Someone impersonates you to access existing accounts/resources –Example: break-in to online bank/financial accounts using stolen passwords or other credentials Use of stolen credit card numbers or bank account numbers to make fraudulent purchases Someone impersonates you to create new accounts –Example: obtain new credit cards, loans, cell phone accounts using your identity

Someone impersonates you to access existing accounts/resources –Service Provider knows you –Service Provider or trusted IdP has issued credentials / tokens for authentication Use of stolen credit card numbers, bank account numbers to make fraudulent purchases –Difficult to know if person using credit card numbers, bank account numbers online is authorized to do so Someone impersonates you to create new accounts –Service Provider doesn’t necessarily know you –Identity claimed using Personally Identifiable Information (PII) –Service Provider can’t easily authenticate a claim of identity Does the SP Know It’s You?

A Liberty-accredited IdP/CSP has issued High Assurance digital identity credentials / tokens to you –For authentication to existing accounts –Trust relationship established between SP/RP and IdP/CSP –The SP/RP can locate the IdP/CSP in several possible ways: Key Assumption

The user tells the RP The RP is pre-configured to know the IdP The RP communicates with a separate service that asks the user The client device tells the RP The client device is synonymous with the IdP (e.g., self-asserted cards or self-hosted IdPs) The client device serves as a proxy for the IdP, removing the need for direct RP communication with the IdP (e.g., managed cards) The Identity Provider Discovery Problem from Concordia Website

Use these same digital identity credentials for identity authentication when there is no existing relationship between an identity claimant / new account applicant and a Service Provider. Goal

Establish trust relationship between SP/RP and IdP/CSP “on the fly” –Via a brokered trust model using an IdP/CSP intermediary? Ability to discover IdP/CSP on the basis of Personally Identifiable Information (PII) used to establish an identity claim. Two Advances Needed

Service Provider / Relying Party Discovery Service 7. Locate IdP for this identity Federation of Accredited IdPs External Data/Information Sources Issuing Identity Provider Contracting Identity Provider Other IdPs 2. Enroll, Provide PII, Documenation 3. Verification of PII, documenation 4. Issue Credentials, Tokens 6. Request Service, Provide PII 5. Register identity assurance service for this identity and Assurance Level 1. Establish business relationship with Contracting IdP 8. Authentication request 10. Identity assertion 9. Authenticate