Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction of ISO/IEC Identity Proofing

Published byKjell Andersen Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction of ISO/IEC Identity Proofing"— Presentation transcript:

1 Introduction of ISO/IEC 29003 Identity Proofing
ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014) Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority (& SC27 WG5) Geneva, Switzerland, September 2014

2 Why is identity proofing so important?
Trust is globally, strategically essential Authentication is key to trust Strength of credential usually depends on strength of enrolment & registration Core of enrolment is identity proofing and verification Situation is evolving fast and becoming more complex National eID Employee credentials Consumer credentials Low and high maturities Federation is key. Not to be confused with Mutual Recognition Geneva, Switzerland, September 2014

3 Why is identity proofing so important?
Strength of credential usually depends on strength of enrolment & registration. But: Anonymity Partial anonymity Pseudonymity Depends on the use case Geneva, Switzerland, September 2014

4 What is identity proofing?
Process from application to entry into a register = authoritative source Questions Does the identity exist? Can it be bound to a real person? Identity proofing Checking the application & evidence of identity for Level of Assurance (LoA) Checking binding to the subject Verification Examining corroborative sources of data Looking for contra-indicators No involvement with the subject Geneva, Switzerland, September 2014

5 Business Administration
Identity vs PII Identity Identity proofing and verification Eligibility Capability Service Delivery Business Administration Identity – the minimum number of attributes needed to determine one identity record from another. (core identity attributes) Some information will be about establishing that the identity information is real. Everything else is about eligibility, capability, business administration and service provision. Some could be used for more than one aspect e.g. Date of birth Identity – the minimum number of attributes that allow the person to be unique from all others in the context

6 Key points Identity is the minimum
One identity proofing process will always rely on other previous processes – unless it is the first. Authentication is only the act of identifying a returning user. Geneva, Switzerland, September 2014

7 The Key Entities Person Organisation Device Software Complicated
Much national variation Organisation Register(s) of Legal Organisations 6 categories of attributes; 2 mandatory Device TPM best practice – where do FIDO and IBOPS fit? Secure issuance Software To be confirmed Geneva, Switzerland, September 2014

8 The fast changing international situation
National cyber strategies Cyber control frameworks Pressure for strong authentication New regulations EU eID Authentication & Signature Regulations Emerging US ID Verification standard Many national e-ID programmes More authentication requirements in supply chains Geneva, Switzerland, September 2014

9 The role of international standards
Enable interoperability = agility Enable deployment and affordability Reduces risks and costs Standards bodies need to: Engage with governments and industry Establish better coordination Move faster Geneva, Switzerland, September 2014

10 Conclusions and Recommendations
Too slow Spread the load Avoid gaps Broadening communities Based on national policies Become more proactive Collaborate with ISO and ? Framework approach Communicate better Governments need to participate Geneva, Switzerland, September 2014

Download ppt "Introduction of ISO/IEC Identity Proofing"

Similar presentations

DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.

DG INFSO- Grid Research & Infrastructures: W. Boch, M. Campolargo 1 Delivery of Industrial-strength Grid Middleware: establishing an effective European.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.

Geneva, Switzerland, 14 November 2014 Cloud Computing - Overview and Vocabulary (Y.3500) Eric A. Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data.
Intra-ASEAN Secure Transactions Framework Project Progress Report

Intra-ASEAN Secure Transactions Framework Project Progress Report
Geneva, Switzerland, 4 December 2014 ISO work on Mobile Financial Services Patrice Hertzog, Chairman, ISO T68/SC7 ITU Workshop.

Geneva, Switzerland, 4 December 2014 ISO work on Mobile Financial Services Patrice Hertzog, Chairman, ISO T68/SC7 ITU Workshop.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
ISO Initiatives & CSR in the EU Deborah Evans Business Manager: Corporate Reporting & Assurance LRQA A member of the Lloyd’s Register Group.

ISO Initiatives & CSR in the EU Deborah Evans Business Manager: Corporate Reporting & Assurance LRQA A member of the Lloyd’s Register Group.
Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.

Identity Relationship Management The Next Evolution of Identity and Access Management for the Internet of Everything.
Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.

Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.
Ronny Depoortere 19th March, 2012 Warsaw. www.zetes.com/poland Identification – Business Case The ability to uniquely identify citizens and foreign residents.

Ronny Depoortere 19th March, 2012 Warsaw. Identification – Business Case The ability to uniquely identify citizens and foreign residents.
How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.

How can I trust the rest of Europe ? Requirements and a possible organisation with regard to epSOS and eHealth Frank Robben General manager eHealth platform.
Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

Similar presentations

Ads by Google