Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
BUSINESS CASES AND IDENTITY 
RELATIONSHIP MANAGEMENT 
Jean-Marc Meslin 
Portfolio Partner - Verizon 
jean-marc.meslin@fr.v...
Identity Protection Is Critical 
Many passwords are easily 
detected or guessed. 
Hackers use increasingly 
sophisticated ...
The Connected World Today: 
Mobility & M2M Ecosystem 
Machines 
Consumers 
Enterprise 
Users 
Business 
Partners 
Confiden...
Mobility is Driving a New Mindset among 
Consumers (Employee, Consumer, Citizen, etc) 
A New Mobile 
Mindset 
“I need bett...
Machines Are Communicating 
More Than Ever 
• VPNs and wireless networks 
• BYOD devices 
• Smart card authentication syst...
Relationship between Identities 
to increase security 
Verify and 
Authenticate 
Devices 
Verify and 
Authenticate 
People...
A need for White Label Identity Services 
People 
Devices 
Identity Form factors 
Login/password 
Digital signature 
HW to...
So what relationships? 
Relationship between two entities that can be authenticated 
This includes: 
• Users 
• Devices 
•...
IRM example in the online Payment world: 
3D Secure 
3D Secure defines a framework where the Issuing bank will 
authentica...
3D Secure overview 
Online Merchant 
Client (cardholder) 
1:Order and Card details 
3D Secure 
Merchant 
Plugin 
Directory...
IRM for Citizens: 
Identity Assurance Program UK Cabinet Office 
Assure UK Objectives: 
• Provide secure credential to UK ...
IRM for Citizens: 
Belgian Government 
• Registration & self management portal 
– Number of identities: +2 000 000 (in 
da...
Other consumer cases for IRM 
The Payment & Government ecosystems benefit from an environment 
where trust and relationshi...
Outcomes 
Are IAM or IRM needs very different between the consumer and the 
enterprise worlds? 
• Scale can be bigger but ...
Upcoming SlideShare
Loading in …5
×

BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT

1,162 views

Published on

JEAN-MARC MESLIN, Portfolio Partner, Verizon Enterprise Solutions, at the European IRM Summit 2014.

Published in: Software
  • Be the first to comment

BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT

  1. 1. BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT Jean-Marc Meslin Portfolio Partner - Verizon jean-marc.meslin@fr.verizon.com November 2014 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
  2. 2. Identity Protection Is Critical Many passwords are easily detected or guessed. Hackers use increasingly sophisticated methods and tools. Using the same login credentials across multiple sites increases risk. 82% of crimeware incidents targeted user credentials.* *Source: Verizon 2014 Data Breach Investigations Report Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
  3. 3. The Connected World Today: Mobility & M2M Ecosystem Machines Consumers Enterprise Users Business Partners Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
  4. 4. Mobility is Driving a New Mindset among Consumers (Employee, Consumer, Citizen, etc) A New Mobile Mindset “I need better tools for managing my digital personas and profiles—not just Facebook but bank accounts and relationships with retailers and loyalty programs” Consumer Community “My local government and healthcare providers are too slow and inaccessible. There are too many forms and redundancies” Citizen Patient “To stay connected I need the ability to jump from work to my personal life without worrying about restrictive policies or outdated devices” Employee Colleague Friend Family Need for Seamless and secure access to anyone, anywhere on any device Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
  5. 5. Machines Are Communicating More Than Ever • VPNs and wireless networks • BYOD devices • Smart card authentication systems • TV set-top boxes • Vehicle communications systems • Tachograph devices • Power grids • Street and traffic lights • Smart-home systems • Factory and industrial machine systems Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
  6. 6. Relationship between Identities to increase security Verify and Authenticate Devices Verify and Authenticate People Employees Patients Citizens Consumers People Identity Partners Telematics Identity Cards Physical Access M2M Devices Device Identity Wired Devices Identity Relationship management is already available for Enterprise and allows links between identities of people and devices and strengthen Identity Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
  7. 7. A need for White Label Identity Services People Devices Identity Form factors Login/password Digital signature HW tokens Soft tokens Identity Form factors Open Standards Open Standards Services needed Open Standards Business Applications Work Login Healthcare Shopping Banking Identity Issuance Services (IDP) Federation & Identity Broker Services Risk Services RFID Digital Certificates Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
  8. 8. So what relationships? Relationship between two entities that can be authenticated This includes: • Users • Devices • Third Parties • Identified locations Relationship between entities can be leveraged to strengthen authentication and secure transaction or any exchange of data Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
  9. 9. IRM example in the online Payment world: 3D Secure 3D Secure defines a framework where the Issuing bank will authenticate the cardholder for a an online transaction allowing the merchant to pass the liability (in case of fraudulent transaction) to the Issuing Bank. 3D Secure leverage the relationships between actors/entities involved in the transaction: • The Merchant (and its acquired bank) • The Issuing bank • The cardholder/consumer (and a device) • The Interoperability Domain (infrastructure provided by the card schemes) Authentication of cardholder involve in most cases the use of a device (Mobile phone to receive token via SMS or other devices for token generation) Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
  10. 10. 3D Secure overview Online Merchant Client (cardholder) 1:Order and Card details 3D Secure Merchant Plugin Directory Server Access Control Server Authentication History Server 6: Authorization 6: Authorization request request Payment System 6: Authorization request Issuing Bank Acquiring Bank Issuer domain Interoperability domain Acquirer domain Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
  11. 11. IRM for Citizens: Identity Assurance Program UK Cabinet Office Assure UK Objectives: • Provide secure credential to UK Citizens (currently in beta phase) • Core of the solution is Identity Proofing • Verizon is one of selected identity providers to provide secure identities to UK citizens – Strong authentication – Users proof their identity online VERIZON UK IDENTITY PROVIDER – Fraud / compliancy requirements – User experience requirements Integration layer – Specialized federation protocols Government HUB Profile Management portal Authentication Portal (OpenAM) Identity Services Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
  12. 12. IRM for Citizens: Belgian Government • Registration & self management portal – Number of identities: +2 000 000 (in database; not including eID users) • Role management – Number of roles: 75 000 • Authentication portal – Federation: SAML2 – Oauth – WSFed – Number of relying parties: 500 – Peaks of 400 000 authentications per day / 25 authentications per second – attribute services (10 sources) – Complicated SSO model: depends on context (civil servant, citizen), and authentication level Local and regional services Supporting services Authentication Roles and permissions Federal services User and credential management Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
  13. 13. Other consumer cases for IRM The Payment & Government ecosystems benefit from an environment where trust and relationship between parties is established. Nevertheless using existing relationships or building relationship with user can be done in many other consumer cases. • Mobile phone based – Dedicated location based services – Mobile Marketing solutions – Interactions with Service kiosks • Connected Car – Car pooling/renting solutions – Pay-as-you-drive insurances – Fleet/Drivers management Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
  14. 14. Outcomes Are IAM or IRM needs very different between the consumer and the enterprise worlds? • Scale can be bigger but security principles are the same – Strong authentication is needed when there is value in the proposal – Use of Standards (emerging & existing) to connect entities is a must – Trusted Identity providers are needed – Data privacy and regulations must be addressed Adding relationship existing between the end-user and other identified to: • Enhance the security and the level of services that can be provided • Provide additional services • Strengthen the links with customers Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14

×