Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Eic2011 rolling presentation_1

1,053 views

Published on

European Identity Conference '11 presentation

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Eic2011 rolling presentation_1

  1. 1. EIC’2011 UBISECURE SOLUTIONS, INC. Your Partner in Identity and Access ManagementConfidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  2. 2. Where Ubisecure comes from: FinlandConfidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  3. 3. Finland: Background 5.3 million residents Approx 325 000 companies (2009) Parliamentary republic with central government 336 local municipalities EU member since January 1995 Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  4. 4. Finland: ICT background High Internet penetration (86% of 16–74 old Finns use internet; 50% of 7 year-olds use it!!) High e-commerce acceptance (92% use) High mobile penetration (>100%; all ages) High broadband services penetration Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  5. 5. Before – All services were physically centralized 1960-90: Physical shopping centers Typically always populated by: Taxation Office, Government Social Insurance Org, Employment Office, Several Bank(s), Shop, Bar, Doctor, … Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  6. 6. Internet: Where services – and people are now Today all services are found in Internet Finnish people shop in internet close to 10 Billion € in 2010 More than 92% of Finnish people has used internet for shopping… People are hanging around in Internet All ages: 4 … 75+ yrs (not joking ☺) Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  7. 7. Why such a strong trend?Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  8. 8. Consumer Groups Market Behavior… OLD GENERATIONFOLLOWERS AGE OF 20 .. 69 MASSES PIONEERS YOUNGER GENERATIONS 8 Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  9. 9. Cost Efficiency per Service Channel MobilePhysical Office Internet Service Service30-50€ ..0.20 € Visit Telephone Session Service 10-20€ Internet Call Service Near Field Communication ATM Mobile Services ..0.10 € Services Session 1-2€ Transaction ..0.50€ ..0.10 € Transaction Session Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  10. 10. Cost Efficiency per Service ChannelFinland Monthly Income Monthly Income Per (2010) (2005-10) HourAverage Salary ~ 3400€ ~ 3113€ ~ 20€Average employment ~ 6120€ ~ 5605€ ~ 36€costs (x 1.8) Service 47€ Physical Office Average Visit Service 1h 17min Mail Service Correspondence 19€ Average 12€ Service 23 min Mailing Service Average Call 31 min Telephone Service Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  11. 11. Large scalee-Gov authentication and authorization Service in Finland Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  12. 12. In this Customer case we have Millions of users usingUbilogin protected services each month. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  13. 13. More than 32 Million users since 2004. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  14. 14. That is more than six times the population. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  15. 15. More than 72% of the Companies each month. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  16. 16. No one could keep trackand manage all those identities. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  17. 17. Neither our Business Partner.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  18. 18. Nor our Customer.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  19. 19. So, the identity management needed to be Delegated. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  20. 20. In a well-controlled manner.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  21. 21. And Automated.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  22. 22. 1) ThereforeExternal Identity Management… Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  23. 23. 2) Therefore Federation.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  24. 24. 3) And with the ultimateSingle Sign-On user experience. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  25. 25. Tunnistus.fi Identity Provider ”Tunnistus” (finnish) means Identification Joint project of the Tax Administration, Ministry of Employment and the Economy and the Social Insurance office IdP Proxy service for Banks and eID cards Joint venture consortium contract signed March 2003 RFQ March 2003, Implementation 5 months Operational January 2004 Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  26. 26. Tunnistus.fi G2C AuthN Web single sign-on based on both proprietory and SAML2 protocols Liberty Interoperable tested Single logout Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  27. 27. Tunnistus.fi and VETUMA federation Two similar systems cover different target groups under different government budgets with different service mandates New government portal service started in 2011 is driving increased authentication volume Tunnistus.fi and VETUMA will be federated together in Q1 2011 using discovery based on the CDC approach Stakeholders developed the eGov Deployment Profile for Finnish public sector SAML2 WebSSO deployment profile. The profile is based on the Kantara eGov implementation profile 2.0 and the SAML2int.org ver 0.2 deployment profile[1]. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  28. 28. KATSO G2C AuthN & AuthZ Self-service authentication and authorization service for government e-servicesSample of features: User self-registration Role delegation (to other sub-user) Power of attorney (user-to-user, user-to-org, org-to-org) Self-service credential management Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  29. 29. KATSO Roles Different role groups Internal system roles General roles Service specific roles Total roles: 51 Roles provided by KARVA = SAML2 Attribute Authority SP queries role information after authentication using SAML2 Attribute Query Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  30. 30. KATSO Web Services KATSO operates an ID-WSF 2.0 WSIDP also enabling integration of non-browser clients Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  31. 31. KATSO History Introduced 2006 2009: over 30 services Top 3 Unemployment registration (Tax) Tax card ordering (Tax) Registering as a job seeker (Social insurance) Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  32. 32. KATSO Two types of authentication Strong: Katso OTP (One time password PIN/TAN) Weak: PWD (Username and password) Strong authentication initial registration based on bank assurance (TUPAS) or physical visit Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  33. 33. KATSO Use of KATSO initially limited to consortium members Legislation changes have recently permitted wider use Use outside of government services still limited by legislation Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  34. 34. KATSO: G2B How does it work?Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  35. 35. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  36. 36. Self service enrolment Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  37. 37. Familiar process Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  38. 38. Bank authentication Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  39. 39. Indexed TAN Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  40. 40. Attribute release consent Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  41. 41. New: Telcos as Commercial IdPs for eGov Commercial Wireless PKI (MPKI, WPKI) service launched 30.11.2010 Named ”Mobiilivarmenne” Mobile Certificate http://www.mobiilivarmenne.fi/en/en_2.html Supported by 3 out of 4 national telcos Competing with TUPAS service Roaming function - one contract with one telco is enough ETSI MSS Mobile Signature Service Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  42. 42. Telcos as Commercial IdPs Long history – previous studies and commercial trials commencing around 2003 to use national ID in the mobile had failed New business model, purely commercial Requires government-issued CA license with stringent auditing Application embedded in SIM (application toolkit application) Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  43. 43. Telcos as Commercial IdPs Works while roaming (SMS based transport) Pricing for end users Elisa: 0.09 per transaction (Free until Nov 2011) Other telco pricing unknown Pricing for SP services Unpublished Expected adoption in G2C services in 2011 Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  44. 44. What has been achieved?(The benefits) Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  45. 45. Government Business Case –has cumulated savings of 1.05 Billion € Today 32+ Million transactions served in “Federated Government Service Center” Before– it would have meant 32+ Million service sessions in physical service points or telephone Example what costs this could have generated “back then”: 50% physical + 50% telephone Service Cost: 1.05 Billion € 16 million x 47 € = 748 M€ 16 million x 19 € = 301 M€ Instead, these costs have now been saved! Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  46. 46. Reality check: eGovernment Business Case (at least) 656 M€Saved Costs so far! Reality-check: What if part of the customers would have “dropped out” That is: Less customers served, Less service sessions Example, that is, savings AT LEAST: 10 million phone calls 10 million visits 12 million (example) not served or “solved” any other way Service costs would still have been 656 M€!!! This means, that 10 million x 47€ = 468 M€ At least these costs 10 million x 19€ = 188 M€ have been saved!! Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  47. 47. One of the greatesteGovernment Success Stories in the World! SOME HIGHLIGHTS 32+ Million transactions served in “Federated Government Service Store” OF THE SUCCESS: in Finland Six times the population served so far! Service Costs by the end of 2010 e.g.1€/tr Current service volume 2M tr/month 4,5 times the population served each year! Now 71% (!) of the companies in Finland are registered as users of the service Huge impact on G2B services! Currently the transfer to Internet generates 763 M€ savings per year for Government in Finland (and this mainly so far only for three agencies as others are now joining) Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  48. 48. Tunnistus.fi Statistics AuthenticationsChart credit: Verohallinta, Finnish tax administration Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  49. 49. KATSO Statistics AuthenticationsChart credit: Verohallinta, Finnish tax administration Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  50. 50. ROI is rather ”nice” ☺ ROI for the IAM solution AuthN for G2C For 2004 - 2010 = that is 7 yrs in production 2006 - 2010 = that is 6 yrs in production AuthZ for G2B 253 470% (!) Not included: the services that attract users and generate the benefits Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  51. 51. The Elements for Success Government Cooperation! IAM Cooperation! industry (standards, mature technology, mature products)Commercial IDPs Public IDPs Keen users: Companies Residents Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  52. 52. Single Sign On.Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  53. 53. Single Sign-On across all web-based Services…Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  54. 54. …and also acrossthe Services of the Business partners. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  55. 55. And across the Cloud-based Services. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.
  56. 56. THANK YOU!Ubisecure Solutions, Inc.www.ubisecure.com <firstname.lastname>@ubisecure.comFINLAND: SWEDEN:Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396FIN-02150 Espoo S-10724 Stockholmtel. +358-9-2517 7250fax +358-9-2517 7070Registered in Espoo, Finlandreg. nr. FI1748721-4Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable newonline business concepts and speed the growth of existing web-based operations by joining separate sitesand services into larger trusted areas. The innovative products allow internet users to flexibly and securelymove between online services – without encountering repeated login prompts. Ubisecure maintains anextensive network of partners that offer organizations advice, consulting and technical services; andprovides high-level training in secure online business through the widely appreciated Ubisecure IAMAcademy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardizedidentity and access management solutions. For more information, please visit www.ubisecure.com.Identify and Authorize.Enable secure business. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved. Copyright Ubisecure Solutions, Inc. All rights reserved.

×