2014 sep22 ppi-greenlist-intro-to-x1255-short-version
-
Upload
richard-obrien -
Category
Internet
-
view
94 -
download
0
description
Transcript of 2014 sep22 ppi-greenlist-intro-to-x1255-short-version
10/30/2014 1
I NTELLI GENT TRANSACTI ONS
paymentpathways Intelligent Transactions
RichardO’Brien–President8742W.HigginsRd.#240Chicago,[email protected]
1
ITU-T Rec. X.1255 (09/2013) Framework for discovery of identity
management information
Geneva – September 22, 2014
10/30/2014 2
AgendaDiscovery of Trusted Credentials
Framework for discoveryidentity-related information | and its provenance
• Contribution Scope
• Problem statement
• Illustrative Use Case
• Benefits
• Objective
• Rationale
• Components
10/30/2014 2
10/30/2014 3
Contribution scopeDiscovery of Trusted Credentials
Framework for discoveryidentity-related information | and its provenance
• Information being identified such as services, processes and entities
• Identity-related information attributes including, such as visual logos and human-readable site names
• Other attributes and the functionality of applications
• Description of a data model and a protocol to enable meta-level interoperability for representation, access and discovery of the information referenced above in heterogeneous IdM environments.
Dis
co
very
De
sc
rip
tio
n
10/30/2014 3
10/30/2014 4
Problem statementThe case for security-by-design
4
• This puts financial account information at risk for unauthorized debits – adding costs of counter-measures to protect data
• 60% to 70% of the world’s population have no Internet access and no bank account
• Diasporas and disadvantaged youth lack full participation in the electronic economy
Wastes human capitalThwarts economic growthPerpetuates the digital divide
• Need cannot be addressed with traditional bank, debit, credit or telcostored value identifiers that expose dual credit/debit functionality
10/30/2014
Receiving payments electronicallyrequires divulging | bank account or card numbers
10/30/2014 55
Federated Registries
Greenlist®
Deposit-only payment addresses
5
Illustrative Use Case
Transaction identifier masking bydata minimization & use limitation
10/30/2014 6
Student’s Bank
School’s BankTeacher
$
4
5
2
Notification
Notification
$
1 Payor authenticates and inputs Greenlist® ID/VID to pay
2 Portal SW queries Greenlist, obtains VID to match and LCA identifier
3 Payor verifies payee is correct. Submits amount to pay.Bank pays Linked Credit Account (LCA) identifier
4 Non-repudiable payment routes to payee’s LCAPayee’s bank notified
5 Payee notified (when and amount) funds to arrive
3
1
ACH or EFTNetwork
Student10/30/2014 6
Illustrative Use CaseIncentive merit payments
in education
10/30/2014 7
Privacy• No personal information given to
merchants or any third parties
Risk• No merchant fraud risk, greatly
reduced consumer fraud risk• No repudiation risk• No accounting reconciliation risk
Cost • Significantly more cost efficient
Teacher Empowerment• Academic rewards• Behavioral rewards
Human Capital Growth• Involve local businesses• Narrow digital divide
Financial Education• Lifelong skillset for students• Families learn by osmosis• Inclusion in electronic economy
10/30/2014 7
BenefitsIncentive merit payments
in education
10/30/2014 8
ObjectivesIncentive merit payments
in education
• Teach the value of saving and watching dollars grow• Parents and Teachers engaged in the learning process• Financial Education to impact every grade level
Pilot Design ObjectivesFinancial Education | expected outcomes
Education as THE Critical Success FactorFinancial Education | recognition, skills and inclusion
• Consistently superior user experiences• Right content at the right time• Delightful rewards recognize academic achievement
10/30/2014 8
10/30/2014 9
RationaleIncentive merit payments
in education
Banks incented to introduce Youth SavingsCivic Leadership | corporate sponsorships
• Spending may vary widely on technology
• Resources inconsistently applied so access, tools and courseware can lag, especially in impoverished areas.
• Multi-tenant SaaS platform to deliver and track incentive-merit payments for millions of students.
• Entities can govern, fund, configure, operate, measure and assess the virtuous circle of incentive payments. By recognizing achievement at every stage student life, the authority of the mentor is reinforced.
10/30/2014 9
10/30/2014 10
ComponentsFederated registries
• Persistently identifiedo Self contained
o Self described
o Self aware
• Integral access control
• Extensible
Digital objects
• Contain digital objects• Are themselves, digital objects• Repository Synchronization
Protocol (RSP)• Platform independent
Repositories
• Search engines• Databases• Digital information• Digital objects
Useful for discovery
• Persistent identification• Distributed architecture• Registrar provenance
Handle system
10/30/2014 10
10/30/2014 11
Pilot ProofsFederated Registries
Application
Legacy
Ecosystem
Stateof Need
Federation
Stateof Technology
Enterprise
Stateof Practice
Scale and Governance
Enabling Technology
Authorization
Application
ApplicationSpecific
Access ControlLists
Organization
VPN,VirtualDirectories, etc.
Role Based AccessControl
Community of Interest
PKI, SAML, TrustFrameworks, etc.
Attribute BasedAccess Control
Cross SectorMarketplace
TrustmarkFramework
Policy BasedAccess Control
Source: Georgia Tech Research Institute
Past, present and future
10/30/2014 11
10/30/2014 12
Instructions
Notifications Permissions
Authentication
Greenlist
Attribute
Bindings
Lifelong attribute bindings
10/30/2014 12
10/30/2014 13
© 2014 Payment Pathways, Inc. © 2014 Payment Pathways, Inc.
& Digital Objects!
Busin
ess-t
o-B
usin
ess
Bill-P
ay &
Incen
tive
Paym
ents
n-Pilots
P2P & CNP
Mobile Payments
Cloud Services
Authentication
Authorization
Verification
Discovery
Interoperability
Attribute
Binding
GLID (“Token” or “Alias”) to ePayment address
Attribute
Bindings
Instruction
Notification PII P
erm
issio
n
Trust in the Core Creden al
A ribute Assurance
Use Cases
Applica ons
Core A ribute Binding Claims
Credentialing
10/30/2014 13
10/30/2014 14
Donor FundYear 1
Tablets and
Software$700,000
Rewards$200K
Adm. $100,000Income for SaaS providerincluding project management and donor funds recruitment costs
Direct benefitsto students
Security & Privacy Administration • Attribute Based Access Control
• Accounting
• Reporting
• SaaS vendor pays all fees on behalf of the School Districts
Attribute Assurance, User Authentication
Income for Bank: $.05 / transaction
Xfer fee @ $.15
Income for Multi-factor Authentication Provider:
$.05 / transaction
ATTRI BUTE ASSURANCE
Income for Attribute Assurance Provider:
$.05 / transaction
I NTELLI GENT TRA NSA CTI ONS
Greenlist UX (SaaS)
Donor FundsYears 2 & 3
HW & SW$900,000
Rewards$900,000
Adm. $200,000
Sustainability economics
10/30/2014 14
Project Management
10/30/2014 15
Security enhanced by eliminating intermediaries
FICAM1 (in US) | conformance
1 Federal Identity, Credential, and Access Management Fair Information Practice Principles: Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, Accountability and Auditing.
Public Identifiers Publicly discoverable, routable, ePayment address(es) Privacy Protection
NameBank or proxy supplies:
UPIC or LCA-ACH Bank Account Number
City PayNet Public PAN Debit or Credit PAN
Mobile Phone Number 1-630-880-0873
071000505 - 1348098709 071000505 - 1344230947
Greenlist ID (unique GLID)Pseudonym or PII:
"MyGreenlistID" (Unique)
International: Linked Sender GLID [email protected] 123456-123456789012-1 123456-493847605942-4
Relying Parties only receive PII that consumers wish to have divulged about
themselves
Greenlist drill-down
10/30/2014 15
10/30/2014 16
Attribute Verification
Authorization Credential ValidationCore Operations Recurring Functions Non-recurring Functions Entity
RegistrationRegistration
Authorization
1 ABAC is Attribute-Based Access Control
Identity Mapping
Authentication
BankSystem
Management and
Maintenance
Authorization Decision
Access Control Policy
Attribute Verification
Data Request
AccessRequestAuthentication
DecisionAccessRequest
Response
Credential Issuance/
Association
Student
Credential Provisioning
Credential Presentation
Credential Validation
Teacher
School
System Management
and Maintenance
Credential Validation
Data Request
Attribute Verification
Accounting
Registry
ABAC1
System Management
and Maintenance
Functional diagram
10/30/2014 16
10/30/2014 17
Leveraging CNRI’s Digital Object Architecture
International strategies
10/30/2014 17
JAPAN
PHILIPPINES
PAPUA NEW GUINEA
AUSTRALIA
NEW ZEALAND
UNITED STATES OF AMERICA
CANADA
ALASKA (USA)
COLOMBIA
VENEZUELA
BRAZIL
PERU
BOLIVIA
HONDURAS
NICARAGUA
ECUADOR
GUYANA
SURINAME
FRENCH GUIANA
COSTA RICA
PANAMA
GUATEMALA
CUBA
PARAGUAY
ARGENTINA
URUGUAY
CHILE
GREENLAND
ICELAND
REPULIC OF IRELAND
NORWAY
SWEDEN
FINLAND
DENMARK
ESTONIA
LATVIA
LITHUANIA
POLAND BELARUS GERMANY
CZECH REPUBLIC
NETHERLANDS
BELGIUM
FRANCE
SPAIN
PO
RTU
GA
L
SWITZ.
AUSTRIA
SLOVAKIA
HUNGARY
ROMANIA
BULGARIA
ITALY
UKRAINE
TURKEY GREECE
SYRIA
IRAQ
SAUDI ARABIA
YEMEN
OMAN
UAE
EGYPT LIBYA
ALGERIA
MOROCCO TUNISIA
WESTERN SAHARA
MAURITANIA
MALI
NIGER CHAD
SUDAN
ETHIOPIA
SOMALIA UGANDA
SENEGAL
GUINEA
LIBERIA
COTE D’IVOIRE
BURKINA
GHANA
NIGERIA
CAMEROON
CENTRAL AFRICAN REPUBLIC
GABON CONGO
DEMOCRATIC REPUBLIC OF
CONGO
KENYA
TANZANIA
ANGOLA
ZAMBIA
MOZA
MBIQ
UE
NAMIBIA
BOTSWANA
ZIMBABWE
REPUBLIC OF SOUTH
AFRICA
MADAGASCAR
RUSSIAN FEDERATION
KAZAKHSTAN
GEORGIA
IRAN
UZBEKISTAN
TURKMENISTAN
AFGHANISTAN
KYRGYZSTAN
TAHKISTAN
PAKISTAN
INDIA
CHINA
NEPAL
MYANMAR
THAILAND
SRI LANKA
MONGOLIA
NORTH KOREA
SOUTH KOREA
TAIWAN
CAMBODIA
LAOS
VIETNAM
MALAYSIA
INDONESIA
UK
Open
LATAM Root Registry (research phase)
Greenlist Patents Issued
US
ITU
EU
CN MEXICO
10/30/2014 18
I NTELLI GENT TRANSACTI ONS
paymentpathways Intelligent Transactions
RichardO’Brien–President8742W.HigginsRd.#240Chicago,[email protected]
18
Richard O’BrienPresident – Payment Pathways, Inc.8745 W. Higgins Rd. #240Chicago, IL 60631 – 312-346-9400