The Need for Digital Identities - SureID Aug 2015

download The Need for Digital Identities -  SureID Aug 2015

of 20

  • date post

    18-Aug-2015
  • Category

    Technology

  • view

    22
  • download

    0

Embed Size (px)

Transcript of The Need for Digital Identities - SureID Aug 2015

  1. 1. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION The Need for Digital Identities 1 Susan Krautbauer Regional Account Manager, Strategic Alliances 03Q15
  2. 2. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Identity Verification - a growing problem One, Social Security Numbers which are universal, but not reliable; Two, state-issued driver's licenses which are reliable, but not universal. March 26, 2012, David Frum, CNN 2 The U.S. has created two forms of de facto ID:
  3. 3. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 3 Identity Theft is Rampant June 11, 2015 Hackersare believed to have stolen SSN records for as many as 18 million current and former federal employees and contractors. ~Associated Press
  4. 4. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 4 Did you know 65 million U.S. adults, over one in four people, have a criminal record. Source: The National Employee Law Project, March 2011
  5. 5. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 5 Your Customers Trust You To Keep Them Safe. NOT KNOWING WHO YOU CAN TRUST PUTS YOUR CUSTOMERS AND BUSINESS AT RISK Not truly knowing who you are sending to interact with your customers can lead to consequences (e.g., robberies, inappropriate behavior, violent crime, trafficking) Actions on-premise reflect on your business and you may be legally liable for harm and/or damages Your business has inherent business risks using third-party vendors since you are not privy to their employment screening (or if they had one)
  6. 6. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION How will you protect & secure 6 Intellectual Property 3rd Party Vendor Access Business Operations Children, Elderly, At-Risk Volunteers, Disaster Response In-Home & Shared Economy
  7. 7. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION The Solution An effective solution would be to issue tamper-proof, biometric ID cards using fingerprints or a comparably unique identifier to demonstrate legal status and identity by non-forgeable electronic means. Helderman and Branigin, 7
  8. 8. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 8
  9. 9. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 9 Who Uses Our Services? Eid Passport has provided identity authentication to 818,000+ employees of more than 60,000 small, medium, and large companies doing business with the U.S. Navy, Army, Marine Corps, and Coast Guard.
  10. 10. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 10 RAPIDGate Program: Identity Management for U.S. Department of Defense (DoD)
  11. 11. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 11 IDENTIFY KBA (knowledge -based authentication) SSN Verification Address History CREDENTIAL Smart Card Technology Tamper-Resistant SureID Brand VERIFY Web Mobile Biometric Authentication SCREEN Felony Misdemeanors Lifecycle Screening Sex Offenders Multiple Providers Assurance
  12. 12. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Real Time Verification 12 Mobile Access By utilizing the SureID mobile application, not only can your security personnel validate a persons right-to-access in real time while inside your corporate facilities, but end users and organizations in the public service arena can also be assured that volunteers, staff, contractors and coaches are to be trusted.
  13. 13. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Watch Dog Services 13 The SureID Service runs a reoccurring background screen every 92 days. It will tell you who belongs. And who doesnt.
  14. 14. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION How will you use ? 14
  15. 15. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Three Levels of Engagement 15 Adopt (standard) Amplify (premier) Accept (entry level) Agree to accept the SureID credential throughout your organization Utilize SureID on campus for staff, 3rd party vendors / contractors Deploy SureID across your distributed field organization /volunteer network
  16. 16. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 16 How will you participate in the Trust Network? Its your choice.
  17. 17. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Learn more about SureID and Eid Passport 17 For Business https://vimeo.com/125268837 For Volunteers https://vimeo.com/113761758 For Disaster Response https://vimeo.com/124257212 For Highly Secure (PIV-I) https://vimeo.com/74734324 Critical Access Control RAPIDGate Program awarded Best Integrated System for HSPD-12/FIPS-201 Compliance Over the past three years, Eid Passport has grown revenue by 400%+ percent
  18. 18. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 18 sureid.com To learn how you can get involved in the SureID trusted network, please contact: Susan Krautbauer Regional Account Manager, Strategic Alliances Minneapolis Office: 952.451.9792 sjkrautbauer@sureid.com
  19. 19. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION Level of Assurance (LOA) Overview 19 Levels of Assurance Examples Level 1 appears to be positioned as an identifier rather than an actual identity an identifier can be used to present information on a consistent basis and can be, but does not have to be, loosely associated with an individual. Library Card Level 2 assurance is provided when a secret token or key is memorized by one or more parties allowing a trusted relationship to exist, without the need for full identification. Gmail Account Level 3 can best be described as an account based credential with additional verificationTo confirm the validity of the information in the context of usage, relying parties should undertake some verification of the identity information. Some enrollment is required and verification of the enrollment information is needed to confirm the claimed identity. SureID Level 4 implies knowledge of a persons identity with personal identifiable information (PII) required and present.For there to be non-reputable chain of trust, this credential must provide two or three factor authentication. Military CAC RapidGate (Passport) Source: Smart Card Alliance, Assurance Levels Overviews and Recommendations
  20. 20. 110-SI-F00006 EID PASSPORT PROPRIETARY AND BUSINESS SENSITIVE INFORMATION 20 Accreditations and Certifications DIACAP - Defense Information Assurance Certification & Accreditation Process MAC II ATO & PIA (U.S. Army) MAC III ATO & PIA (U.S. Navy) MAC III ATO (U.S. Marines) MAC Mission Assurance Category | ATO Authority to Operate | PIA Privacy Impact Assessment FBI Channeler Electronic fingerprint submission to Criminal Justice Information System Disseminate criminal history summary on behalf of the FBI National Institute of Standards and Technology SP800-63 Electronic Authentication Level of Assurance 4 (Very High Confidence) FIPS Federal Information Processing Standards 201-1 Personal Identity Verification 140-2 Communications Encryption Federal Bridge Certificate Authority (FBCA) RAPIDGate Premiere Personal Identity VerificationInteroperable (PIV-I) credential 20