Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Transcription

1 Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions? Jack Radzikowski,, Northrop Grumman & FiXs Smart Card Alliance Annual Meeting La Jolla, California October 5, 2006

2 AGENDA: ANSWERING THE QUESTION FROM AN INVESTOR S S PERSPECTIVE Precedent: Brief History of Securities, Financial and Identity Federations Drivers: Immediate Market Drivers Toward Federation Markets: Hubs of Work Activity: Size of Now Related Identity Markets Federation Defined: Attributes of a Federated Identity Business: FiXs Risk: Investment Risk Perspective on Federated Identity and Smart Cards

3 KEY ELEMENTS OF FINANCIAL TRANSACTION- BASED ASSOCIATIONS Federated Structure Warranted Users Certified End Points Central Switch Syndicated Investment Syndicated Risk Governed by Members All Tied Together by Multi-Party Contracts, known as: Operating Rules Business Process 1 st Technology 2nd

4 HISTORY OF IDENTITY-RELATED FEDERATIONS Federation New York Stock Exchange VISA & Master Card SWIFT 1976 Quest 1995 Approximate Dates Events 1957, 1968, 1972 Securities Automation Study, Paperwork Crisis, Automation Corp. Established 1966 Multiple Banks Agree to Exchange Retail Financial Transactions 1976 Wholesale Transactions Automated Internationally 1995 Welfare Card Federation Creates Market Push for Debit Deployment DCCIS 2003 DoD FiXs 2005 DoD Pilots Cross Credentialing ID Authentication Network 2005 Commercial, ID Authentication Network Established for DCCIS and HSPD 12 Support

5 OPERATING RULES REFLECT VARIANCE WITH FINANCIAL SERVICES MODEL ISSUER ISSUER Financial Services Model: Purpose Primary: Validate Funds Availability Secondary: Validate Card Link card to owner through weak authentication (PIN) ACCOUNT-FOCUSED ACQUIRER/ ACQUIRER/ RELYING RELYING PARTY PARTY SWITCH/ SWITCH/ TRUST TRUST BROKER BROKER Identity Management Model: Purpose Primary: Authenticate Identity Secondary: Verify Claimed Identity Link credential to identity through strong authentication (biometric) IDENTITY-FOCUSED

6 DRIVERS: FEDERAL ACQUSITION REGULATIONS Contract clause. The contracting officer shall insert the clause at , Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have physical access to a federally controlled facility or access to a Federal information system Personal Identity Verification of Contractor Personnel. (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have physical access to a federally-controlled facility or access to a Federal information system.

7 DRIVERS: HOW TO RESPOND TO THE FAR? Choices: Equipment Bundles - Enrollment station(s) - Authentication stations - Domain servers Closed Managed Service - Full - Partial - Enrollment Service Only Federated Managed Service or

8 HUBS OF WORK ACTIVITY: SIZE OF NOW RELATED MARKETS Size in Millions 5 0 DoD Civil Vendors Port TWIC Transport 1 st & 2 nd Responders

9 IDENTITY FEDERATION DEFINED: FiXS BUSINESS STRUCTURE CREDENTIAL ISSUER Credential Issuer System Credential Issuer Company FiXs Governance Council Relying Party Company Authentication Requests Governance Council Membership Management By-Laws/Charter Member Agreements Operating Rules Association Governance Certification & Accreditation Strategic & Business Plan FiXs Operating Entity System Operations System Architecture Technical Specifications Authentication Transaction Processing Operating Entity FiXs Network System Authentication Responses Relying Party System RELYING PARTY

10 IDENTITY FEDERATION DEFINED: OPERATING RULES STRUCTURE Operating Rules establish the rules of engagement for participation in the FiXs system. The Rules are updated regularly to reflect innovations in technology, changes in regulations, and general needs and requirements of the membership. The general topics covered by the Operating Rules are: Credential Issuers Requirements Relying Party Requirements FiXs Trust Broker Operator Responsibilities Monitoring & Performance Requirements Security Requirements Liabilities & Recourse Privacy Requirements Governance & Business Requirements

11 IDENTITY FEDERATION: DCCIS & FiXs Member MemberCompanies Companies DoD FiXs Association Association DoD/DMDC DoD/DMDC Users: DoD employees with CAC cards. DCCIS Network DoD/DMDC DoD/DMDC Issuance Issuance System System DoD DoD Facilities Facilities&& Networks Networks FiXs Network Member Member Issuers Issuers Users: Member company employees w/ their badges. Member Member Relying Relying Parties Parties

12 IDENTITY FEDERATION TRANSACTION Federated Identity Management Identification & authentication of populations across organizational domains FIXS FIXS AUTHENTICATION AUTHENTICATION STATION STATION FIXS FIXS NETWORK NETWORK FIXS FIXS DOMAIN DOMAIN SERVER SERVER 1 FiXs Member presents 2 Identifier is routed 3 Member Company s card or ID number (Identifier) at Authentication Station through FiXs Network to FiXs Domain Server FiXs Domain Server matches Identifier to Member s Authentication Record 6 Member authenticates with Biometric. Security guard checks Photo and Demographic Data 5 FiXs sends Authentication Record to FiXs Authentication Station 4 FiXs Domain Server sends Authentication Record (Photo, Demographic Data, Biometric) to FiXs Network

13 FiXs and CARDS CURRENT FIXS AUTHENTICATION ID Number + Photo + Biometrics HSPD-12 FIXS AUTHENTICATION ID Number+Photo+Biometric+Smart Chip Company Name + Employee Number OR OR No Card OR Exp Date: 3/30/04 Company Card Company HSPD-12 Aligned Card OR FiXs HSPD-12 Aligned Card Physical Access Physical Access & Logical Access

14 RISK: WILL FEDERATION ACCELERATE THE ADOPTION OF SMARD CARD IDENTITY SOLUTIONS? Precedent: The Federated Business Model Has a Long and Successful History in Securities and Financial Services and Has Been Adopted by the DoD Drivers: HSPD 12. FAR, TWIC, Drive Smart Card Adoption Markets: Inter-Related Markets Drive Cross Credentialing Federation Defined: Operating Rules Define Risks, Federation Syndicates Liability and Investment Risk: All of the Above, Taken Together, Describe An Organized and Timed Market for Federation of Smart Card Based ID Authentication

15 QUESTIONS? For More Information FiXs.org