Trusted Identities That Drive Global Commerce

Similar documents
Aspects of Identity. IGF November BCS Security Community of Expertise

Oracle Buys Automated Applications Controls Leader LogicalApps

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

E-Government Moldova s Experience and Future Perspectives

Singapore s National Digital Identity (NDI):

Prepaid Access MIDWEST ANTI-MONEY LAUNDERING CONFERENCE Federal Reserve Bank of Kansas City March 5, 2014

Recommendations for Small and Medium Enterprises. Event Date Location

ASIA PKI Forum Overcome PKI Deployment Obstacles. Terry Leahy, CISSP Vice President, Wells Fargo Sept 15th, 2003

ECA Trusted Agent Handbook

FiXs - Federated and Secure Identity Management in Operation

Deliver Data Protection Services that Boost Revenues and Margins

CHAPTER 13 ELECTRONIC COMMERCE

Gateway Certification Authority pilot project

THE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER INFORMATION PACK

MUTUAL RECOGNITION MECHANISMS. Tahseen Ahmad Khan

Establishing Trust Across International Communities

Transforming the Document Signing Process

white paper SMS Authentication: 10 Things to Know Before You Buy

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

BUZCOIN TOKENS SALE PRIVACY POLICY. Last updated:

National enote Registry Requirements Document. Version 1.0

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

The Open Application Platform for Secure Elements.

PPR TOKENS SALE PRIVACY POLICY. Last updated:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

ELECTRONIC IMAGE AND TEXT DATA TRANSFER USING FILE TRANSFER PROTOCOL MEMORANDUM OF UNDERSTANDING

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

Cybersecurity and Data Protection Developments

S90. SEMOpx Transitional Registration Guide DO NOT SEND BACK. Date: 17/05/2017 Document; Revision: 1.2

The Device Has Left the Building

in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012

S00. SEMOpx - Registration Guide DO NOT SEND BACK. Date: 17/05/2017 Document; Revision: 1.2

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Ten Innovative Financial Services Applications Powered by Data Virtualization

Starflow Token Sale Privacy Policy

ELECTRONIC RECORDING MEMORANDUM OF UNDERSTANDING

The Honest Advantage

Secure Government Computing Initiatives & SecureZIP

CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement

Strong Security Elements for IoT Manufacturing

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

NYDFS Cybersecurity Regulations

Private cloud for business

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

efax Corporate for Independent Agent Offices

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

US Federal PKI Bridge. Ram Banerjee VP Vertical Markets

Enabling a World-Class National ICT Sector

EBAM for Corporates. SWIFT Certified Application. Label Criteria 2018

Helping Meet the OMB Directive

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

ISSUES FOR RESPONSIBLE USER-CENTRIC IDENTITY

Mobile Financial Services: An Approach To AML/CTF For Mobile Money Transfer

Consultancy for Trade and Supply Chain Finance Track Criteria

e-sign and TimeStamping

eid Applications Cross Border Authentication

Efficient, broad-based solution for a Swiss digital ID

Séminaire sur la Certification Electronique

The Marketplace for Cloud Resources

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

10 Considerations for a Cloud Procurement. March 2017

Security Secure Information Sharing

Secure Messaging as a Service

GDPR Workflow White Paper

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Apple Inc. Certification Authority Certification Practice Statement

Leveraging the LincPass in USDA

Accelerate Your Enterprise Private Cloud Initiative

OptiSol FinTech Platforms

Trusted National Identity Schemes. Coralie MESNARD

PCI compliance the what and the why Executing through excellence

Electronic Contracting: creating legally binding agreements

Implementing Electronic Signature Solutions 11/10/2015

How Next Generation Trusted Identities Can Help Transform Your Business

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

Mailroom Outsourcing. Business Solutions

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Important Information

Development of smart authentication and identification in Asia

Technology Competence Initiative

ING Public Key Infrastructure Technical Certificate Policy

Authentication and Fraud Detection Buyer s Guide

GLOBAL PKI TRENDS STUDY

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Agreements & Contracts: Electronic Documents User Agreement CUSTOMER SERVICE SKOWHEGAN SAVINGS

SR 2019 Business Highlights

Canada Life Cyber Security Statement 2018

Privacy Policy Effective May 25 th 2018

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

Resilience, Responsibility, Responsiveness Towards a Future-oriented, Sustainable World Economy. B20 Recommendations on Digital Trade

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

You can contact us about any questions, comments or requests you may have regarding this privacy policy using the details below:

Company presentation Transition and Transformation

GDPR: A QUICK OVERVIEW

Managing Trust in e-health with Federated Identity Management

Development Authority of the North Country Governance Policies

Transcription:

Trusted Identities That Drive Global Commerce For information of the BCS/EEMA Community A truly Federated Trust Network - Building upon core competences of the worlds banks & payments systems Governance & Operational Risk Management in a borderless world of ubiquitous high capacity electronic networks spanning Public & Private Sectors, product verticals & industry sectors 2 nd December 2014 John G Bullard

Galls Law- the Trust Network is a classic illustration of this. A complex system that works is invariably found to have evolved from a simple system that worked. The Inverse also appears to be true. A complex system designed from scratch never works, and cannot be made to work. You have to start over again, beginning with a working simple system. Quote from John Gall s publication Systemantics: How Systems Really Work and How They Fail Copyright 2014 IdenTrust, Inc. All Rights Reserved. 2

What, exactly, do we mean by trusted eidentity? Having absolute certainty of who you are interacting with Being able to check/validate that this is, indeed, the case Knowing who guarantees the identity of the individual Being a real name, not just a number Having complete trus to act on their instructions Having a transparent audit trail of who did what, and when Seeing eid as a key component to limiting liability and external exposures Copyright 2014 IdenTrust, Inc. All Rights Reserved. 3

And yet Today we have Solutions defined by national boundaries, which cannot operate outside? Solutions defined for a single Industry vertical? (e.g. Pharma, Aerospace, Insurance, or Nationstate governments ) Solutions defined by a product/an application? (e.g. Payments Only einvoicing only or Logistics only ) Should we not have an approach which can cover the convergence of all 3 circles Copyright 2014 IdenTrust, Inc. All Rights Reserved. 4

Why is this subject of significant interest to Business, to Governments and to their Banks? Buyer Find Trading Partner Bid/ Selection Obtain Credit Contracts/ Purchase Order einvoicing Logistics Pay / Settle Online Trust is essential at each stage Seller Find Trading Partner Offer/ Accept Assess Credit Contracts/ Purchase Order einvoicing Logistics Pay / Settle Banks Traditional Trust /Assurance Role in payments can be leveraged Copyright 2014 IdenTrust, Inc. All Rights Reserved. 5

The model is evolutionary. Think of 1970 s creation of the Card Schemes or historical cheque clearing schemes Card Issuer Card Authorization Certificate Issuer Certificate Validation Card Holder Merchant Certificate Holder Relying Party Trusted Transactions Powered by Credit Card Associations, e.g. VISA, MasterCard, etc. Trusted Identities Via Trust Network As a Third-Party Enabler that operates the network, uses established standards, and ensures compliance Copyright 2014 IdenTrust, Inc. All Rights Reserved. 6

A 4 dimensional approach to Technology with responsibility Aided by lawyers worldwide, banks financed an Operating Rule Set approach to global identity credential management Policy KYC consistency Global regulatory compliance Legal Global contractual framework Contracted liability model Dispute resolution Operational Data centre security Consistent manufacturing process Secure fulfilment process Cross community efficiency Technical Industry-standard technologies Interoperable solution elements Consistent deployment Copyright 2014 IdenTrust, Inc. All Rights Reserved. 7

It has a Contract-based legal framework Global Legal Interoperability is possible only in a Contractual System governing Subscribing Customer Relying Customer Customer Agreement Customer Agreement Operating Rules Issuing Participant Relying Participant IdenTrust Root CA Liability and Recourse Among All Parties - Operating Rules bind all players - Customer Agreements bind customers to contractual liability limitations Legal Recognition of Digital Signatures Contract Formation Electronically - Signed OCSP validation assures every Relying Party is bound to a customer agreement - Legal effect of digital signatures authenticated by validated certificates provided by contract, globally Dispute Resolution over Signature Validity - Dispute Resolution Procedures provide private forum (London Court of Arbitrage) Technical Standards - Ensures compatibility across the Network - Reduces cost through vendor competition for standard component elements Copyright 2014 IdenTrust, Inc. All Rights Reserved. 8

Foundation stone of a multi-use identity and validation layer ebam BACSTel IP SEPA Payment Secure Email SwiftNet FileAct einvoicing Corporate Portal Messaging and Communications networks Open Standards Messaging and Communications networks Proprietary Standards Corporate (or Government) Entitlements & Privileges Identity Solution and Validation Service Lower cost of ownership and economies of scale are achieved though spreading fixed costs across a larger volume of certificates- Multipurpose certificates have a greater value than single use certificates Improved customer experience through the use of standard authentication methods across the enterprise and Interoperability of certificates both internal and external from the enterprise, and future proofing your investment by building a solution that satisfies future customer supply chain requirements Copyright 2014 IdenTrust, Inc. All Rights Reserved. 9

Security By Design end-users bring the applications, the rest is already there why re-invent the wheel?? Certificate Management System Certificate Authority Fulfilment Capability End Users Applications Your applications Industry applications IdenTrust applications Single CMS interface accessing multiple CA s identities on any form-factor issued to your end users for use with multiple applications globally Copyright 2014 IdenTrust, Inc. All Rights Reserved. 10

Customer Proposition true interoperability Historic parallels electricity voltages, railroad gauges Secure email ERP einvoicing & Trade Mgnt Country Scheme e.g. CNIPA (Italy) BACSTEL-iP (UK) An integrated Identity Solution Electronic Banking Other Applications Single vs. Multiple Platforms Interoperable vs. Point Solution Single vs. Multiple Tokens vs. Cross-border vs. solely Local solution FileAct Identity Solution 1 ERP Identity Solution 2 einvoicing & Trade Mgnt Identity Solution 3 Country Scheme e.g. CNIPA (Italy) Identity Solution 4 BACSTEL-iP (UK) Identity Solution 5 Electronic Banking Identity Solution 6 High vs. Lower RoI A utility. High vs. Low Scalability Copyright 2014 IdenTrust, Inc. All Rights Reserved. 11

Copyright 2014 IdenTrust, Inc. All Rights Reserved. 12

each usable independently or as part of a broader interconnected Supply Chain structure ACH Payments Corporate Purchasing International Trade Treasury Management Cash Management Insurance contracts Letter of Credit Statement Delivery Electronic Document Delivery Financial Gateway Supply Chain Management Electronic Content Delivery Foreign Exchange Payment Instructions Mortgage and Leasing Enterprise use Government Filings Compliance IdenTrust TN Identity Validation Liability Management Globally interoperable Legally enforceable Copyright 2014 IdenTrust, Inc. All Rights Reserved. 13

Banks highly regulated entities manage and mitigate Risk, whether as Intermediaries or Agents, in 3 areas Operational Risk Management Transactional e.g. national and global payments and settlement functions Credit Markets Risk Management i.e acceptance of deposits and making loans Capital/Wholesale Markets Risk Management. Banks trade on their own behalf or for customers Trusted eidentities, underpinned by strong KYC processes, are essential for each area of Risk Management Copyright 2014 IdenTrust, Inc. All Rights Reserved. 14

To be of real value, there must be clarity on two distinct issues for eid/esignatures 1. What aspects of Identity will be managed? 2. Who will be covered by the identity management solution? Policy Multiple Communities of Interest Multiple legal jurisdictions Level of Effort/Complexity Legal & Liability Operations Tech Level of Effort/Complexity Multiple Communities of Interest Community of Interest Internal Copyright 2014 IdenTrust, Inc. All Rights Reserved. 15

So, a Trust Network solution to esignatures was developed for a world of increasingly ubiquitous free and open networks An Identity Community where Banks issue identity credentials usable in more than 100 countries The scheme runs an identity validation network that is scalable, self-routing, real-time and highly secure The scheme provides tools to embed identity into existing applications To do this, the Scheme provides Operating Rules for Common global standards (using established open standards) A global and scalable network, not dependent on multiple bi-lateral contracts An application framework which is open to all Application providers The effect of this is that the end user whether that is a Government employee, a company employee, or an individual citizen in their personal capacity can present that identity electronically within an overall framework where roles, liabilities and consequences are understood Copyright 2014 IdenTrust, Inc. All Rights Reserved. 16

Company History Formed in 1998, IdenTrust is a Bank-Built, Full-Service Identity Solutions Provider Built by banks, for bank, regulator-grade the identity gold standard Global interoperable identity scheme (Trust Network) User-level non-repudiation, legally enforceable Regulator-grade identity vetting Single identity, multiple uses, any form-factor (hardware or software based identities) - Member banks issue identity credentials usable in more than 172 countries Proven record of delivering bank-grade strong authentication (Trust Gate) Used across 6+ billion transactions annually No data or infrastructure compromise in the ten years of platform operation Multiple fulfilment options Proven supplier of outsourced PKI hosting services with a compelling and proven ROI (Trust Infrastructure) Support services based on multiple identity schemes (banking, government, industry and corporate) Used by many of the world s leading financial institutions and multinational corporations 3 million+ certificates issued across all policies Copyright 2014 IdenTrust, Inc. All Rights Reserved. 17

The Network is highly scaleable Subscribing Customer Relying Customer Issuing Participant e.g. RBS Relying Participant e.g. Standard Chartered IdenTrust Root CA Copyright 2014 IdenTrust, Inc. All Rights Reserved. 18

Bank-issued Trust Network identities fulfill 4 capabilities 1. Access Only - Support better Single Sign-on, with improved controls - Establish two-factor compliance for regulatory purposes - Limit capability to access; no identity, encryption, or electronic signature 2. Authentication - Provide Access control and add use of Digital Signatures to prove identity and deliver non-repudiation - Reduce online fraud - Provide audit and compliance tracking 3. Encryption - Safeguard content and eliminate pharming - Encrypt data while in transit and at rest including supporting format preserving encryption (FPE) - Ensure document and data integrity for electronic documents and forms 4. Electronic Signatures - Replace wet ink signatures - Provide legally-binding user-level signatures - Enable reengineered electronic processes including STP Copyright 2014 IdenTrust, Inc. All Rights Reserved. 19

Communities: Localisation Layering of business and application rules on top of Trust to minimize duplication and extend reach as broadly as possible Customer Services Layer 3 3 Individual members deliver competing applications to their customers Layer 2 Rules Service 2 Layer 2 2 Local Communities agree standards and business rules for use of agreed common application. These services operate on top of IdenTrust trust infrastructure Layer 1 PLOT Service 1 Layer 1 1 IdenTrust provides core global IdenTrust Trust Network foundation FI Community Copyright 2014 IdenTrust, Inc. All Rights Reserved. 20

Need to support multiple types of solutions, for both the financial and the physical supply chain Financial Services Applications Single Sign On Anti-phishing and anti-pharming Bank Mandate management ACH Payments/SEPA implementations Corporate Purchasing International Trade Letters of Credit Statement Delivery Electronic Doc Delivery/Exchange Payment Instructions SarbOx etc compliance Mortgage and Leasing Processing Corporate Applications Online Auction Markets Electronic Content Delivery Insurance Sales and Contracts Government Filings, Procurement Tax Submissions Verticals Pharma, Energy, Defence Financial Gateway evaulting Access Control Cash Management Services Invoicing/Purchase Order Exchanges Each of these applications can be streamlined and improved through the use of trusted Identities Copyright 2014 IdenTrust, Inc. All Rights Reserved. 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback