Trusted Identities That Drive Global Commerce For information of the BCS/EEMA Community A truly Federated Trust Network - Building upon core competences of the worlds banks & payments systems Governance & Operational Risk Management in a borderless world of ubiquitous high capacity electronic networks spanning Public & Private Sectors, product verticals & industry sectors 2 nd December 2014 John G Bullard
Galls Law- the Trust Network is a classic illustration of this. A complex system that works is invariably found to have evolved from a simple system that worked. The Inverse also appears to be true. A complex system designed from scratch never works, and cannot be made to work. You have to start over again, beginning with a working simple system. Quote from John Gall s publication Systemantics: How Systems Really Work and How They Fail Copyright 2014 IdenTrust, Inc. All Rights Reserved. 2
What, exactly, do we mean by trusted eidentity? Having absolute certainty of who you are interacting with Being able to check/validate that this is, indeed, the case Knowing who guarantees the identity of the individual Being a real name, not just a number Having complete trus to act on their instructions Having a transparent audit trail of who did what, and when Seeing eid as a key component to limiting liability and external exposures Copyright 2014 IdenTrust, Inc. All Rights Reserved. 3
And yet Today we have Solutions defined by national boundaries, which cannot operate outside? Solutions defined for a single Industry vertical? (e.g. Pharma, Aerospace, Insurance, or Nationstate governments ) Solutions defined by a product/an application? (e.g. Payments Only einvoicing only or Logistics only ) Should we not have an approach which can cover the convergence of all 3 circles Copyright 2014 IdenTrust, Inc. All Rights Reserved. 4
Why is this subject of significant interest to Business, to Governments and to their Banks? Buyer Find Trading Partner Bid/ Selection Obtain Credit Contracts/ Purchase Order einvoicing Logistics Pay / Settle Online Trust is essential at each stage Seller Find Trading Partner Offer/ Accept Assess Credit Contracts/ Purchase Order einvoicing Logistics Pay / Settle Banks Traditional Trust /Assurance Role in payments can be leveraged Copyright 2014 IdenTrust, Inc. All Rights Reserved. 5
The model is evolutionary. Think of 1970 s creation of the Card Schemes or historical cheque clearing schemes Card Issuer Card Authorization Certificate Issuer Certificate Validation Card Holder Merchant Certificate Holder Relying Party Trusted Transactions Powered by Credit Card Associations, e.g. VISA, MasterCard, etc. Trusted Identities Via Trust Network As a Third-Party Enabler that operates the network, uses established standards, and ensures compliance Copyright 2014 IdenTrust, Inc. All Rights Reserved. 6
A 4 dimensional approach to Technology with responsibility Aided by lawyers worldwide, banks financed an Operating Rule Set approach to global identity credential management Policy KYC consistency Global regulatory compliance Legal Global contractual framework Contracted liability model Dispute resolution Operational Data centre security Consistent manufacturing process Secure fulfilment process Cross community efficiency Technical Industry-standard technologies Interoperable solution elements Consistent deployment Copyright 2014 IdenTrust, Inc. All Rights Reserved. 7
It has a Contract-based legal framework Global Legal Interoperability is possible only in a Contractual System governing Subscribing Customer Relying Customer Customer Agreement Customer Agreement Operating Rules Issuing Participant Relying Participant IdenTrust Root CA Liability and Recourse Among All Parties - Operating Rules bind all players - Customer Agreements bind customers to contractual liability limitations Legal Recognition of Digital Signatures Contract Formation Electronically - Signed OCSP validation assures every Relying Party is bound to a customer agreement - Legal effect of digital signatures authenticated by validated certificates provided by contract, globally Dispute Resolution over Signature Validity - Dispute Resolution Procedures provide private forum (London Court of Arbitrage) Technical Standards - Ensures compatibility across the Network - Reduces cost through vendor competition for standard component elements Copyright 2014 IdenTrust, Inc. All Rights Reserved. 8
Foundation stone of a multi-use identity and validation layer ebam BACSTel IP SEPA Payment Secure Email SwiftNet FileAct einvoicing Corporate Portal Messaging and Communications networks Open Standards Messaging and Communications networks Proprietary Standards Corporate (or Government) Entitlements & Privileges Identity Solution and Validation Service Lower cost of ownership and economies of scale are achieved though spreading fixed costs across a larger volume of certificates- Multipurpose certificates have a greater value than single use certificates Improved customer experience through the use of standard authentication methods across the enterprise and Interoperability of certificates both internal and external from the enterprise, and future proofing your investment by building a solution that satisfies future customer supply chain requirements Copyright 2014 IdenTrust, Inc. All Rights Reserved. 9
Security By Design end-users bring the applications, the rest is already there why re-invent the wheel?? Certificate Management System Certificate Authority Fulfilment Capability End Users Applications Your applications Industry applications IdenTrust applications Single CMS interface accessing multiple CA s identities on any form-factor issued to your end users for use with multiple applications globally Copyright 2014 IdenTrust, Inc. All Rights Reserved. 10
Customer Proposition true interoperability Historic parallels electricity voltages, railroad gauges Secure email ERP einvoicing & Trade Mgnt Country Scheme e.g. CNIPA (Italy) BACSTEL-iP (UK) An integrated Identity Solution Electronic Banking Other Applications Single vs. Multiple Platforms Interoperable vs. Point Solution Single vs. Multiple Tokens vs. Cross-border vs. solely Local solution FileAct Identity Solution 1 ERP Identity Solution 2 einvoicing & Trade Mgnt Identity Solution 3 Country Scheme e.g. CNIPA (Italy) Identity Solution 4 BACSTEL-iP (UK) Identity Solution 5 Electronic Banking Identity Solution 6 High vs. Lower RoI A utility. High vs. Low Scalability Copyright 2014 IdenTrust, Inc. All Rights Reserved. 11
Copyright 2014 IdenTrust, Inc. All Rights Reserved. 12
each usable independently or as part of a broader interconnected Supply Chain structure ACH Payments Corporate Purchasing International Trade Treasury Management Cash Management Insurance contracts Letter of Credit Statement Delivery Electronic Document Delivery Financial Gateway Supply Chain Management Electronic Content Delivery Foreign Exchange Payment Instructions Mortgage and Leasing Enterprise use Government Filings Compliance IdenTrust TN Identity Validation Liability Management Globally interoperable Legally enforceable Copyright 2014 IdenTrust, Inc. All Rights Reserved. 13
Banks highly regulated entities manage and mitigate Risk, whether as Intermediaries or Agents, in 3 areas Operational Risk Management Transactional e.g. national and global payments and settlement functions Credit Markets Risk Management i.e acceptance of deposits and making loans Capital/Wholesale Markets Risk Management. Banks trade on their own behalf or for customers Trusted eidentities, underpinned by strong KYC processes, are essential for each area of Risk Management Copyright 2014 IdenTrust, Inc. All Rights Reserved. 14
To be of real value, there must be clarity on two distinct issues for eid/esignatures 1. What aspects of Identity will be managed? 2. Who will be covered by the identity management solution? Policy Multiple Communities of Interest Multiple legal jurisdictions Level of Effort/Complexity Legal & Liability Operations Tech Level of Effort/Complexity Multiple Communities of Interest Community of Interest Internal Copyright 2014 IdenTrust, Inc. All Rights Reserved. 15
So, a Trust Network solution to esignatures was developed for a world of increasingly ubiquitous free and open networks An Identity Community where Banks issue identity credentials usable in more than 100 countries The scheme runs an identity validation network that is scalable, self-routing, real-time and highly secure The scheme provides tools to embed identity into existing applications To do this, the Scheme provides Operating Rules for Common global standards (using established open standards) A global and scalable network, not dependent on multiple bi-lateral contracts An application framework which is open to all Application providers The effect of this is that the end user whether that is a Government employee, a company employee, or an individual citizen in their personal capacity can present that identity electronically within an overall framework where roles, liabilities and consequences are understood Copyright 2014 IdenTrust, Inc. All Rights Reserved. 16
Company History Formed in 1998, IdenTrust is a Bank-Built, Full-Service Identity Solutions Provider Built by banks, for bank, regulator-grade the identity gold standard Global interoperable identity scheme (Trust Network) User-level non-repudiation, legally enforceable Regulator-grade identity vetting Single identity, multiple uses, any form-factor (hardware or software based identities) - Member banks issue identity credentials usable in more than 172 countries Proven record of delivering bank-grade strong authentication (Trust Gate) Used across 6+ billion transactions annually No data or infrastructure compromise in the ten years of platform operation Multiple fulfilment options Proven supplier of outsourced PKI hosting services with a compelling and proven ROI (Trust Infrastructure) Support services based on multiple identity schemes (banking, government, industry and corporate) Used by many of the world s leading financial institutions and multinational corporations 3 million+ certificates issued across all policies Copyright 2014 IdenTrust, Inc. All Rights Reserved. 17
The Network is highly scaleable Subscribing Customer Relying Customer Issuing Participant e.g. RBS Relying Participant e.g. Standard Chartered IdenTrust Root CA Copyright 2014 IdenTrust, Inc. All Rights Reserved. 18
Bank-issued Trust Network identities fulfill 4 capabilities 1. Access Only - Support better Single Sign-on, with improved controls - Establish two-factor compliance for regulatory purposes - Limit capability to access; no identity, encryption, or electronic signature 2. Authentication - Provide Access control and add use of Digital Signatures to prove identity and deliver non-repudiation - Reduce online fraud - Provide audit and compliance tracking 3. Encryption - Safeguard content and eliminate pharming - Encrypt data while in transit and at rest including supporting format preserving encryption (FPE) - Ensure document and data integrity for electronic documents and forms 4. Electronic Signatures - Replace wet ink signatures - Provide legally-binding user-level signatures - Enable reengineered electronic processes including STP Copyright 2014 IdenTrust, Inc. All Rights Reserved. 19
Communities: Localisation Layering of business and application rules on top of Trust to minimize duplication and extend reach as broadly as possible Customer Services Layer 3 3 Individual members deliver competing applications to their customers Layer 2 Rules Service 2 Layer 2 2 Local Communities agree standards and business rules for use of agreed common application. These services operate on top of IdenTrust trust infrastructure Layer 1 PLOT Service 1 Layer 1 1 IdenTrust provides core global IdenTrust Trust Network foundation FI Community Copyright 2014 IdenTrust, Inc. All Rights Reserved. 20
Need to support multiple types of solutions, for both the financial and the physical supply chain Financial Services Applications Single Sign On Anti-phishing and anti-pharming Bank Mandate management ACH Payments/SEPA implementations Corporate Purchasing International Trade Letters of Credit Statement Delivery Electronic Doc Delivery/Exchange Payment Instructions SarbOx etc compliance Mortgage and Leasing Processing Corporate Applications Online Auction Markets Electronic Content Delivery Insurance Sales and Contracts Government Filings, Procurement Tax Submissions Verticals Pharma, Energy, Defence Financial Gateway evaulting Access Control Cash Management Services Invoicing/Purchase Order Exchanges Each of these applications can be streamlined and improved through the use of trusted Identities Copyright 2014 IdenTrust, Inc. All Rights Reserved. 21