Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Similar documents
FiXs - Federated and Secure Identity Management in Operation

Strategies for the Implementation of PIV I Secure Identity Credentials

Helping Meet the OMB Directive

DoD & FiXs : Identity Superiority

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

TWIC Transportation Worker Identification Credential. Overview

Version 3.4 December 01,

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Interagency Advisory Board Meeting Agenda, April 27, 2011

DATA SHEET. ez/piv CARD KEY FEATURES:

Secure Government Computing Initiatives & SecureZIP

TWIC / CAC Wiegand 58 bit format

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

IMPLEMENTING AN HSPD-12 SOLUTION

Single Secure Credential to Access Facilities and IT Resources

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Federated Access. Identity & Privacy Protection

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

Leveraging HSPD-12 to Meet E-authentication E

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

Credentialing Project Technical Architecture

INFORMATION ASSURANCE DIRECTORATE

No More Excuses: Feds Need to Lead with Strong Authentication!

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

University of Sunderland Business Assurance PCI Security Policy

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

Table of Contents. PCI Information Security Policy

000027

State of the Industry and Councils Reports. Access Control Council

What Why Value Methods

Keith Ward Northrop Grumman IT Smart Card Security Solutions June 04, 2002

TWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011

NIST Special Publication

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Securing Americans Identities: The Future of the Social Security Number

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

PPR TOKENS SALE PRIVACY POLICY. Last updated:

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

CERTIFICATE POLICY CIGNA PKI Certificates

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

Smart Cards & Credentialing in the Federal Government

Appendix 12 Risk Assessment Plan

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Federated Authentication for E-Infrastructures

PIV-Interoperable Credential Case Studies

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

Using PIV Technology Outside the US Government

Identity and Access Management. Michael Sheketoff Senior Solutions Architect, Unisys Corp.

SAC PA Security Frameworks - FISMA and NIST

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

TWIC Program Overview for the Smart Cards in Government Conference March 10, 2004

Interagency Advisory Board Meeting Agenda, February 2, 2009

Massachusetts Health Data Consortium CAQH CORE - NEHEN - VeriSign/Symantec Pilot. September 2010

Appendix 12 Risk Assessment Plan

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Cybersecurity Risk Management

Driving Global Resilience

Greater Toronto Area

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Information Systems Security Requirements for Federal GIS Initiatives

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

NETWORX PROGRAM INDIVIDUAL SMALL BUSINESS SUBCONTRACTING PLAN IDIQ TASK ORDER BASED

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda

Certification Authority

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

Physical Access End-to-End Security

Executive Order 13556

PKI and FICAM Overview and Outlook

NYDFS Cybersecurity Regulations

Mobile Payment Security

Using the Prototype TWIC for Access A System Integrator Perspective

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

SUBJECT: PRESTO operating agreement renewal update. Committee of the Whole. Transit Department. Recommendation: Purpose: Page 1 of Report TR-01-17

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

FISMAand the Risk Management Framework

Federated authentication for e-infrastructures

Trust Services for Electronic Transactions

American Association for Laboratory Accreditation

Paul A. Karger

Challenges and Opportunities in Cyber Physical System Research

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

PIPELINE SECURITY An Overview of TSA Programs

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012

Statement for the Record

Transcription:

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions? Jack Radzikowski,, Northrop Grumman & FiXs Smart Card Alliance Annual Meeting La Jolla, California October 5, 2006

AGENDA: ANSWERING THE QUESTION FROM AN INVESTOR S S PERSPECTIVE Precedent: Brief History of Securities, Financial and Identity Federations Drivers: Immediate Market Drivers Toward Federation Markets: Hubs of Work Activity: Size of Now Related Identity Markets Federation Defined: Attributes of a Federated Identity Business: FiXs Risk: Investment Risk Perspective on Federated Identity and Smart Cards

KEY ELEMENTS OF FINANCIAL TRANSACTION- BASED ASSOCIATIONS Federated Structure Warranted Users Certified End Points Central Switch Syndicated Investment Syndicated Risk Governed by Members All Tied Together by Multi-Party Contracts, known as: Operating Rules Business Process 1 st Technology 2nd

HISTORY OF IDENTITY-RELATED FEDERATIONS Federation New York Stock Exchange VISA & Master Card SWIFT 1976 Quest 1995 Approximate Dates Events 1957, 1968, 1972 Securities Automation Study, Paperwork Crisis, Automation Corp. Established 1966 Multiple Banks Agree to Exchange Retail Financial Transactions 1976 Wholesale Transactions Automated Internationally 1995 Welfare Card Federation Creates Market Push for Debit Deployment DCCIS 2003 DoD FiXs 2005 DoD Pilots Cross Credentialing ID Authentication Network 2005 Commercial, ID Authentication Network Established for DCCIS and HSPD 12 Support

OPERATING RULES REFLECT VARIANCE WITH FINANCIAL SERVICES MODEL ISSUER ISSUER Financial Services Model: Purpose Primary: Validate Funds Availability Secondary: Validate Card Link card to owner through weak authentication (PIN) ACCOUNT-FOCUSED ACQUIRER/ ACQUIRER/ RELYING RELYING PARTY PARTY SWITCH/ SWITCH/ TRUST TRUST BROKER BROKER Identity Management Model: Purpose Primary: Authenticate Identity Secondary: Verify Claimed Identity Link credential to identity through strong authentication (biometric) IDENTITY-FOCUSED

DRIVERS: FEDERAL ACQUSITION REGULATIONS 4.1301 Contract clause. The contracting officer shall insert the clause at 52.204-9, Personal Identity Verification of Contractor Personnel, in solicitations and contracts when contract performance requires contractors to have physical access to a federally controlled facility or access to a Federal information system. 52.204-9 9 Personal Identity Verification of Contractor Personnel. (a) The Contractor shall comply with agency personal identity verification procedures identified in the contract that implement Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and Budget (OMB) guidance M-05-24, and Federal Information Processing Standards Publication (FIPS PUB) Number 201. (b) The Contractor shall insert this clause in all subcontracts when the subcontractor is required to have physical access to a federally-controlled facility or access to a Federal information system.

DRIVERS: HOW TO RESPOND TO THE FAR? Choices: Equipment Bundles - Enrollment station(s) - Authentication stations - Domain servers Closed Managed Service - Full - Partial - Enrollment Service Only Federated Managed Service or

HUBS OF WORK ACTIVITY: SIZE OF NOW RELATED MARKETS 20 15 10 Size in Millions 5 0 DoD Civil Vendors Port TWIC Transport 1 st & 2 nd Responders

IDENTITY FEDERATION DEFINED: FiXS BUSINESS STRUCTURE CREDENTIAL ISSUER Credential Issuer System Credential Issuer Company FiXs Governance Council Relying Party Company Authentication Requests Governance Council Membership Management By-Laws/Charter Member Agreements Operating Rules Association Governance Certification & Accreditation Strategic & Business Plan FiXs Operating Entity System Operations System Architecture Technical Specifications Authentication Transaction Processing Operating Entity FiXs Network System Authentication Responses Relying Party System RELYING PARTY

IDENTITY FEDERATION DEFINED: OPERATING RULES STRUCTURE Operating Rules establish the rules of engagement for participation in the FiXs system. The Rules are updated regularly to reflect innovations in technology, changes in regulations, and general needs and requirements of the membership. The general topics covered by the Operating Rules are: Credential Issuers Requirements Relying Party Requirements FiXs Trust Broker Operator Responsibilities Monitoring & Performance Requirements Security Requirements Liabilities & Recourse Privacy Requirements Governance & Business Requirements

IDENTITY FEDERATION: DCCIS & FiXs Member MemberCompanies Companies DoD FiXs Association Association DoD/DMDC DoD/DMDC Users: DoD employees with CAC cards. DCCIS Network DoD/DMDC DoD/DMDC Issuance Issuance System System DoD DoD Facilities Facilities&& Networks Networks FiXs Network Member Member Issuers Issuers Users: Member company employees w/ their badges. Member Member Relying Relying Parties Parties

IDENTITY FEDERATION TRANSACTION Federated Identity Management Identification & authentication of populations across organizational domains FIXS FIXS AUTHENTICATION AUTHENTICATION STATION STATION FIXS FIXS NETWORK NETWORK FIXS FIXS DOMAIN DOMAIN SERVER SERVER 1 FiXs Member presents 2 Identifier is routed 3 Member Company s card or ID number (Identifier) at Authentication Station through FiXs Network to FiXs Domain Server FiXs Domain Server matches Identifier to Member s Authentication Record 6 Member authenticates with Biometric. Security guard checks Photo and Demographic Data 5 FiXs sends Authentication Record to FiXs Authentication Station 4 FiXs Domain Server sends Authentication Record (Photo, Demographic Data, Biometric) to FiXs Network

FiXs and CARDS CURRENT FIXS AUTHENTICATION ID Number + Photo + Biometrics HSPD-12 FIXS AUTHENTICATION ID Number+Photo+Biometric+Smart Chip 123456 Company Name + Employee Number OR OR No Card OR Exp Date: 3/30/04 Company Card Company HSPD-12 Aligned Card OR FiXs HSPD-12 Aligned Card Physical Access Physical Access & Logical Access

RISK: WILL FEDERATION ACCELERATE THE ADOPTION OF SMARD CARD IDENTITY SOLUTIONS? Precedent: The Federated Business Model Has a Long and Successful History in Securities and Financial Services and Has Been Adopted by the DoD Drivers: HSPD 12. FAR, TWIC, Drive Smart Card Adoption Markets: Inter-Related Markets Drive Cross Credentialing Federation Defined: Operating Rules Define Risks, Federation Syndicates Liability and Investment Risk: All of the Above, Taken Together, Describe An Organized and Timed Market for Federation of Smart Card Based ID Authentication

QUESTIONS? For More Information Jack.Radzikowski@ngc.com FiXs.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback