SlideShare a Scribd company logo

An Introduction to Identity Proofing Concepts

Anil John
Anil John

This document discusses identity proofing and verification. It defines key identity concepts like establishment, resolution, validation and verification. It explains that verified identity is needed to deliver high-value digital services and discusses challenges like confusing terminology and siloed identity systems. The document also reviews standards like NIST SP 800-63-2 and considers how to take a minimal and contextual approach to identity attributes disclosure.

Technology
1 of 36
aniljohn.com Who Are You, Really? An Introduction to Identity Proofing
The Identity Spectrum http://www.identitywoman.net/the-identity-spectrum 2 Who Are You? Anonymous Pseudonymous Self-asserted Socially Validated Verified
Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements 3 ● Who are you? ● What are you? ● What are you entitled to? ● ...
Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements Who are you? Are you eligible for a government benefit? Benefits fraud Longer processing time Redundant processes Identity Risk Issues Public Sector Who are you? How will you pay? Financial fraud Money laundering Higher transaction fees Identity Risk Issues Financial Sector Who are you? What is your medical history? Prescription fraud Patient privacy Record integrity Identity Risk Issues Healthcare Sector … but the consequences of identity risk issues are felt by everyone 4 Today, verified identities are managed in “cylinders of excellence” a.k.a silos ...
Identity, security and privacy architects are critical to successful digital service delivery 5
Confusing terms and practices threaten the promise of digital service delivery 6 Credentialing Vetting KBA Claimant Verifier Provisioning
Keep the focus on uniquely identifying the person at the other end of the wire and not on marketing terminology 7
Articulate digital identification requirements in a technology and vendor-neutral manner 8 Who Are You, Really?
9 Identity: A set of attributes that uniquely describe an individual within a given context Who are you, really?
10 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment
11 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment Creation of a new identity, in an authoritative source, where none have existed previously
Creation of a new identity in an authoritative source where none have existed before 12
Establishment = Initial creation in system of record 13 ● Initial record of existence ● Very few entities are responsible for this record ● Typically in public sector
Establishment = Initial jurisdictional encounter 14 ● First encounter by a jurisdiction ○ Immigration ○ Visitor ● Few responsible entities ● Typically in public sector
15 Identity: A set of attributes that uniquely describe an individual within a given context Validation Resolution Establishment Confirmation that an identity has been resolved to a unique individual within a particular context Verification
NASPO IDPV Project Identity resolution study results Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 2 17 Level 2 Record Checks - 1 Government Record OR - 1 Financial or Utility Record Full Legal Name Date of Birth
NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 3 18 Level 3 Record Checks - 1 Government Record AND - 1 Financial or Utility Record Full Legal Name Date of Birth
NASPO IDPV Project Overlap with NIST identity proofing requirements Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
Requirements of selected non-US jurisdictions - enabling interoperability 20 Canada ● Name ● Date of Birth ● Gender ● Place of Birth ● ... New Zealand ● Name ● Date of Birth ● Gender ● Place of Birth ● UK ● Name ● Date of Birth ● Gender ● ● Address
Disclosure of personal information MUST be minimal, contextual and fit for purpose. Otherwise ... 21
22 Identity Resolution Minimal Data Collection Identity Attributes ● Full Legal Name ● Date of Birth
23 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […]
24 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria Personal Attributes ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […] ● [Contextual] ● [Authority] ● [Entitlement] ● [Business Process]
25 Identity: A set of attributes that uniquely describe an individual within a given context Resolution Establishment Confirmation of the accuracy of the identity as established by an authoritative source Verification Validation
Authoritative Source Validation Confirm with identity establishment sources? 26 Authoritative Source (Government Record) Authoritative Source (Utility Record) Authoritative Source (Financial Record) Validation Request
Non-Authoritative Source Validation Sniffing the transaction exhaust? 27 Transaction Data Secondary Data ... Validation Request Vendor IP Proprietary Algorithms
No Easy Answers (especially in the US) Due diligence needed by implementers 28 ● What authoritative sources do you have access to? ● Direct or downstream access? ○ Data refresh interval? ○ Data quality? ● Scoring algorithm information? ● ...
29 Identity: A set of attributes that uniquely describe an individual within a given context Establishment Confirmation that the identity relates to a specific individual Verification Validation Resolution
Knowledge based verification is the current state of practice. Answers private, not secret 30 Can you use internal data to generate the questions?
Social media mining and data breaches make knowledge based verification less effective 31
Verification is an area ripe for innovation and disruption 32 ● Live video? ● Blended online + in-person? ● Digital notaries? ● Biometrics? ● ...
Identification is in the critical path of successful digital service delivery 33
Articulate digital identification requirements in a technology and vendor-neutral manner 34 Who Are You, Really?
35 Map vendor-neutral concepts to services and products that you can leverage, evaluate, build or buy Verification Validation Resolution Establishment
36 Use Identity Proofing to Deliver Effective Digital Services Resolve. Validate. Verify.

Recommended

Th hudood ordinance by aziz baloch
Th hudood ordinance by aziz balochTh hudood ordinance by aziz baloch
Th hudood ordinance by aziz balochAziz Baloch
 
Defining asymmetric warfare
Defining asymmetric warfareDefining asymmetric warfare
Defining asymmetric warfareLex Pit
 
11.terrorism and role of media
11.terrorism and role of media11.terrorism and role of media
11.terrorism and role of mediaAlexander Decker
 
Concept of fundamental rights
Concept of fundamental rightsConcept of fundamental rights
Concept of fundamental rightsWajid Ali Kharal
 
Pakistan – the problems and solutions regarding terrorism and 4thGW
Pakistan – the problems and solutions regarding terrorism and 4thGWPakistan – the problems and solutions regarding terrorism and 4thGW
Pakistan – the problems and solutions regarding terrorism and 4thGWZaid Hamid
 
Pocso
PocsoPocso
PocsoShubhangi Baranwal
 
Immigrants and refugees
Immigrants and refugeesImmigrants and refugees
Immigrants and refugeesMaePromseemai1
 
The Recognition of State of Belligerency.
The Recognition of State of Belligerency.The Recognition of State of Belligerency.
The Recognition of State of Belligerency.Political Gossiper Inc.
 

Recommended

Th hudood ordinance by aziz baloch
Th hudood ordinance by aziz balochTh hudood ordinance by aziz baloch
Th hudood ordinance by aziz balochAziz Baloch
 
Defining asymmetric warfare
Defining asymmetric warfareDefining asymmetric warfare
Defining asymmetric warfareLex Pit
 
11.terrorism and role of media
11.terrorism and role of media11.terrorism and role of media
11.terrorism and role of mediaAlexander Decker
 
Concept of fundamental rights
Concept of fundamental rightsConcept of fundamental rights
Concept of fundamental rightsWajid Ali Kharal
 
Pakistan – the problems and solutions regarding terrorism and 4thGW
Pakistan – the problems and solutions regarding terrorism and 4thGWPakistan – the problems and solutions regarding terrorism and 4thGW
Pakistan – the problems and solutions regarding terrorism and 4thGWZaid Hamid
 
Pocso
PocsoPocso
PocsoShubhangi Baranwal
 
Immigrants and refugees
Immigrants and refugeesImmigrants and refugees
Immigrants and refugeesMaePromseemai1
 
The Recognition of State of Belligerency.
The Recognition of State of Belligerency.The Recognition of State of Belligerency.
The Recognition of State of Belligerency.Political Gossiper Inc.
 
Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 ComplianceDenodo
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013Anil John
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Background check misconceptions 5 12 15
Background check misconceptions 5 12 15Background check misconceptions 5 12 15
Background check misconceptions 5 12 15wbrownsureid
 
Managing privacy
Managing privacyManaging privacy
Managing privacyJuan Carlos Carrillo
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationdkmarshall
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationabethune
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015StampedeCon
 
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen SmithGetting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen Smithdonnae2763
 
Getting Cleared for "Launch"
Getting Cleared for "Launch" Getting Cleared for "Launch"
Getting Cleared for "Launch" ClearedJobs.Net
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and complianceYves LaMarre
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Sophie Taylor
 
Trust and inclusion
Trust and inclusionTrust and inclusion
Trust and inclusionNoreen Whysel
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationmarybethwrenn
 
Group Presentation
Group PresentationGroup Presentation
Group PresentationWrennEvents
 
TriCor Employment Screening
TriCor Employment ScreeningTriCor Employment Screening
TriCor Employment ScreeningTriCorEmploymentScreening
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

More Related Content

Similar to An Introduction to Identity Proofing Concepts

Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 ComplianceDenodo
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013Anil John
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Background check misconceptions 5 12 15
Background check misconceptions 5 12 15Background check misconceptions 5 12 15
Background check misconceptions 5 12 15wbrownsureid
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationdkmarshall
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationabethune
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015StampedeCon
 
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen SmithGetting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen Smithdonnae2763
 
Getting Cleared for "Launch"
Getting Cleared for "Launch" Getting Cleared for "Launch"
Getting Cleared for "Launch" ClearedJobs.Net
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and complianceYves LaMarre
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Sophie Taylor
 
Group Presentation
Group PresentationGroup Presentation
Group PresentationWrennEvents
 

Similar to An Introduction to Identity Proofing Concepts (20)

Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 Compliance
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accurately
 
Background check misconceptions 5 12 15
Background check misconceptions 5 12 15Background check misconceptions 5 12 15
Background check misconceptions 5 12 15
 
Managing privacy
Managing privacyManaging privacy
Managing privacy
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity Theft
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
 
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen SmithGetting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
 
Getting Cleared for "Launch"
Getting Cleared for "Launch" Getting Cleared for "Launch"
Getting Cleared for "Launch"
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and compliance
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015
 
Trust and inclusion
Trust and inclusionTrust and inclusion
Trust and inclusion
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
TriCor Employment Screening
TriCor Employment ScreeningTriCor Employment Screening
TriCor Employment Screening
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

An Introduction to Identity Proofing Concepts

  • 1. aniljohn.com Who Are You, Really? An Introduction to Identity Proofing
  • 2. The Identity Spectrum http://www.identitywoman.net/the-identity-spectrum 2 Who Are You? Anonymous Pseudonymous Self-asserted Socially Validated Verified
  • 3. Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements 3 ● Who are you? ● What are you? ● What are you entitled to? ● ...
  • 4. Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements Who are you? Are you eligible for a government benefit? Benefits fraud Longer processing time Redundant processes Identity Risk Issues Public Sector Who are you? How will you pay? Financial fraud Money laundering Higher transaction fees Identity Risk Issues Financial Sector Who are you? What is your medical history? Prescription fraud Patient privacy Record integrity Identity Risk Issues Healthcare Sector … but the consequences of identity risk issues are felt by everyone 4 Today, verified identities are managed in “cylinders of excellence” a.k.a silos ...
  • 5. Identity, security and privacy architects are critical to successful digital service delivery 5
  • 6. Confusing terms and practices threaten the promise of digital service delivery 6 Credentialing Vetting KBA Claimant Verifier Provisioning
  • 7. Keep the focus on uniquely identifying the person at the other end of the wire and not on marketing terminology 7
  • 8. Articulate digital identification requirements in a technology and vendor-neutral manner 8 Who Are You, Really?
  • 9. 9 Identity: A set of attributes that uniquely describe an individual within a given context Who are you, really?
  • 10. 10 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment
  • 11. 11 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment Creation of a new identity, in an authoritative source, where none have existed previously
  • 12. Creation of a new identity in an authoritative source where none have existed before 12
  • 13. Establishment = Initial creation in system of record 13 ● Initial record of existence ● Very few entities are responsible for this record ● Typically in public sector
  • 14. Establishment = Initial jurisdictional encounter 14 ● First encounter by a jurisdiction ○ Immigration ○ Visitor ● Few responsible entities ● Typically in public sector
  • 15. 15 Identity: A set of attributes that uniquely describe an individual within a given context Validation Resolution Establishment Confirmation that an identity has been resolved to a unique individual within a particular context Verification
  • 16. NASPO IDPV Project Identity resolution study results Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
  • 17. NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 2 17 Level 2 Record Checks - 1 Government Record OR - 1 Financial or Utility Record Full Legal Name Date of Birth
  • 18. NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 3 18 Level 3 Record Checks - 1 Government Record AND - 1 Financial or Utility Record Full Legal Name Date of Birth
  • 19. NASPO IDPV Project Overlap with NIST identity proofing requirements Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
  • 20. Requirements of selected non-US jurisdictions - enabling interoperability 20 Canada ● Name ● Date of Birth ● Gender ● Place of Birth ● ... New Zealand ● Name ● Date of Birth ● Gender ● Place of Birth ● UK ● Name ● Date of Birth ● Gender ● ● Address
  • 21. Disclosure of personal information MUST be minimal, contextual and fit for purpose. Otherwise ... 21
  • 22. 22 Identity Resolution Minimal Data Collection Identity Attributes ● Full Legal Name ● Date of Birth
  • 23. 23 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […]
  • 24. 24 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria Personal Attributes ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […] ● [Contextual] ● [Authority] ● [Entitlement] ● [Business Process]
  • 25. 25 Identity: A set of attributes that uniquely describe an individual within a given context Resolution Establishment Confirmation of the accuracy of the identity as established by an authoritative source Verification Validation
  • 26. Authoritative Source Validation Confirm with identity establishment sources? 26 Authoritative Source (Government Record) Authoritative Source (Utility Record) Authoritative Source (Financial Record) Validation Request
  • 27. Non-Authoritative Source Validation Sniffing the transaction exhaust? 27 Transaction Data Secondary Data ... Validation Request Vendor IP Proprietary Algorithms
  • 28. No Easy Answers (especially in the US) Due diligence needed by implementers 28 ● What authoritative sources do you have access to? ● Direct or downstream access? ○ Data refresh interval? ○ Data quality? ● Scoring algorithm information? ● ...
  • 29. 29 Identity: A set of attributes that uniquely describe an individual within a given context Establishment Confirmation that the identity relates to a specific individual Verification Validation Resolution
  • 30. Knowledge based verification is the current state of practice. Answers private, not secret 30 Can you use internal data to generate the questions?
  • 31. Social media mining and data breaches make knowledge based verification less effective 31
  • 32. Verification is an area ripe for innovation and disruption 32 ● Live video? ● Blended online + in-person? ● Digital notaries? ● Biometrics? ● ...
  • 33. Identification is in the critical path of successful digital service delivery 33
  • 34. Articulate digital identification requirements in a technology and vendor-neutral manner 34 Who Are You, Really?
  • 35. 35 Map vendor-neutral concepts to services and products that you can leverage, evaluate, build or buy Verification Validation Resolution Establishment
  • 36. 36 Use Identity Proofing to Deliver Effective Digital Services Resolve. Validate. Verify.