View
36
Download
1
Category
Tags:
Preview:
DESCRIPTION
Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community . Keith Ward TSCP Inc. President & CEO May 14, 2014. What is TSCP?. - PowerPoint PPT Presentation
Citation preview
Cartes America - Secure ID: Fraud and ID Management Part
1 Track
Personal Identity Verification (PIV) Case Study within the
TSCP Community
Keith WardTSCP Inc.President & CEOMay 14, 2014
What is TSCP?
• Government-Industry Partnership is focused on mitigating the risks, complexity, cost of IT inherent in large-scale, collaborative programs that span national jurisdictions. TSCP provides:
• Influence to drive a common approach and specifications • Efficiency of working together on a common problem• Lower costs of development and implementation –
leverage common solutions• Requirements, architecture, prototypes, deployed
capabilities.
• TSCP member companies have invested over $400M into internal federated systems using TSCP’s common operating rules and specifications.
• TSCP is the Transglobal Secure Collaboration Program was established 2002, TSCP is a non-profit 501(C)(6) technical association.
Common Framework for Federated Collaboration Key focus is on providing the mechanism and governance for:
• Trust. Member companies’ and governments’ users digital identities can be trusted by others.
• Identity Assurance. Trusted authority assures that its users with cross-certified-enabled digital identities are who they say they are.
• Interoperability through Federation. Member companies and credentials are interoperable across the industry and government.
PAGE 2 | TSCP
What Does TSCP Do?
* Where relevant, TSCP specifications comply with FICAM/PIV-I specifications and guidelines.
SPECIFICATIONS DEVELOPMENT.* Develops common specifications for secure collaboration solutions across the TSCP membership that align to government requirements. The specifications fall into these categories:
• Secure information exchange• Identity credentials/digital identities and attributes• Federated identity• Information assurance• Data labeling and protection
VALIDATION THROUGH REFERENCE LAB. Before TSCP publishes its specifications, the capability is in production with two or more members.
GOVERNANCE. Establishes policy and governance for TSCP Solutions.• Interoperable Identity Federation Trust Framework• Common Operating Rules• Legal Framework & Allocation of Liabilities• Accreditation & Trustmark
FEDERATED HUB. Hosts a Federated Hub for TSCP Membership that enables secure collaboration between TSCP membership and government customers.
PAGE 3 | TSCP
PIV-I Smart CardIllustrative Banking Smart Card
Same Smart Card Technology – Different Applications
Secure chip stores payment information
Chip card authentication prevents counterfeiting
Adds cardholder verification methods
Offers online or offline authorization
Secure chip stores strong Identity information .e.g. in-person vetting, biometricsPKI certificates and 3DES encryption prevents cyber threats
Adds cardholder verification methodspin and chip and Biometrics verificationOffers logical and physical as well as online and offline authorization
PAGE 4 | TSCP
TSCP Trust Framework: Bank Card Analogy
Bank(s) TSCP Member IdP(s)
Retailer Acquirers Agency Relying Parties
Issue Visa credit cards to customers.
Issue identities/ credentials to users
Customers present Visa cards for
payment. Retailers transmit payment
requests to the bank/card issuer
through Visa.
Users present member credentials to agency applications; RPs transmit authentication requests to IdPs through TSCP.
Routes authentication requests and responses between RPs and IdPs.
Routes payment requests and
responses between banks
and retailers. Visa conducts
settlement..
GOVERNANCE: Establishes and
enforces standards, specifications and operating rules.
UK MOD
Federal PKI Bridge
Direct Bilateral Trust
PAGE 5 | TSCP
TSCP Trust Framework and Specifications
TSCP Trust Framework TSCP Trustmark
AUTHORIZATION AUTHENTICATION MESSAGE SECURITY
Secure Messaging Networking Layer
Federated Authentication Service
Secure E-Mail/ Messaging (Hosted)
Secure Messaging Communications Layer
Secure Messaging Applications/Services Layer
Identity Provider Services
Secure Document Management/ Archiving
Secure/Anonymous Shipping
Secure Online Payment Interface
Secure Mail & Package Tracking
Secure Address Validation
Secure G2C, B2B Communications
TSCP Federation Framework & Specifications & Hub
TSCP Secure E-Mail Specification TSCP Attribute Management/Data Labeling Specification
TSCP Secure E-Mail Specification TSCP PIV-I Specification
Illustrative Secure Messaging Platform
TSCP Trust Framework, Common Operating Rules & Governance Documents PAGE 6 | TSCP
Remote & Desktop
Login
Credential & Rights
Management
NetworkControls
BuildingAccess
Corporate AccessCard User
Local or Remote
User
Host-Based Intrusion
Protection Systems
Strong Authentication – PIV-I Credentials
Credential Management
– Centralized Public Key
Infrastructure
Global A&D Supply Chain
Comm
ercial Industry Base
User and Privilege
Management – Automated
Provisioning
Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets
Data Monitoring &
Protection Systems
• Access Control• Identity Management• Provisioning• Identity Repositories
• Transformed Business Processes
• Responsibility Changes
idAM
People Process
Technology
• Permissions Model
• Organizational Changes
• Training
• Compliance Monitoring• Identity
Management
• Permissions Management
• Resource Management
Internet / Intranet
Web Portals
Live Link
Directory Services
SharePoint / Site Minder
SAP / People Soft
Email Services
IDAM
APPLICATIONS
18
Use Case 1:Multi-Layer Security across the enterprise
PAGE 7 | TSCPTSCP Common Operating Rules
Use Case 2:PIV-I into Adjacent Markets: Financial & Retail SectorsPAGE 8 | TSCP
Use Case 2:PIV-I into Adjacent Markets: Financial & Retail Sectors
PAGE 9 | TSCP
B2GB2BC2B
Use Case 3: PIV-I into adjacent markets: Business Continuity Information Sharing Initiative
• Private Sector Information is Sensitive and needs to be Secured• Media can miss-interpret fleet
movement and cause public concern • Gangs track fleet movement and can
steel copper/supplies from hotel lots where fleets park over night
• Others can intervene and cause un-needed delays and/or commandeer fleets as in Katrina
• Need to share PS Fleet Data & Info w/State EMs, DOTs, Police, other agencies at regional/national levels
• Need info from Government to make operational decision to expedite power restoration efforts at regional level
• Ultimate solution must:• Be trusted, proven and simple • Allow state/local government agencies
to participate• Standards based, scalable in size,
adaptable to each organization• Must use Trusted Credentials• Must have a Trust Framework Model
for all entities to legally participate• Must have strong security controlsPAGE 10 | TSCP
Data Providers Data Consumers
Use Case 3:TSCP Trust Framework PIV-I Information Sharing
PIV-I Information Sharing
Exchange Cloud Environment
EOC
Identity Claims Providers
CommercialIdentity Providers
State GovernmentIdentity Providers
TSCP Trust Framework
PIV-I Data Access
Controls
PIV-IGIS Layer
Access
PIV-I PIV-I
PAGE 11 | TSCP
ILHDSIF
ILHDSIF
PIV-I Smart CardBanking Smart Card
Next Steps – Bridge the Gap!
PAGE 12 | TSCP
The higher-level credentials represent over ~40M usersTSCP is looking for applications, technologies and solutions to
Bridge the Gap!
TSCP Fall Collaboration WorkshopJoin the
International Leaders
in Secure Collaboration
We're proud to announce an expanded multi-track conference program for this year's Trusted Cyber Collaboration Workshop. We'll be covering every aspect of secure information sharing and the speaker schedule, including over 50 expert presenters, is coming together now. Take a look at the seven tracks below. More information is forthcoming, but we’re offering an Early Bird discount rate for those who respond by June. Get up to $280 off a 3-Day pass. Register online--it only takes 2 minutes. There's no risk--you can cancel anytime before Sep. 5 for a 100% refund.
Conference Tracks—Thursday, September 25
Federated Information Sharing: Identity federation is the foundation of secure collaboration--
where the rubber meets the road. In this track you'll survey a wide range of real-world implementations between governments, industry and the public.
Cybersecurity: Organizations continue to redefine the components of cyber security, in response to evolving threats. Detection and monitoring have
improved, while one foundational element has remained critical: The need for trusted identities for secure authentication and authorization, particularly through the federation model. We’ll look at the latest policies, innovations and implementations of trusted identities.
Mobile and Derived Credentials: Mobile and derived credentials create new opportunities for
collaboration and new challenges for secure information sharing. These sessions will include case studies and best practices that will help you to securely make the move to mobile environments, such as smart phones and tablets.
Government-Private Partnership Exercises: In an emergency
situation, secure access and identity management enables faster power and supply chain restoration efforts. This track will present specific efforts toward enhanced business continuity and results from "Integrated Planning" programs between critical infrastructure owners and operators along with state, local, and federal governments.
Conference Tracks—Friday, September 26
Securing the Supply Chain: New DFARS provisions impose security requirements for Unclassified
Controlled Technical Information. Improved identity and access management can help address these requirements, and secure the supply chain. We’ll review progress on the FAR final rule. This will be an indispensable overview for contractors and suppliers operating
Cornerstone of Cybersecurity: Secure, cost-effective identity and access management requires a strategic look at identity
assurance and personal attributes, and their role in cybersecurity. We’ll explore the business model that maximizes efficiencies and competition, and how to supply the amount of information that is “just right” to support the decision at hand. These sessions, presented by leading experts, will focus on the key issues of liability, privacy
Trans-Global Partnerships: Global collaboration requires automated, standards-based security
infrastructures that apply controls consistently to shared data across organizations, governments, and continents. See how highly successful organizations manage these partnerships efficiently and comply with data security requirements around intellectual
TSCP Appreciation Reception & Dinner: Relax and network with
colleagues at the Udvar Center Air and Space Museum. Pre-Workshop Day-Long Focused Seminars: Arrive a day before the TSCP Workshops for a dedicated, focused seminar. Complete details will be posted soon.
For more information please visit www.tscp.org
PAGE 13 | TSCP
PAGE 14 | TSCP14 CONFIDENTIAL
Questions?TSCP Inc.Keith Ward8000 Towers Crescent Drive, Suite 1350Vienna, VA 22182Phone: (703) 760-7898Email: keith.ward@tscp.orgWeb: www.tscp.org
Recommended