Peter Watkins

Download Peter Watkins

Post on 17-Aug-2015

51 views

Category:

Leadership & Management

0 download

Embed Size (px)

TRANSCRIPT

<ol><li> 1. Government of British Columbia Identity Information Management SCENARIOS FOR THE FUTURE OF THE CANADIAN PAYMENTS SYSTEM NOVEMBER 3, 2010 </li><li> 2. 2 Dilemma For Online Opportunity For Fraud / Abuse First Name Last Name Address CreditCard# $12.00 Book ? </li><li> 3. 3 Dilemma For Online First Name Last Name Address CreditCard# $12.00 Book ? </li><li> 4. 4 Dilemma For Online First Name Last Name Address CreditCard# $12.00 Book ? Financial sector has been trail blazer for government in relation to online services. The pain vs. gain equation. Threat model is an industry unto itself. $7000.00 credit limit $5000.00 account balance </li><li> 5. 5 Government Cards at Counters Why do most really important government services need to happen in-person? Because the FIRST thing that happens is we ask you for your ID. We need to know who you are. Citizens prove their ID with cards that we (Government) issue to them. Government documents do not work online Paper processes only Downloading a PDF form to fill out does not count as online Despite this it is Government that runs some of the best ID verification and registration processes (birth, death, driving) </li><li> 6. 6 Banks Know About Government And Identity Information . Source: Access to Basic Banking Services Regulations (SOR/2003-184) </li><li> 7. 7 Government Analogues for Online Banking and Commerce Blood test in morning View results in evening Change your kids school and courses online Renew your autoplan online and confirm no outstanding fines or fees are due Schedule doctor visit online without phone call or email View your kids report card on-line Online income assistance, injured worker, courts filing... How can Government make the move to online when identity information is land-locked by paper documents? </li><li> 8. 8 Dilemma For Online Government Not Appropriate First Name Last Name Address Personal Health # Lab Results Prescription History ? No way for service provider to be confident about who is at the keyboard. Unable to put valuable information and services online. </li><li> 9. 9 Dilemma For Online Government Whats the consequence of misuse of Health Care Number? Government has no means of absorbing the risk First Name Last Name Address Pers. Health# Lab Results Prescriptions ? $ Health limit? Receive wrong meds? Privacy violated? </li><li> 10. 10 Learning from Financial Sector Shared secrets Credit Card number, name, address, CCV number Passwords Account numbers Email address One-time password token / fob Etc.. None of these are adequate to the task. </li><li> 11. 11 The On-Line World Governments are in the business of identity services. Can no longer run and hide from this duty just because the internet has happened. Governments need to issue digital credentials just like we issue paper/plastic ones. Credentials need to be: Issued from a high quality verification and registration process Protected against forgery, fraud and abuse Convenient and easy to use Respectful of, and enhance, privacy protections Reusable across all types of government services and jurisdictions Reusable to convey trusted identity information to third parties over the internet when desired </li><li> 12. 12 Identity Information Management First Name: David Last Name: Watkins Address: 1st Ave Personal Health#: 1234 567 890 Lab Results Prescription History + PassCode Identity information NOT stored in chip in card. </li><li> 13. 13 Identity Information Management First Name: David Last Name: Watkins Address: 1st Ave Personal Health#: 1234 567 890 Lab Results Prescription History+ PassCode Service provider asks client for trusted identity information and receives it from the client along with proof of who is backing it. Card used as authentication credential for obtaining identity information. Result is assurance of who is at the keyboard. Medical services plan client Name Date of birth / age Current address </li><li> 14. 14 Improved: Minimized Information Requests Age: Over 19 = Yes Enhances Privacy Enhances In-Person Services Name Date of birth / age Current address </li><li> 15. 15 Improved: Verified Access to Services Personal Health #: 1234 567 890 Assurance that client is eligible. Assurance needle is going into correct persons arm. Assurance that records looked up and generated are for correct client. Medical services plan client </li><li> 16. 16 Online Self-Service Becomes Feasible Requested Identity Information Online Self-Services + PassCode Blood test in morning View results in evening Change your kids school and courses online Renew your autoplan online Schedule doctor visit online without phone call or email Change your address online with government &amp; utilities Online income assistance, injured worker, courts... </li><li> 17. 17 Financial Sector To Dos Update online banking and commerce Infrastructure for contactless chip and pin Contactless readers and associated systems: home use, as well as at retail / merchant Train the public through their experience with bank and credit cards Get us out of Payment Card Industry Compliance problem $$$$ Change the bank card / credit card transaction flow to eliminate disclosure of identifiers to merchants Ensure new infrastructure is open for leverage by government issued contactless chips Through government membership in a trust-framework that establishes rules and standards Advocate for government to ensure identity information management works trans-nationally to avoid trade barrier New forms of banking transactions that make appropriate use of government backed identity information New accounts for individuals and/or businesses Mortgages, auto loans, insurance ... </li><li> 18. 18 Government To Dos Modify existing identity verification and registration procedures to issue trusted credentials for online In the Canadian federation this falls mostly to provinces Provide policy based trust-frameworks establishing rules and good conduct Identity information related Trustmark(s) certifiably used by government and private business Ensure these work on trans-national basis to avoid creation of new form of trade barrier Provide online services and infrastructure for government backed identity information in a citizen centric way In the Canadian federation this falls mostly to provinces Open to private sector through membership in a trust-framework that establishes rules and standards and through the protocol of asking the client to provide information Enable improved privacy practices Minimize information requests in first place Proper use of any information as provided Initiate a move to online self-service Make use of government backed identity information Often need to make use of payment cards as well Ex: Compensation for health care providers working with injured workers, auto accidents Ex: Student loans Ex: Income assistance ... </li><li> 19. 19 Possibilities Requested Identity Information + PassCode </li><li> 20. 20 Possibilities Requested Identity Information + PassCode </li><li> 21. 21 Possibilities Requested Identity Information + PassCode Trusted Authentication Credentials Identity Information Services Online Services </li><li> 22. 22 Conclusion Financial sector and Government sector operate as foundational components of Canada Mutual need for improved methods for identity information management services, credentials, cards, authentication Need to work together to enable a next-generation of online services Public and private </li><li> 23. 23 END ---- Dave.Nikolejsin@gov.bc.ca Peter.Watkins@gov.bc.ca http://www.cio.gov.bc.ca/cio/idim/index.page </li><li> 24. 24 </li></ol>