Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting...
-
Upload
chester-lamb -
Category
Documents
-
view
217 -
download
0
Transcript of Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting...
![Page 1: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/1.jpg)
Identity Assurance Services For Preventing Identity Theft
Bob Pinheiro Robert Pinheiro Consulting LLC
![Page 2: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/2.jpg)
Types of Identity Theft Considered
• Someone impersonates you to access existing
accounts/resources– Example: break-in to online bank/financial accounts
using stolen passwords or other credentials
• Use of stolen credit card numbers or bank account numbers to make fraudulent purchases
• Someone impersonates you to create new accounts– Example: obtain new credit cards, loans, cell phone
accounts using your identity
![Page 3: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/3.jpg)
• Someone impersonates you to access existing accounts/resources– Service Provider knows you– Service Provider or trusted IdP has issued credentials / tokens
for authentication
• Use of stolen credit card numbers, bank account numbers to make fraudulent purchases– Difficult to know if person using credit card numbers, bank
account numbers online is authorized to do so
• Someone impersonates you to create new accounts– Service Provider doesn’t necessarily know you– Identity claimed using Personally Identifiable Information (PII)– Service Provider can’t easily authenticate a claim of identity
Does the SP Know It’s You?
![Page 4: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/4.jpg)
• A Liberty-accredited IdP/CSP has issued High Assurance digital identity credentials / tokens to you– For authentication to existing accounts– Trust relationship established between SP/RP
and IdP/CSP– The SP/RP can locate the IdP/CSP in several
possible ways:
Key Assumption
![Page 5: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/5.jpg)
•The user tells the RP•The RP is pre-configured to know the IdP•The RP communicates with a separate service that asks the user•The client device tells the RP•The client device is synonymous with the IdP (e.g., self-asserted cards or self-hosted IdPs)•The client device serves as a proxy for the IdP, removing the need for direct RP communication with the IdP (e.g., managed cards)
The Identity Provider Discovery Problemfrom Concordia Website
![Page 6: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/6.jpg)
Use these same digital identity credentials for identity authentication when there is no existing relationship between an identity claimant / new account applicant and a Service Provider.
Goal
![Page 7: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/7.jpg)
• Establish trust relationship between SP/RP and IdP/CSP “on the fly”– Via a brokered trust model using an IdP/CSP
intermediary?
• Ability to discover IdP/CSP on the basis of Personally Identifiable Information (PII) used to establish an identity claim.
Two Advances Needed
![Page 8: Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC bp@bobpinheiro.com.](https://reader036.fdocuments.us/reader036/viewer/2022082506/56649e995503460f94b9bc12/html5/thumbnails/8.jpg)
ServiceProvider /RelyingParty
DiscoveryService
7. Locate IdP for this identity
Federation of Accredited IdPsExternal
Data/InformationSources
IssuingIdentityProvider
ContractingIdentityProvider
OtherIdPs
2. Enroll, Provide PII, Documenation
3. Verification of PII, documenation
4. Issue Credentials, Tokens
6. Request Service, Provide PII
5. Register identity assurance service for this identity and Assurance Level
1. Establish business relationship with Contracting IdP
8. Authentication request
10. Identity assertion
9. Authenticate