Page 23 - CDM-Cyber-Warnings-January-2014
P. 23
Current State of Trusted Identity Management Solutions IdM Solutions and Services Using Biometrics and Smart Cards by Amarish Pathak, CIO at American Armed Forces Mutual Aid Association (AAFMAA) Identity Management (IdM) solutions and services using biometrics and smart cards today have become increasingly important to many government, private, legal and business transactions in the US and globally. User acceptance and adoption of biometrics and smart cards has become the predominant driver of widespread use and advancement. In the financial sector alone, organizations are looking for ways to verify their customer identities before opening new accounts or authorizing new policies in order to reduce the increasing amount of fraud. The state-of-the-art IdM offering provides both smart card issuing and identity management solutions using biometrics to financial services providers, and to businesses and governments to ensure secure access to any type of confidential asset, anytime, anywhere. Introduction Previously, these IdM solutions and services were confined to the web services domain. With the advent of smartphones and tablets, this has changed allowing user centricity and network operation using these solutions and services through mobile devices as additional interdependent domains with IdM at the core. Each year, mobile devices become equipped with more and more functionality relevant to IdM. Mobile digital identities imply portable identities, often involving device and user mobility, meaning that services can be accessed with a device such as a smartphone while moving as well as that service can be used independently from device and location. In this model, mobile authentication is based on either the Subscriber Identity Module (SIM), Public-key Infrastructure (PKI), or the One-Time Password (OTP). The new view of user centricity with mobile offers a different perspective for the IdM solutions and services using biometrics and smart cards: identity becomes central for legal, business and network development trends. These IdM solutions now have a trusted, cross-layer identity framework with specific emphasis on networks and services using identity with biometrics and smart cards also as key enabler for convergence. The uniqueness about the trusted IdM solutions and services using biometrics and smart cards is the use of strong authentication. In absence of authentication, a digital identity cannot be meaningful. Authentication involves knowledge, possession (such as tokens, smart cards) and biometrics. Today, identity management solutions and services and strong authentication have converged. Now IdM solutions and services provide a trusted infrastructure for user access, signing, and verification of users and transactions, through strong authentication using biometrics and smart cards. In the US alone, more than 50 school districts and 160 hospital systems in 15 states are using IdM solutions using biometrics to verify identities. Authentication These IdM solutions support different types of strong authentication including: identification (who are you?) and verification (are you who you say you are?). In order to establish the identity of an unknown, these IdM solutions and services perform identification using “1-to-many” + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
