Mais conteúdo relacionado
Semelhante a Eic2011 rolling presentation_1 (20)
Eic2011 rolling presentation_1
- 1. EIC’2011
UBISECURE SOLUTIONS, INC.
Your Partner in
Identity and Access Management
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 2. Where Ubisecure comes from:
Finland
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 3. Finland: Background
5.3 million residents
Approx 325 000 companies (2009)
Parliamentary republic with central government
336 local municipalities
EU member since January 1995
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 4. Finland: ICT background
High Internet penetration (86% of 16–74 old Finns
use internet; 50% of 7 year-olds use it!!)
High e-commerce acceptance (92% use)
High mobile penetration (>100%; all ages)
High broadband services penetration
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 5. Before – All services were physically centralized
1960-90:
Physical shopping
centers
Typically always
populated by:
Taxation Office, Government
Social Insurance Org,
Employment Office, Several
Bank(s), Shop, Bar, Doctor, …
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 6. Internet: Where services – and people are now
Today all services are found in
Internet
Finnish people shop in internet
close to 10 Billion € in 2010
More than 92% of Finnish people
has used internet for shopping…
People are hanging around in
Internet
All ages: 4 … 75+ yrs
(not joking ☺)
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 7. Why such a strong trend?
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 8. Consumer Groups Market Behavior…
OLD GENERATION
FOLLOWERS
AGE OF 20 .. 69
MASSES
PIONEERS
YOUNGER
GENERATIONS 8
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 9. Cost Efficiency per Service Channel
Mobile
Physical Office
Internet Service
Service
30-50€ ..0.20 €
Visit Telephone
Session
Service
10-20€
Internet
Call Service
Near Field Communication
ATM
Mobile Services ..0.10 €
Services Session
1-2€
Transaction ..0.50€ ..0.10 €
Transaction Session
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 10. Cost Efficiency per Service Channel
Finland Monthly Income Monthly Income Per
(2010) (2005-10) Hour
Average Salary ~ 3400€ ~ 3113€ ~ 20€
Average employment ~ 6120€ ~ 5605€ ~ 36€
costs (x 1.8)
Service 47€ Physical Office
Average Visit Service
1h 17min
Mail
Service Correspondence
19€ Average 12€ Service
23 min
Mailing
Service
Average Call
31 min
Telephone
Service
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 11. Large scale
e-Gov authentication and authorization
Service in Finland
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 12. In this Customer case
we have Millions of users using
Ubilogin protected services each month.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 13. More than 32 Million users since 2004.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 14. That is more than six times the population.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 15. More than 72% of the Companies
each month.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 16. No one could keep track
and manage all those identities.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 17. Neither our Business Partner.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 18. Nor our Customer.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 19. So, the identity management needed to be
Delegated.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 20. In a well-controlled manner.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 21. And Automated.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 22. 1) Therefore
External Identity Management…
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 24. 3) And with the ultimate
Single Sign-On user experience.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 25. Tunnistus.fi Identity Provider
”Tunnistus” (finnish) means Identification
Joint project of the Tax Administration, Ministry of Employment
and the Economy and the Social Insurance office
IdP Proxy service for Banks and eID cards
Joint venture consortium contract signed March 2003
RFQ March 2003, Implementation 5 months
Operational January 2004
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 26. Tunnistus.fi
G2C AuthN
Web single sign-on based on both proprietory and
SAML2 protocols
Liberty Interoperable tested
Single logout
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 27. Tunnistus.fi and VETUMA federation
Two similar systems cover different target groups under
different government budgets with different service mandates
New government portal service started in 2011 is driving
increased authentication volume
Tunnistus.fi and VETUMA will be federated together in Q1
2011 using discovery based on the CDC approach
Stakeholders developed the eGov Deployment Profile for
Finnish public sector SAML2 WebSSO deployment profile. The
profile is based on the Kantara eGov implementation profile
2.0 and the SAML2int.org ver 0.2 deployment profile[1].
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 28. KATSO
G2C AuthN & AuthZ
Self-service authentication and authorization service for
government e-services
Sample of features:
User self-registration
Role delegation (to other sub-user)
Power of attorney (user-to-user,
user-to-org, org-to-org)
Self-service credential management
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 29. KATSO Roles
Different role groups
Internal system roles
General roles
Service specific roles
Total roles: 51
Roles provided by KARVA =
SAML2 Attribute Authority
SP queries role information after authentication using
SAML2 Attribute Query
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 30. KATSO Web Services
KATSO operates an
ID-WSF 2.0 WSIDP also enabling integration of
non-browser clients
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 31. KATSO History
Introduced 2006
2009: over 30 services
Top 3
Unemployment registration (Tax)
Tax card ordering (Tax)
Registering as a job seeker (Social insurance)
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 32. KATSO
Two types of authentication
Strong: Katso OTP (One time password
PIN/TAN)
Weak: PWD (Username and password)
Strong authentication initial registration based on
bank assurance (TUPAS) or physical visit
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 33. KATSO
Use of KATSO initially limited to consortium
members
Legislation changes have recently permitted wider
use
Use outside of government services still limited by
legislation
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 34. KATSO: G2B
How does it work?
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 35. Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 36. Self service enrolment
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 37. Familiar process
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 38. Bank authentication
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 39. Indexed TAN
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 40. Attribute release consent
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 41. New: Telcos as Commercial IdPs for eGov
Commercial Wireless PKI (MPKI, WPKI) service launched 30.11.2010
Named ”Mobiilivarmenne” Mobile Certificate
http://www.mobiilivarmenne.fi/en/en_2.html
Supported by 3 out of 4 national telcos
Competing with TUPAS service
Roaming function - one contract with one telco is enough
ETSI MSS Mobile Signature Service
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 42. Telcos as Commercial IdPs
Long history – previous studies and commercial trials commencing
around 2003 to use national ID in the mobile had failed
New business model, purely commercial
Requires government-issued CA license with stringent auditing
Application embedded in SIM (application toolkit application)
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 43. Telcos as Commercial IdPs
Works while roaming (SMS based transport)
Pricing for end users
Elisa: 0.09 per transaction
(Free until Nov 2011)
Other telco pricing unknown
Pricing for SP services
Unpublished
Expected adoption in G2C services in 2011
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 44. What has been achieved?
(The benefits)
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 45. Government Business Case –
has cumulated savings of 1.05 Billion €
Today 32+ Million transactions
served in “Federated Government
Service Center”
Before– it would have meant 32+
Million service sessions in physical
service points or telephone
Example what costs this could
have generated “back then”:
50% physical + 50% telephone
Service Cost: 1.05 Billion €
16 million x 47 € = 748 M€
16 million x 19 € = 301 M€
Instead, these costs
have now been saved!
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 46. Reality check: eGovernment Business Case (at least) 656 M€
Saved Costs so far!
Reality-check:
What if part of the customers would
have “dropped out”
That is: Less customers served, Less
service sessions
Example, that is, savings
AT LEAST:
10 million phone calls
10 million visits
12 million (example) not served or
“solved” any other way
Service costs would still have been
656 M€!!!
This means, that 10 million x 47€ = 468 M€
At least these costs 10 million x 19€ = 188 M€
have been saved!!
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 47. One of the greatest
eGovernment Success Stories in the World!
SOME HIGHLIGHTS 32+ Million transactions served in
“Federated Government Service Store”
OF THE SUCCESS: in Finland
Six times the population served so far!
Service Costs by the end of 2010
e.g.1€/tr
Current service volume
2M tr/month 4,5 times the population
served each year!
Now 71% (!) of the companies in Finland
are registered as users of the service
Huge impact on G2B services!
Currently the transfer to Internet
generates
763 M€ savings per year
for Government in Finland
(and this mainly so far only for three
agencies as others are now joining)
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 48. Tunnistus.fi Statistics
Authentications
Chart credit: Verohallinta, Finnish tax administration
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 49. KATSO Statistics
Authentications
Chart credit: Verohallinta, Finnish tax administration
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 50. ROI is rather ”nice” ☺
ROI for the IAM solution
AuthN for G2C
For 2004 - 2010 = that is 7 yrs in production
2006 - 2010 = that is 6 yrs in production
AuthZ for G2B
253 470% (!)
Not included: the services that attract users and
generate the benefits
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 51. The Elements for Success
Government
Cooperation!
IAM Cooperation!
industry
(standards,
mature technology,
mature products)
Commercial IDPs Public IDPs
Keen users:
Companies
Residents
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 52. Single Sign On.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 53. Single Sign-On across all
web-based Services…
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 54. …and also across
the Services of the Business partners.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 55. And across the Cloud-based Services.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.
- 56. THANK YOU!
Ubisecure Solutions, Inc.
www.ubisecure.com <firstname.lastname>@ubisecure.com
FINLAND: SWEDEN:
Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396
FIN-02150 Espoo S-10724 Stockholm
tel. +358-9-2517 7250
fax +358-9-2517 7070
Registered in Espoo, Finland
reg. nr. FI1748721-4
Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new
online business concepts and speed the growth of existing web-based operations by joining separate sites
and services into larger trusted areas. The innovative products allow internet users to flexibly and securely
move between online services – without encountering repeated login prompts. Ubisecure maintains an
extensive network of partners that offer organizations advice, consulting and technical services; and
provides high-level training in secure online business through the widely appreciated Ubisecure IAM
Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized
identity and access management solutions. For more information, please visit www.ubisecure.com.
Identify and Authorize.
Enable secure business.
Confidential www.ubisecure.com ©Copyright Ubisecure Solutions, Inc. All rights reserved.
Copyright Ubisecure Solutions, Inc. All rights reserved.