Bringing Trusted Identities Online: Proving the Efficacy of an Electronic Identity in Online Transactions by Leveraging the Trust of a State Driver License Vetting Process
June 10, 2015 Mark DiFraia Sr. Director Market Development MorphoTrust USA
Team & Goals
2
Team of Partners
• North Carolina Department of Transportation
• North Carolina Department of Health & Human Services
• University of Texas at Austin Center for Identity
• Gluu, Inc. • miiCard • Toopher • Debra Diener (privacy &
identity mgt consultant)
Overview
Enable North Carolina DL/ID holders to create an Electronic Identity (eID) that can eliminate the need for in-person identity proofing when applying for Food and Nutrition Services (FNS) benefits.
Using OpenID Connect, bring the trust of an authoritative identity source into the commercial realm.
Goals of the proposed pilot
Goals of the proposed pilot: ü Prove an eID can be created
that carries the trust of a driver license and can be used to eliminate in-person identity proofing.
ü Demonstrate elevation of trust using biometric multi-factor authentication.
ü Define a framework through which states and commercial entities can trust each eID carrying the trust of a state DL/ID.
Create Elevate Interoperate
Simplifying an Application for Benefits
3
Individuals MorphoTrust Host
State DMV
State Portal
1. Added Option
2. Click for Instructions 3. AuthN
4. Consent to Apply
5. Pre-Filled Application
The Challenge Journey
4
SOCIAL MEDIA
eGOVERNMENT
IN-PERSON GOVERNMENT
IN-PERSON BUSINESS
BUSINESS IN CYBERSPACE
The Challenge Journey’s Challenge
5
We quickly lose our traditional human means of evaluating and verifying identity
SOCIAL MEDIA
eGOVERNMENT
IN-PERSON GOVERNMENT
IN-PERSON BUSINESS
BUSINESS IN CYBERSPACE
The Challenge Journey’s Challenge
6
In place of traditional means… we substitute
GPS
behavior
SOCIAL MEDIA
eGOVERNMENT
IN-PERSON GOVERNMENT
IN-PERSON BUSINESS
BUSINESS IN CYBERSPACE
The Challenge Journey’s Challenge
7
Why substitute? Can’t we transform what we already trust?
GPS
behavior
SOCIAL MEDIA
eGOVERNMENT
IN-PERSON GOVERNMENT
IN-PERSON BUSINESS
BUSINESS IN CYBERSPACE
The Challenge Packing for the Journey
8
How can we transform our most trusted means of proving identity? • Create Electronic Identity (eID)
directly from our Driver Licenses for online use
• Enhance trust through standardized communications linking parties
• Replace physical visual verification with biometrics and multi-factor authentication
• Build for the individual we are trying to enable and protect
• Provide for levels of assurance
(anonymous through definitive)
SOCIAL MEDIA
eGOVERNMENT
IN-PERSON GOVERNMENT
IN-PERSON BUSINESS
BUSINESS IN CYBERSPACE
The Challenge Within the Context of our Pilot
9
Face-to-Face Interview Verify Identity & Review Application
Case Worker SNAP Applicants
Today’s Process
Business Problem: - Requires incremental headcount to address volume - Physical locations are required to handle volume - Appearing in person can be difficult for applicants for
many reasons - NC is adding overtime and related expenses to
address backlogs
Pilot Success Face-to-Face Not Required
Remote Application without Sacrificing Identity Verification
SNAP Applicants Online SNAP
Application Results: - No incremental headcount - No new physical locations needed - Applicants don’t miss work, pay for travel or find childcare - Cut down on overtime - Save interview time 15-30minutes = ~$10 per transaction - Option is always there for in-person service if desired
The Challenge Where do we Fit?
We are targeting the high-end of the trust scale
10
High Trust
Low Trust
(Mid) Corroborated
(Mid) Social & Financial
Verification
(High) Document Proofing
(Low) Self-Attested
MorphoTrust
TODAY
In-Person Proofing Burden
What Attracted North Carolina?
• Heavy investments in the DMV for Federal Real ID Compliance creates “gold standard authentication” which begs the question of extension of the capability
• The technology and capabilities around Identity & Access Management are evolving rapidly and we need to be involved early. Role of the states as the authentication source for public and private usage also evolving raising several questions
• Demand for services is growing while budgets shrink so monetization is of interest. How will states recoup the costs to build and operate the authentication engines?
Where are we? What are we learning?