eic2011 rolling presentation_1

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential

Your Partner in Identity and Access Management

EIC’2011

UBISECURE SOLUTIONS, INC.


Where Ubisecure comes from:Finland


Finland: Background

5.3 million residents

Approx 325 000 companies (2009)

Parliamentary republic with central government

336 local municipalities

EU member since January 1995


Finland: ICT background

High Internet penetration (86% of 16–74 old Finns use internet; 50% of 7 year-olds use it!!)

High e-commerce acceptance (92% use)

High mobile penetration (>100%; all ages)

High broadband services penetration


Before – All services were physically centralized

1960-90:Physical shopping centers

Typically always populated by:Taxation Office, Government Social Insurance Org, Employment Office, Several Bank(s), Shop, Bar, Doctor, …


Internet: Where services – and people are now

Today all services are found in Internet

Finnish people shop in internet close to 10 Billion € in 2010

More than 92% of Finnish people has used internet for shopping…

People are hanging around in Internet

All ages: 4 … 75+ yrs(not joking ☺)


Why such a strong trend?


88

OLD GENERATION

MASSES

FOLLOWERS

PIONEERS

AGE OF 20 .. 69

YOUNGERGENERATIONS

Consumer Groups Market Behavior…


Physical OfficeService

ATM Services

TelephoneService

MobileInternet Service

InternetService

..0.50€Transaction

..0.20 €Session

Near Field CommunicationMobile Services

30-50€Visit

10-20€Call

..0.10 €Session

1-2€Transaction

..0.10 €Session

Cost Efficiency per Service Channel


Physical OfficeService

TelephoneService

47€Visit

19€Call

Finland Monthly Income (2010)

Monthly Income (2005-10)

~ 3113€

PerHour

Average Salary ~ 3400€ ~ 20€

Average employment costs (x 1.8)

~ 6120€ ~ 5605€ ~ 36€

ServiceAverage1h 17min

ServiceAverage31 min

12€Mailing

MailCorrespondence Service

ServiceAverage23 min

Cost Efficiency per Service Channel


Large scalee-Gov authentication and authorization

Service in Finland


In this Customer casewe have Millions of users using

Ubilogin protected services each month.


More than 32 Million users since 2004.


That is more than six times the population.


More than 72% of the Companies each month.


No one could keep track and manage all those identities.


Neither our Business Partner.


Nor our Customer.


So, the identity management needed to beDelegated.


In a well-controlled manner.


And Automated.


1) ThereforeExternal Identity Management…


2) Therefore Federation.


3) And with the ultimate Single Sign-On user experience.


Tunnistus.fi Identity Provider

”Tunnistus” (finnish) means Identification

Joint project of the Tax Administration, Ministry of Employment and the Economy and the Social Insurance office

IdP Proxy service for Banks and eID cards

Joint venture consortium contract signed March 2003

RFQ March 2003, Implementation 5 months

Operational January 2004


Tunnistus.fi

G2C AuthN

Web single sign-on based on both proprietory and SAML2 protocols

Liberty Interoperable tested

Single logout


Tunnistus.fi and VETUMA federation

Two similar systems cover different target groups under different government budgets with different service mandates

New government portal service started in 2011 is driving increased authentication volume

Tunnistus.fi and VETUMA will be federated together in Q1 2011 using discovery based on the CDC approach

Stakeholders developed the eGov Deployment Profile for Finnish public sector SAML2 WebSSO deployment profile. The profile is based on the Kantara eGov implementation profile 2.0 and the SAML2int.org ver 0.2 deployment profile[1].


KATSO

G2C AuthN & AuthZ

Self-service authentication and authorization service for government e-services

Sample of features:

User self-registration

Role delegation (to other sub-user)

Power of attorney (user-to-user, user-to-org, org-to-org)

Self-service credential management


KATSO Roles

Different role groupsInternal system rolesGeneral rolesService specific roles

Total roles: 51

Roles provided by KARVA = SAML2 Attribute Authority

SP queries role information after authentication using SAML2 Attribute Query


KATSO Web Services

KATSO operates an ID-WSF 2.0 WSIDP also enabling integration of non-browser clients


KATSO History

Introduced 2006

2009: over 30 services

Top 3Unemployment registration (Tax)Tax card ordering (Tax)Registering as a job seeker (Social insurance)


KATSO

Two types of authentication

Strong: Katso OTP (One time password PIN/TAN)Weak: PWD (Username and password)

Strong authentication initial registration based on bank assurance (TUPAS) or physical visit


KATSO

Use of KATSO initially limited to consortium members

Legislation changes have recently permitted wider use

Use outside of government services still limited by legislation


KATSO: G2BHow does it work?


Self service enrolment


Familiar process


Bank authentication


Indexed TAN


Attribute release consent


New: Telcos as Commercial IdPs for eGov

Commercial Wireless PKI (MPKI, WPKI) service launched 30.11.2010

Named ”Mobiilivarmenne” Mobile Certificate

http://www.mobiilivarmenne.fi/en/en_2.html

Supported by 3 out of 4 national telcos

Competing with TUPAS service

Roaming function - one contract with one telco is enough

ETSI MSS Mobile Signature Service

http://www.mobiilivarmenne.fi/en/en_2.html


Telcos as Commercial IdPs

Long history – previous studies and commercial trials commencing around 2003 to use national ID in the mobile had failed

New business model, purely commercial

Requires government-issued CA license with stringent auditing

Application embedded in SIM (application toolkit application)


Telcos as Commercial IdPs

Works while roaming (SMS based transport)

Pricing for end usersElisa: 0.09 per transaction (Free until Nov 2011)Other telco pricing unknown

Pricing for SP servicesUnpublished

Expected adoption in G2C services in 2011


What has been achieved?(The benefits)


Government Business Case –has cumulated savings of 1.05 Billion €

Today 32+ Million transactions served in “Federated Government Service Center”

Before– it would have meant 32+ Million service sessions in physical service points or telephone

Example what costs this couldhave generated “back then”:

50% physical + 50% telephone

Service Cost: 1.05 Billion €

16 million x 47 € = 748 M€

16 million x 19 € = 301 M€

Instead, these costshave now been saved!


Reality check: eGovernment Business Case (at least) 656 M€Saved Costs so far!

Reality-check:What if part of the customers would have “dropped out”

That is: Less customers served, Less service sessions

Example, that is, savings

AT LEAST:

10 million phone calls

10 million visits

12 million (example) not served or “solved” any other way

Service costs would still have been 656 M€!!!

10 million x 47€ = 468 M€

10 million x 19€ = 188 M€

This means, thatAt least these costshave been saved!!


One of the greatest eGovernment Success Stories in the World!

32+ Million transactions served in “Federated Government Service Store”in Finland

Six times the population served so far!

Service Costs by the end of 2010 e.g.1€/tr

Current service volume 2M tr/month 4,5 times the populationserved each year!

Now 71% (!) of the companies in Finland are registered as users of the service

Huge impact on G2B services!

Currently the transfer to Internet generates 763 M€ savings per yearfor Government in Finland (and this mainly so far only for three agencies as others are now joining)

SOME HIGHLIGHTSOF THE SUCCESS:


Tunnistus.fi Statistics

Chart credit: Verohallinta, Finnish tax administration

Authentications


KATSO Statistics

Chart credit: Verohallinta, Finnish tax administration

Authentications


ROI is rather ”nice” ☺

ROI for the IAM solution

AuthN for G2CFor 2004 - 2010 = that is 7 yrs in production2006 - 2010 = that is 6 yrs in productionAuthZ for G2B

253 470% (!) Not included: the services that attract users and generate the benefits


The Elements for Success

IAMindustry

(standards, mature technology,mature products)

Commercial IDPs

Government

Public IDPs

Keen users:CompaniesResidents

Cooperation! Cooperation!


Single Sign On.


Single Sign-On across allweb-based Services…


…and also across the Services of the Business partners.


And across the Cloud-based Services.

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.

THANK YOU!

Ubisecure Solutions, Inc.

www.ubisecure.com <firstname.lastname>@ubisecure.com

FINLAND: SWEDEN:Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396 FIN-02150 Espoo S-10724 Stockholm

tel. +358-9-2517 7250fax +358-9-2517 7070

Registered in Espoo, Finlandreg. nr. FI1748721-4

Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new online business concepts and speed the growth of existing web-based operations by joining separate sites and services into larger trusted areas. The innovative products allow internet users to flexibly and securely move between online services – without encountering repeated login prompts. Ubisecure maintains an extensive network of partners that offer organizations advice, consulting and technical services; and provides high-level training in secure online business through the widely appreciated Ubisecure IAM Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized identity and access management solutions. For more information, please visit www.ubisecure.com.

Identify and Authorize.Enable secure business.

eic2011 rolling presentation_1

Technology