Title: VeriSign Authentication Services Volunteer eHealth Initiative Security and Confidentiality Workshop
1VeriSign Authentication ServicesVolunteer
eHealth InitiativeSecurity and Confidentiality
Workshop
2VeriSigns Business
VeriSign operates intelligent infrastructure
services that enable enterprises and individuals
to find, connect, secure, and transact across
todays complex global networks.
Naming Directory Services
Security Services
Telecommunication Services
- Naming / DNS Services
- Emerging Directory
- IP Services
- Strong Authentication
- Perimeter Security
- Wireline
- Wireless
- Content Services
- 5 M Security Events Daily
- 40M SMS Messages Daily
- 50 of Roaming in NoAm
- 2M Downloads / day
- 5,000 Enterprise Customers
- 1,000 Carrier Customers
- 400,000 e-Commerce Sites
- Exclusive Registry for .com, .net
- 15B Daily Transactions
3We Thrive in the Trusted Intermediary Role
Networks
Content Applications
Wireless, WAN, Broadband, LAN
Music, Video, Collaboration, Messaging, Commerce
Devices
Users
Phones, RF Tags, Modems, PCs, Server,
Routers/Switches
Government, Businesses, Service Providers,
Consumers
- Many-to-many connections
- Network / protocol diversity
- Natural mediation opportunity
- Security / privacy mandates
- Need for massive scale
- Trusted / neutral source
4Intelligent Infrastructure for Healthcare
3. 2010 Interconnected national health network
1. Today Point to point
Patient
2. 2006-07 Regional health networks
RLS
5How We Can Help
Enable regional and national health information
networks through the management of highly secure,
scalable and available verification,
authentication, discovery and validation services
- Synergistic services VeriSign can provide
- Federated Identity System
- Single-sign on for all actors authenticated
within local circles of trust to participate in
the broader ecosystem - eHealth Network Intelligence
- Patient registration and identification service
- Record locator service
- Security
- Access controls
- Data encryption
- Managed security service
6What Keeps Us Awake (So You Can Sleep)
- Regulatory Compliance
- HIPAA, CA SB1386, Sarbanes Oxley, ..
- Availability, Reliability, Services Continuity
- The Internet is becoming your infrastructure
- Overwhelming Complexity
- Point solutions that dont integrate millions of
uncorrelated events - New Technology Puts New Demands On Existing
Networks - From remote access anywhere to remote access
everywhere - Eroding User Confidence
- Crime follows users Phishing, spam, and
Identity theft
7Deploying Todays Security Solutions Is Difficult
- Cost
- Security hardware and infrastructure costs add up
- Who pays?
- Complexity
- New technology, new processes, new systems to
operate - Scaling to millions of individual participants
- Usability
- Security in the way an extra step or
intrusion before transacting - Narrow context of use (e.g. one credential
secures only a single application)
8Two-Factor Authentication Is Essential
HARD
SOFT
Digital Certificate
OTP Token
Desktop Soft Token
Smart Cards
Mobile Phone
Two-FactorAuthentication
Fixed Phone (voice)
Multi-Function Devices
Choice of Credentials Hard and Soft Choice of
Form-FactorExtensible Architecture
9Integrated Identity and Authentication Services
10Token Sharing to Drive Adoption
- Enable individual to use the same token at
multiple sites - e.g. PayPal and regional Health network
- Drives adoption
- Increases value of token to consumers (Universal
Key) - ATM-Like experience (VIP tokens accepted here ala
Cirrus Network) - Individuals demand security brand for their
personal security - Reduced Costs Complexity
- Costs Shared infrastructure hardware costs
- Complexity VIP Portal (06) to centralize
payment, life-cycle management and support across
across the Network - From Costs to Gains
- Disrupt established costs models (per
transaction, ala ATM)
11Token Sharing The VIP Model
- OTP validation service in the cloud
- Two independent entities send OTP validation
requests to common service. - Simpler liability model sharing of
authentication only. - Neither party sees the other partys validation
traffic.
12One Intelligent Infrastructure for Different Uses
Public VIP
Enterprise VIP
Vertical VIP
Co-branded tokens
Private label tokens
Private label tokens
VeriSign Identity Protection Network