Transcript Authentication Programme Presentation to OPC

Authentication to access government services
What might the future hold?
Laurence Millar
Deputy Commissioner
Information and Communications Technology
Privacy Issues Forum
30 March 2006
© State Services Commission, 2006
Agenda
• Strategic context
• Future for authentication
• Questions
© State Services Commission, 2006
2
NZ Digital Strategy
New Zealand will be a
world leader in using
information and technology
to realise its economic,
social, environmental, and
cultural goals, to the
benefit of all its people.
© State Services Commission, 2006
3
E-government Strategy Goals
• By June 2007, networks and Internet technologies will be
integral to the delivery of government information, services
and processes.
• By June 2010, the operation of government will have been
transformed through its use of the Internet.
© State Services Commission, 2006
4
Where We Are Today
© State Services Commission, 2006
5
Where We Want To Get To
© State Services Commission, 2006
6
Networked Goal Within Development Goals
© State Services Commission, 2006
7
Agenda
• Strategic context
• Future for authentication
• Questions
© State Services Commission, 2006
8
The Concept Of Authentication
• When people or businesses deal with government, they need to
prove who they are to access some government services, for
example when registering a company or looking at a person’s
medical records.
• Authentication is the process of confirming the identity of the
person, to the required level of confidence.
• With the Internet becoming a mainstream channel for
interacting, transacting and participating, online authentication
has become a prerequisite for effective and efficient
government worldwide.
© State Services Commission, 2006
9
Approach To Online Authentication
• Separate who a person is (identity) from what they do (activity).
• Excludes authorisation and role management.
Name = Joe Bloggs
Date of birth = 01/01/1970
Place of birth = Wellington
Sex = male
Mother’s name = Bloggmom
Username = joe, Password = joeblo22
Identity Verification
Service (IVS)
Government Logon
Service (GLS)
© State Services Commission, 2006
10
IVS Overview
• An online, real time service that links an identity verification
credential (IVC) with a strong GLS logon to verify the person is
who they say they are
• Supports and enables a customer channel option (online)
• Identity is authoritatively verified to a passport-standard
evidence of identity (EOI)
• IVS Design leverages:
– Time, effort and expense of a passport application (and, subject to
feasibility, citizenship and permanent residency) for both people and govt
– Expertise, systems and resources of DIA, Identity Services
– Authentication infrastructure
– The Evidence of Identity Standard, as changes to the current EOI in Identity
Services automatically flow through to the IVC
© State Services Commission, 2006
11
IVS Privacy Protection
• Implements core concept of separating identity from activity
• Based on Cabinet-approved principles, in particular opt-in
• Person initiates identity verification request and controls data
release
• Uniqueness per agency or sector, no national identifier
• Minimum identity data stored
• No view of entitlement to agency services or transactions
• No additional identity data collected/stored
• People can self-audit usage online
• This is an additional channel, current offline methods will
continue
© State Services Commission, 2006
12
IVS Benefits
• Provides people with additional means to verify their identity to
agencies authoritatively at “passport strength”
• People who have been through one of the identified high quality
Evidence of Identity process with government don’t have to
repeat it to receive an IVC
• Better ability for agencies and people to leverage the
convenience of the online channel
– e.g. support rural communities, overseas New Zealanders
• Ability to leverage the government’s identity experts’ skills and
knowledge to reduce identity fraud
• Tangible cost savings for agencies and government
© State Services Commission, 2006
13
Long Term Benefits
• Increased confidence and trust in using the online channel.
• People have the choice of using a common logon when
transacting online with government.
• Cost-effective means for managing continuously evolving
authentication technology changes and security threats.
• Better ability to tackle identity fraud.
• Benefits of government’s collective size in delivering scale
economies, expertise and adoption of best practices available to
all agencies, irrespective of size
– Includes integrity of evidence of identity process
– Respect for privacy principles
© State Services Commission, 2006
14
Other potential services
• The authentication infrastructure is a secure, reliable and
networked platform that can be leveraged economically by
additional authentication services in the future.
© State Services Commission, 2006
15
Types Of Services
• Identification of services and their evaluation will start in July
2006.
• We expect two categories of all-of-government services:
– Value Added Services
Authentication of remote access, digital signatures, online
payments, authentication of access parameters
– Distributed Sources Of Authoritative Data
Company identity from Ministry of Economic Development
Partnership identity from Inland Revenue Department
© State Services Commission, 2006
16
Agenda
• Strategic context
• Future for authentication
• Questions
© State Services Commission, 2006
17