2. § Challenges
§ What is Identity?
§ Verification
§ Authentication
§ APIs, Federated Identity
§ Trust Frameworks
I D E N T I T Y A S A
B U S I N E S S E N A B L E R
3. Mobile, Cloud, and
decentralized data can
now deliver solutions
never before possible
CHALLENGES
INNOVATION
TRUST FRAMEWORKS
FUTURE COMMERCE
ON
4. W E A K I D E N T I T Y S Y S T E M S C R E AT E C H A L L E N G E S
F O R P E O P L E A N D B U S I N E S S
P E O P L E
Service exclusion,
Poor user experience
Information overexposure,
Process inefficiency to prove ID
B U S I N E S S
Inefficient service delivery,
Obscures risk profile
Fraud from stolen ID / poor auth,
Multiple checks required
S O C I E T Y
Services exclusion (financial/govt),
Incorrect service delivery
Fraudulent access to services
(medical, etc.), Inefficient
manual/paper processes require
human remediation
World Economic Forum, “A Blueprint for Identity”, 2016, p.33, available at: http://www3.weforum.org/docs/WEF_A_Blueprint_for_Digital_Identity.pdf
5. Identity is not a monolith. It is a collection of individual
attributes that describe an entity and determine the
transactions in which that entity can participate.
6. S O W H AT I S Y O U R I D E N T I T Y ?
INDIVIDUALS LEGAL ENTITIES
Age, Height, DOB,
Fingerprints
Health records,
Preferences, Behaviors
National ID numbers,
Telephone number,
Email address
Industry, Business
Business records,
Legal records
Identifying numbers,
Legal jurisdiction
Inherent Attributes –
Intrinsic to an entity
Accumulated Attributes –
Gathered or developed
over time
Assigned Attributes –
Reflects relationships
held with others
World Economic Forum, “A Blueprint for Identity”, 2016, p.41, available at: http://www3.weforum.org/docs/WEF_A_Blueprint_for_Digital_Identity.pdf
7. I D V E R I F I C AT I O N I N
F I N A N C I A L S E RV I C E S
§ Banks collect data that is available and/or
required by statute
§ The US has a risk-based approach that
puts the burden on the bank
§ Legal Entity Identifier or core data: Name,
DOB, Address, Tax ID
§ Reasonableness standard applied: Does
the bank know the true ID of its client?
§ Primary sources can include public or
private databases, or even another bank’s
KYC data for certain transactions
Strong customer authentication under PSD2, available at: https://www.taylorwessing.com/download/article-strong-customer-authentication-under-psd2.html
Bank Security Act, See: 31 CFR 1010.100(e), available at: https://www.ffiec.gov/bsa_aml_infobase/pages_manual/regulations/31CFR1010_100.pdf
FINCEN Customer Due Diligence Rules, available at: https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf
FFIEC, CIP Program Overview, available at: https://www.ffiec.gov/bsa_aml_infobase/pages_manual/olm_011.htm
8. D I G I TA L T R E N D S
I N V E R I F I C AT I O N
3L3Anti Money Laundering Task Force, available at:
https://www.eba.europa.eu/documents/10180/16166/3L3A
MLTFCompendium.pdf
Money laundering Risk: Its Not just for Banks, available at:
https://www.lw.com/thoughtLeadership/money-laundering-
risk-not-just-for-banks
Client verification is about
collecting data with little friction
and real-time checking of
multiple data sources to confirm
accuracy of the data.
9. Identity verification…
in minutes over
mobile is the new
standard.
Rules Based/IDV/Blockchain ID/Docs/KYC/Fraud. Phone/AI/ML
Blockchain Helix
KYC Chain
BlockNotary
Socure
Trulioo
Cetas Systems
Netki
Norbloc
StartupFintechMature,Client-base
Jumio
Alloy
Au10tix
Blockscore
Clear ID
Cognito
Confirm.io
Digital
Resolve
EVS
Experian
Global Identity
Identity.com
Identity Mind Idology
IDScan
LexisNexis MiiCard
Onfido
Thisisme
Veratad
Yoti
PegaSoftware
Juru
Scanovate
BEYOND KBA…
10. Trulioo Mobile solution
connects to two dozen
mobile network operators
(MNOs), covering 1.8 billion
mobile users across
the globe.
§ Mobile Network Operator data
§ Normalized API integration
§ SaaS/Web portal
§ Custom match rule configuration
§ Verification results matrix
§ Cyber data
§ Address & age verification
§ Risk mitigation
§ Automated watchlists
§ Transaction review (audits)
Trulioo instantly verifies 4.5 billion people and
250 million companies in over 60 countries
https://www.pymnts.com/mobile/2018/kyc-mobile-identity-verification-trulioo-globalgateway/
11. A U T H E N T I C AT I O N O F
V E R I F I E D I D s
§ Determine the validity of an authenticator to a
digital identity
§ Risk Based Approach: NIST recommends the
use of MFA, strong crypto, authenticated
hardware devices and biometric authentication
§ Continuous Authentication with a ‘Step-Up’
capability based on the transaction
value/content is written into law in US/EU
§ Adaptive Authentication addresses:
§ something you Have, Know, and Are
NIST Special Publication 800-63B, Digital Identity Guidelines, July 2017, available at:
https://pages.nist.gov/800-63-3/sp800-63b.html
NYS DFS Rule, available at: http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf
“Adaptive Authentication”, Leadership Compass, KuppingerCole Analysis, Feb 2017, available at:
https://www.kuppingercole.com/topic/learnmore/adaptiveauth
12. Mobile, behavioral,
biometrics, and
blockchain enable
privacy/trust and
speedy transactions. BankID
Logrr
Paycasso
Auth0
EZMCom
Gemalto
Sensipass
AimBrain
Averon
BioWatch
iProov
Blockstack
Cambridge
Blockchain
Civic
CryptID
Guardtime BLT
ID.me
SecureKey
2Fa/MFA Bio/Behavioral Blockchain/AI ML
StartupFinancialPilots/ClientsEaseofUse/LargeDeployments Shocard
Uport
Airbitz
Authentify
Behaviosec
Biocatch
BioID
Credence ID
Crossmatch
Deepnet
Duo Security
Gigya
Imageware
InAuth
Keypasco
Launchkey
Msignia NuID
PingID
Shocard
Transmit Sec
Trusona
Vasco
CA
Forgerock
Secureauth
Precognitive
IBM CISMsft Azure OKTA
Centrify
veridiumID
HYPR
ID Authentication
13. CIAM MFA Biometric Behavioral/ML Blockchain Misc
CA BankID Biocatch Aimbrain Airbitz Averon (MNO)
Centrify Deepnet BioID Behaviosec Blockstack Authentify (MNO)
Crossmatch Duo Sec BioWatch InAuth CambridgeBlock Auth0 (Developer)
Forgerock EZMcom Credence Keypasco Civic
Gigya Gemalto Imageware Launchkey Idaas/CIAM
IBM CIS ID.me iProov Precognitive Guardtime
Microsoft Trusona Logrr Sensipass HYPR
OKTA Vasco Msignia Transmit Sec NuID
Ping Identity Paycasso Securekey
SecureAuth VeridiumID Shocard
Uport
T H E B R O A D E R F I N T E C H L A N D S C A P E
14. T H R E E L E A D I N G I N N O VATO R S
Contextual, behavioral biometrics company
that performs step-up authentication with an
OTP or facial/voice authentication.
Uses its Flashmark Technology to create a
one time biometric token of a facial image.
Leverages up to 2,000 device attributes
to consistently and uniquely identify.
15. O P E N B A N K I N G — A P I ’ S A N D F E D E R AT E D I D E N T I T Y
§ Railsbank, enables global banking via APIs
§ FIS Code Connect includes over 300 API’s
for banking, payments, finance
§ Additional API providers in different segments
of the financial services industry:
§ Payments gateways API providers
(Braintree, Dwolla, Stripe, Wirecard, Adyen)
§ Trading APIs (Xignite, Zerodha)
§ Remittance APIs (Uphold, PayCommerce)
§ Data aggregation APIs (Kontomatik, Fidor,
Figo)
https://letstalkpayments.com/top-banking-apis-enabling-access-to-aggregated-rich-financial-data/
https://www.fisglobal.com/about-us/media-room/news-releases/2017/launch-of-fis-code-connect-puts-fis-clients-at-forefront-of-open-api-innovation
16. F E D E R AT E D I D — B A N K S E X T E N D O U T
Application-Programing Interface enables
Capital One customers to safely connect
personal and small business credit card and
banking and financial data with Intuit.
https://www.pymnts.com/authentication/2017/capital-one-launches-digital-id-apis-for-web-kyc/
https://www.xero.com/blog/2017/05/xero-capital-one-partnership/
The Capital One API leverages oAuth
capabilities to provide Xero with
tokenized authorization to access
account information.
17. F E D E R AT E D I D – M E R C H A N T TO C O N S U M E R
DAON joins Visa ID Intelligence for Merchant authentication
https://www.daon.com/newsroom/press-releases/486-visa-selects-daon-to-provide-biometric-authentication-services-for-visa-id-intelligence-platform
FIDO Security Alliance, available at: https://fidoalliance.org/specifications/overview/
18. D E C E N T R A L I Z E D I D E N T I T Y P L AT F O R M S
Civic combines strong authentication and ID verification with attestations
from multiple sectors to establish various levels of trust.
https://www.civic.com/
19. C I V I C A R C H I T E C T U R E
https://www.civic.com/
20. T R U S T F R A M E W O R K S — F E D E R AT E D A N D S E L F S O V E R E I G N
https://www.nist.gov/news-events/news/2018/01/nist-releases-developing-trust-frameworks-support-identity-federations-nist
WORLD ECONOMIC FORUM | 2016, “A Blueprint for Identity”, p.47
21. D I G I TA L I D
T R A N S A C T I O N S
§ Financial Services: Insurance, Loans,
Mortgages, high value transactions
§ Employment: Application and screening
§ Property: Buying / selling a house, renting,
mortgage transfer
§ Age verification: Purchasing age restricted
products, gaming
§ Travel services: Booking, providing
passenger details, visas
§ Business: Registering a company or charity
§ Utilities: Switching suppliers, house moves
22. B E N E F I T S F R O M
D I G I TA L E N G A G E M E N T
§ Improved customer experience
§ Higher retention rates
§ Stronger brand
§ Personalized services
§ Differentiation
§ Faster onboarding with less friction
Digitization of services brings great benefits to
customers: immediacy and convenience,
access to new services, greater choice, and
market competitiveness.
23. P U B L I C - P R I VAT E
PA R T N E R S H I P S @ S C A L E
§ ID.me Wallet enables secure login to
U.S. Dept. of VA and over 250 retailers
§ LuxTrust SA offers nationwide trust
network using Cambridge Blockchain
§ OnGrid, the Trust platform of India is
leveraging Aadhaar biometrics
§ Gov.UK/Verify is working with certified
companies to put users first
§ Securekey Concierge provides
Canadian Gov’t services to millions
24. D I G I TA L A S S E T S A N D
D E S T I N AT I O N S E RV I C E S
Keeping what works
§ Destinations make the rules
§ Users choose what docs to present
§ Plurality of providers
§ Some privacy
§ Common business practice
Overcoming the deficiencies
§ Oversharing of data
§ Document integrity
§ Card Not Present
§ Does not work online or at call center
25. F E D E R AT E D I D E N T I T Y
N E T W O R K
Decentralized “broker model” for
identity and attribute sharing
Why Blockchain?
§ Solves the Honest but Curious Broker —
No Data visible to network operator
§ No central database or honeypots
§ No central point of failure
§ Triple Blind – PRIVACY
§ Cannot track user across relying parties
§ Scalable
§ Resiliency to DDOS
§ Immutable Audit Trails (Tx, User Consent)
26. U S E C A S E E X A M P L E — O P E N I N G A T E L C O A C C O U N T
Securekey Technologies – Andre Boysen, Chief Identity Officer
29. S E C TO R S O F I N D U S T RY A N D T H E S U P P LY C H A I N
Raw Materials Manufacturing Distribution Retailer Consumer
Primary
Sector
Extracts or
develops natural
resources such
as timber,
agriculture, oil, or
minerals.
Secondary
Sector
Makes use of
extracted primary
materials to build,
manufacture, or
develop finished
goods
Tertiary Sector
Provides the services
needed to meet the needs
of the end user. For
example, through retailing,
distribution, insurance, and
customer services.
30. S U P P LY C H A I N S E V O LV E I N TO VA L U E W E B S
31. B L O C K C H A I N A L L O W S E C O S Y S T E M D I G I T I Z AT I O N
”Digital Twins”
§ Via tokenization of
real assets
§ Data plus behavior:
Smart Contacts
§ Digital Twins interact
with each other
inside the Blockchain
§ Smart Contracts can
combine behavior of
several Digital Twins
J. Ruiz, Banco Santander
32. N AT I O N A L B L O C K C H A I N N E T W O R K
Nonprofit association, open to everyone
J. Ruiz, Banco Santander
Suppliers
Factories
Logistics Logistics Retailer
Final
product
Customer
Social networks
Usage data
Blockchain
Self-Sovereign Identity
Permissioned Privacy
Resiliency
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Services developed by Alastria members
Members collaborate
on the infrastructure
Members compete on
the applications
33. N AT I O N A L B L O C K C H A I N N E T W O R K
J. Ruiz, Banco Santander
Blockchain
Self-Sovereign Identity
Permissioned Privacy
Resiliency
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Services developed by Alastria members§ Public-permissioned Blockchain
platform
§ Private and public smart contracts
§ Digital identity of legal validity, based
on Self-Sovereign Identity (SSI)
model
§ Distributed and Secure Storage
architecture
§ Resilient: the platform will be
operated as a critical infrastructure
34. New “Post-Silo” World
Old World
T H E E V O L U T I O N O F D I G I TA L I D E N T I T Y
Business
Identity
Data
Silo
From the “isolated” identity
to the “sovereign” identity
Business
Identity
Data
Silo
Business
Identity
Data
Silo
Business Business Business
Identity Data Silo
Self
Sovereign
User-
Centric
FederatedCentralized
T H E E V O L U T I O N O F O N L I N E I D E N T I T Y
35. A L A S T R I A I D : L E G A L I D E N T I T Y O N T H E B L O C K C H A I N
§ Allows implementing products and services complying with Spanish (and European) regulation
§ Self Sovereign Identity (SSI), for protection and empowerment of the user
Low
Medium
High
Levels of
Assurance
Identity verification processes
(examples)
Self-attested
Based on current KYC
Notarization of DNIe
and other docs
Uses of
Alastria ID
Register in
websites
Purchase of low
value goods/services
Mortgages and other
high-value products
J. Ruiz, Banco Santander
36. F U T U R E S TAT E A P P L I C AT I O N S
P O T E N T I A L F U T U R E - S TAT E A P P L I C AT I O N S
1. Tailored
risk profiles
2. International
resettlement
3. Attributes tied to
payment tokens
4. Digital tax filing
5. Determining
total risk
exposure
6. Identifying
transaction
counterparties
7. Linked individual
identity to corporate
identity
8. Tracking
total asset re-
hypothecation
WORLD ECONOMIC FORUM | 2016, “A Blueprint for Identity”, p.95
37. L AW F I R M S A R E K E Y TO
E M E R G I N G F R A M E W O R K S
§ Smart Contract creation and monitoring to adhere to
real world contract
§ New forms of investing require compliance with SEC
§ Oversee automatic control over transfer of assets
§ Keep track of land registry / improve deed
management
§ Ensure clearing and contract disputes settlement in a
digital manner to avoid court procedures
§ Store, exchange, and control access to valuable data