Phone as Personal Identifier Provider: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 30: Line 30:
*[[Phone as Health Care Credential]]
*[[Phone as Health Care Credential]]
*[https://csrc.nist.gov/publications/detail/sp/1800-21/draft SP 1800-21 (DRAFT) Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)]
*[https://csrc.nist.gov/publications/detail/sp/1800-21/draft SP 1800-21 (DRAFT) Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)]
*[https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2019-11/EPC%20269-19v1.0%20Mobile%20Initiated%20SEPA%20%28Instant%29%20Credit%20Transfer%20Interoperability%20Guidance%20%28MSCT%20IG%29.pdf Mobile Initiated SEPA (Instant) Credit Transfer Interoperability Guidance] from the European Payments Council (EPC) AISBL
*[https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2019-11/EPC%20269-19v1.0%20Mobile%20Initiated%20SEPA%20%28Instant%29%20Credit%20Transfer%20Interoperability%20Guidance%20%28MSCT%20IG%29.pdf Mobile Initiated SEPA (Instant) Credit Transfer (MSCT) Interoperability Guidance] from the European Payments Council (EPC) AISBL

Revision as of 18:40, 11 December 2019

Full Title

Mobile Device Security: Phone as Personal Identifier Provider (PPIP)

Context

  • This paper is designed to be a proposal to NIST for a SP 1800-xx document in their series of Cybersecure Infrastructure papers.
  • It is an extension of the Kantara work to provide such a solution for US Healthcare.
  • The following are the 3 parts of a sp 1800 document. We propose an outline of the first part below:
  1. SP 1800-xxA: Executive Summary (PDF)
  2. SP 1800-xxB: Approach, Architecture, and Security Characteristics (PDF)
  3. SP 1800-xxC: How-To Guides (PDF)

Challenge

  • User want to be in control of their own private information.
  • Accessing some material, like user health information, should be well protected from leakage.
  • The common approach to high assurance (IAL2 AAL2) access it to provide a trust and credentialed Identifier Provider that also performs user authentication.
  • All past successful attempts to get users to create and maintain high assurance have been driving by enterprise solutions like technology companies or educational institutions.
  • Consumers have been unwilling to accept the inconvenience of such high assurance solutions.

Solution

  • Put the high assurance identifier in the consumer's hand, in their smart phone.
  • They get to have as many identifiers as the want and can select which one to use with which provider.

Mobile Identifier Sources

Benefits

  • The Age of Aquarius reigns.

References