1. Richard O’Brien – President
8742 W. Higgins Rd. #240
Chicago, IL 60631
+1 312-346-9400
richard.obrien@paymentpathways.com
ITU-T Rec. X.1255 (09/2013)
Framework for discovery of identity
management information
paymentpathways
Intelligent Transactions
I NTELLIGENT Geneva – September 22, 2014
10/30/2014 1
2. Agenda
Discovery of Trusted Credentials
Framework for discovery
identity-related information | and its provenance
• Contribution Scope
• Problem statement
• Illustrative Use Case
• Benefits
• Objective
• Rationale
• Components
10/30/2014 2
3. Contribution scope
Discovery of Trusted Credentials
Framework for discovery
identity-related information | and its provenance
• Information being identified such as services,
processes and entities
• Identity-related information attributes including, such
as visual logos and human-readable site names
• Other attributes and the functionality of applications
• Description of a data model and a protocol to enable
meta-level interoperability for representation, access
and discovery of the information referenced above in
heterogeneous IdM environments.
Description Discovery
10/30/2014 3
4. Problem statement
The case for security-by-design
Receiving payments electronically
requires divulging | bank account or card numbers
• This puts financial account information at risk for unauthorized
debits – adding costs of counter-measures to protect data
• 60% to 70% of the world’s population have no Internet access and
no bank account
• Diasporas and disadvantaged youth lack full participation in the
electronic economy
Wastes human capital
Thwarts economic growth
Perpetuates the digital divide
• Need cannot be addressed with traditional bank, debit, credit or telco
stored value identifiers that expose dual credit/debit functionality
10/30/2014
4
5. Illustrative Use Case
Greenlist®
Federated Registries
Deposit-only payment addresses
Transaction identifier masking by
data minimization & use limitation
10/30/2014 5
5
6. Illustrative Use Case
Incentive merit payments
in education
School’s Bank
ACH or EFT
Network
Student’s Bank
Teacher
$
1
3
4
5
2
Notification
Notification
$
1 Payor authenticates and inputs Greenlist® ID/VID to pay
2 Portal SW queries Greenlist, obtains VID to match and LCA identifier
3 Payor verifies payee is correct. Submits amount to pay.
Bank pays Linked Credit Account (LCA) identifier
4 Non-repudiable payment routes to payee’s LCA
Payee’s bank notified
5 Payee notified (when and amount) funds to arrive
10/30/2014 Student 6
7. Privacy
• No personal information given to
merchants or any third parties
Cost
• Significantly more cost efficient
Risk
• No merchant fraud risk, greatly
reduced consumer fraud risk
• No repudiation risk
• No accounting reconciliation risk
Benefits
Incentive merit payments
in education
Teacher Empowerment
• Academic rewards
• Behavioral rewards
Financial Education
• Lifelong skillset for students
• Families learn by osmosis
• Inclusion in electronic economy
Human Capital Growth
• Involve local businesses
• Narrow digital divide
10/30/2014 7
8. Objectives
Incentive merit payments
in education
Pilot Design Objectives
Financial Education | expected outcomes
• Teach the value of saving and watching dollars grow
• Parents and Teachers engaged in the learning process
• Financial Education to impact every grade level
Education as THE Critical Success Factor
Financial Education | recognition, skills and inclusion
• Consistently superior user experiences
• Right content at the right time
• Delightful rewards recognize academic achievement
10/30/2014 8
9. Rationale
Incentive merit payments
in education
Banks incented to introduce Youth Savings
Civic Leadership | corporate sponsorships
• Spending may vary widely on technology
• Resources inconsistently applied so access, tools and
courseware can lag, especially in impoverished areas.
• Multi-tenant SaaS platform to deliver and track
incentive-merit payments for millions of students.
• Entities can govern, fund, configure, operate, measure
and assess the virtuous circle of incentive payments.
By recognizing achievement at every stage student
life, the authority of the mentor is reinforced.
10/30/2014 9
10. Components
Federated registries
Digital objects
• Persistently identified
o Self contained
o Self described
o Self aware
• Integral access control
• Extensible
Repositories
• Contain digital objects
• Are themselves, digital objects
• Repository Synchronization
Protocol (RSP)
• Platform independent
Useful for discovery
• Search engines
• Databases
• Digital information
• Digital objects
Handle system
• Persistent identification
• Distributed architecture
• Registrar provenance
10/30/2014 10
11. Pilot Proofs
Federated
Registries
Past, present and future
Legacy
Application
State
of Need
Ecosystem
State
of Technology
Federation
State
of Practice
Enterprise
Scale Organization
and Governance
Enabling Technology
VPN,Virtual
Directories, etc.
Role Based Access
Community
of Interest
PKI, SAML, Trust
Frameworks, etc.
Attribute Based
Access Control
Authorization
Application
Application
Specific
Access Control
Lists
Control
Cross Sector
Marketplace
Trustmark
Framework
Policy Based
Access Control
Source: Georgia Tech Research Institute
10/30/2014 11
14. Sustainability economics
Donor Donor Funds
Fund
Years Year 2 1
& 3
HW & SW
$900,000
Tablets
and
Software
$700,000
Rewards
$900,000
Rewards
$200K
Adm. $100,000
Direct benefits
to students
Attribute
Assurance, User
Authentication
ATT RIBUTE ASSURANCE
Xfer fee @ $.15
Project
Management
I NTELLIGENT TRANSACTIONS
Greenlist
UX (SaaS)
Security & Privacy Administration
• Attribute Based Access Control
• Accounting
• Reporting
• SaaS vendor pays all fees on
behalf of the School Districts
Income for SaaS provider
including project management and donor funds recruitment costs
Income for Bank:
$.05 / transaction
Income for Attribute
Assurance Provider:
$.05 / transaction
Income for Multi-factor
Authentication Provider:
$.05 / transaction
200,000
10/30/2014 14
15. Greenlist drill-down
Security enhanced by eliminating intermediaries
FICAM1 (in US) | conformance
Public Identifiers Publicly discoverable, routable, ePayment address(es) Privacy Protection
Name
Bank or proxy supplies:
UPIC or LCA-ACH Bank Account Number
City PayNet Public PAN Debit or Credit PAN
Mobile Phone Number 1-630-880-0873
071000505 - 1348098709 071000505 - 1344230947
Greenlist ID (unique GLID)
Pseudonym or PII:
"MyGreenlistID" (Unique)
International: Linked Sender GLID name@email.com 123456-123456789012-1 123456-493847605942-4
Relying Parties only receive PII that
consumers wish to have divulged about
themselves
1 Federal Identity, Credential, and Access Management Fair Information Practice Principles: Transparency,
Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity,
Security, Accountability and Auditing.
10/30/2014 15
16. Functional diagram
Authentication
System
Management
and
Maintenance
Teacher
School
System
Management
and
Maintenance
System
Management
and
Maintenance
1 ABAC is Attribute-Based Access Control
Attribute
Verification
Authorization
Registration
Student
Credential
Presentation
Credential
Provisioning
Credential
Validation
Bank
Identity
Mapping
Registration
Credential
Issuance/
Association
Authorization Credential
Access Request
Data
Request
Authentication
Decision
ABAC1
Authorization
Decision
Access Request
Response
Attribute
Verification
Access Control
Accounting
Credential
Validation
Data
Request
Attribute
Verification
Registry
Validation Core Operations Recurring Functions Non-recurring Functions Entity
Policy
10/30/2014 16
17. International strategies
Leveraging CNRI’s Digital Object Architecture
JAPAN
NORTH
KOREA
SOUTH
KOREA
PHILIPPINES
PAPUA
NEW GUINEA
AUSTRALIA
NEW
ZEALAND
CANADA
UNITED STATES
OF AMERICA
ALASKA (USA)
VENEZUELA
CUBA
COLOMBIA
FRENCH
GUIANA
BRAZIL
PERU
BOLIVIA
US
HONDURAS
NICARAGUA
PANAMA
ECUADOR
GUYANA
SURINAME
COSTA RICA
GUATEMALA
PARAGUAY
ARGENTINA
URUGUAY
CHILE
GREENLAND
ICELAND
REPULIC OF
IRELAND
NORWAY
SWEDEN
FINLAND
DENMARK
ESTONIA
LATVIA
LITHUANIA
GERMANY
POLAND
BELARUS
CZECH
REPUBLIC
EU
NETHERLANDS
BELGIUM
ITU
FRANCE
SPAIN
PORTUGAL
SWITZ.
AUSTRIA
SLOVAKIA
HUNGARY
ROMANIA
BULGARIA
ITALY
UKRAINE
TURKEY
GREECE
SYRIA
GEORGIA
IRAQ
SAUDI
ARABIA
YEMEN
UZBEKISTAN
TURKMENISTAN
OMAN
IRAN
UAE
EGYPT
LIBYA
MOROCCO
TUNISIA
ALGERIA
UK
WESTERN SAHARA
MAURITANIA
MALI
NIGER
CHAD
SUDAN
ETHIOPIA
SOMALIA
UGANDA
SENEGAL
GUINEA
LIBERIA
COTE
D’IVOIRE
BURKINA
GHANA
NIGERIA
CAMEROON
CENTRAL
AFRICAN REPUBLIC
GABON
CONGO
DEMOCRATIC
REPUBLIC OF
CONGO
KENYA
TANZANIA
ANGOLA
ZAMBIA
MOZAMBIQUE
NAMIBIA
BOTSWANA
ZIMBABWE
REPUBLIC
OF SOUTH
AFRICA
MADAGASCAR
RUSSIAN FEDERATION
KAZAKHSTAN
AFGHANISTAN
KYRGYZSTAN
TAHKISTAN
PAKISTAN
INDIA
MONGOLIA
CHINA
NEPAL
MYANMAR
LAOS
CN
VIETNAM
THAILAND
SRI
LANKA
TAIWAN
CAMBODIA
MALAYSIA
INDONESIA
Greenlist Patents Issued
MEXICO
LATAM Root Registry (research phase)
Open
10/30/2014 17
18. RichardRichard O’Brien –O’Brien
President
8742 W. Higgins Rd. #240
Chicago, IL 60631
+1 312-346-9400
richard.obrien@paymentpathways.com
President – Payment Pathways, Inc.
8745 W. Higgins Rd. #240
Chicago, IL 60631 – 312-346-9400
paymentpathways
Intelligent Transactions
I NTELLIGENT richard.obrien@paymentpathways.com
10/30/2014 18