REGULATION

IAM Regulation

Meet regulation such as GDPR, eIDAS, PSD2, HIPAA, PCI-DSS 3.2 etc. where tight controls around authentication, data collection, handling, sharing and consent control require modern identity solutions.

Centralised access, modification / review, transfer and deletion of PII

The new General Data Protection Regulation (GDPR) is designed to put the user in control of their information.  GDPR also requires that the customer be able to transfer  accounts from one service to another, or completely remove the account and personal data.

In a corporate environment where you have more than one online service you can centralise the management of personally identifiable information (PII). Customer IAM solutions can link to separate identity repositories deployed at one time or another, or acquired through mergers or acquisitions. The centralised approach simplifies how to create GDPR compliant processes with granular user control over data.

 

GDPR IAM

 

identity attributes

Centralised policies for control of identity attribute release

Privacy regulations like GDPR increase the need to carefully evaluate what identity attributes are required by the target application. It is especially important when identity information is sent to another service provider domain through federation, or if the information travels beyond EU borders.

Ubisecure Identity Server and the centralised authorisation policies are strong tools to enforce that both internal and external target systems receive only the minimum viable set of identity attributes required. This ensures compliance to regulations, and improves security and privacy.

Customer control is important. In cases where it would be beneficial for the target application to receive more information than the absolute minimum, the consent can be collected from the end user for the release of individual identity attributes. Later on, the user can manage these consent, modify them or revoke them. This will increase trust through transparency and leads to customer satisfaction.

 

  • The Identity Broker Engine always delivers the correct attributes to the online application (e.g. GDPR requirement)
  • The Identity Broker Engine connects to various identity repositories and builds the identity information based on the authorization policy
  • Authorization decisions can be based on e.g. direct group membership, indirect group membership, authorization through authentication method, attribute group mapping, dynamic rules for versatile authentication

Strong Customer Authentication

Strong authentication is required for services that hold confidential data, or for high value transactions, or demanded by regulation such as the Payment Services Directive 2 (PSD2).

Strong authentication means 2-factor or multi-factor authentication. For the online service provider there are two main ways to deploy strong customer authentication. You can buy a solution and deploy that to your customer base. Or you can adopt the existing solution that is already used by your customers, if it is available for third parties.

The Ubisecure Identity Platform has built-in support for over 20 different authentication methods ranging from social media to e-ID cards and Mobile PKI. The service provider can use a single solution for both lower levels of identities such as social identities to capture and convert visitors easily, and when required, use the same solution to implement strong customer authentication.

For issuers of strong customer identities such banks, insurance companies, mobile network operators and governments the Platform provides the opportunity to become an identity provider. The wide support for standards allows an issuer to start selling authentication services to third parties – online services. GDPR and PSD2 will drive the demand for strong customer authentication and smaller online services might want to outsource the management of PII to trusted third parties and only utlise the data they have.

 

 

Identity Providers

  • Numerous methods to authenticate a user from social identities to strong multifactor out-of-band methods
  • Step-up authentication when needed
  • OTP: OTP TAN list self-service print-out & SMS OTP, 3rd party tokens and mobile apps
  • Mobile: Mobile Connect, SMS+URL, USSD, Swipe/Click OK (app), PIN+PKI (app), biometrics+PKI (app), TOTP (app)
  • Mobile PKI: ETSI MSS Wireless PKI standard (native client)
  • PKI: Smartcards, tokens, soft certificates
  • Nordic BankIDs: TUPAS, BankID Sweden, EID2 Sweden, NemID Denmark

Solution Deployment

Ubisecure solutions provide highly secure, highly available mission critical services to our customers. Identity Platform solutions can be deployed as on-premise IAM software or as cloud based managed services.

Ubisecure Identity Server

Fully featured IAM software.

Ubisecure Consumer IAM

Ubisecure Identity Cloud

Fully featured managed IAM cloud service.

See how the award winning Ubisecure Identity Platform improves Customer Experience, Operational Efficiency, Security & Privacy and delivers Regulation Compliance like GDPR.
Request Demo