Citizen Lifecycle Events

Huntington Ventures Ltd.The Business of Identity ManagementJune 2016 2016

This Deck…• Lays out the effects of a national identity for a citizen’s

lifecycle events including:– Birth– Vaccinations– First day of school– Health treatment– Getting driver’s license and passports– Changing name and gender– Paying for government services taxes, fines – i-Voting– Moving within the country– Claiming for social services– Death

• So who am I?

Guy Huntington

Guy Huntington is a very experienced identity architect, program and project manager who has led, as well as rescued, many large Fortune 500 identity projects including Boeing and Capital One. He recently completed being the identity architect for the Government of Alberta’s Digital Citizen Identity and Authentication program.

Single Citizen Identity

• One identity per citizen• Any changes to the identity are then shared with

other apps/services consuming them– One place for a citizen to change things like addresses

and phone numbers– Citizens don’t have to fill in the same information

over and over in forms for different apps/services• Same identity used for access management

Single Citizen Identity

Citizen

Accesses via their phone or the internet

Government Portal

Ministry Apps/Services

Ministry Apps/Services

Ministry Apps/Services

MunicipalitiesApps/Services

3rd Party Apps/Services

Crown Corp.Apps/Services

Citizen Identity Access Management System

Identity - Foundation of e-Governance

It Starts When A Citizen Is Born…

• When they are born, in addition to the traditional information being captured, the health worker will also take a biometric from the infant, e.g. a finger scan and/or a retina scan

• As well, the health worker will also obtain the parents national identities from their national ID card

• There is one important addition to the national ID….it now captures the citizen’s cell number in the national ID directory

• So, in the national directory, the infant’s electronic identity begins at birth. There is also a relationship between them, their parents or legal guardians

Parents Are Given A Infant National ID Card For The Infant

• Each child will be issued a “infant national ID card”

• This card also has the ability to store some of their medical information if the child is living in an area where healthcare facilities are not readily available

• When the parents or legal guardians make it to a local first aid post, they present the infant’s card and the medical information can be updated

Automatically Create A Healthcare Account For The Infant

• The central government identity management server can be used to send the infant’s new birth entry, along with their parents/legal guardian information to a open source health care software (which also exists today)

• Included in this is their parents/legal guardians cell phone information

Vaccinations…

• When the infant is due for a vaccination the e-health software sends the parent’s/legal guardians an SMS message letting them know this

• Since an infant’s finger biometric changes, the vaccination point in their lifecycle is an excellent opportunity for the local health care worker to update it

• They use a smartphone and/or rugged attachments to do this

• They also update the infant’s health information in the e-health software and the national infant ID card

What Happens When There’s No Connectivity?

• In certain parts of the country there may be no or poor connectivity

• The infant has a national identity card– Malaysia creates youth identity cards MyKid

• http://www.malaysiacentral.com/information-directory/mykid-identity-card-of-malaysia-for-children-below-12-years-old/#sthash.ZXp3bJOb.dpbs

• On the card will securely be stored some of their medical information

• If their parents are in a remote area, the health care worker will scan the card using a portable unit, treat or vaccinate them and then update the card

• When the healthcare worker reaches connectivity, they will upload the information to the healthcare system

It’s Their First Day At School…

• Each school will be connected to the internet• Remote schools will also be given smartphones • When they show up, the parents/legal guardians

will provide one or two biometrics • This will be checked against the national directory

and the infant will be found to be their offspring or under their guardianship

• More biometrics will now be taken from the child including finger scans, face, retina and voice

• The child will now be issued a national ID youth card

Each Subsequent School Year…

• The student will have their face, voice and finger scans all updated because they change with aging

A Student Record Will Be Automatically Created For Them…

• The identity management server will send the child’s citizen identity information along with their parents to an open source education management software (which also exists today)

• This will be used for the citizen’s entire life as they move between schools, regions, and take courses throughout their life

• There’s also something else that can be done…

Students Can Logon To School Networks Using Their Voice…

• Schools will leverage the national identity and authentication service using their voice to authenticate

• The voice is authenticated by the national authentication service and then a persistent anonymous identifier (“PAI”) will be sent to the open source education management system

• This will then take the PAI and map it to the student’s identity granting the student access to apps and services they are entitled to

Why Use A PAI?

• The architecture values a citizen’s privacy• Therefore, it mitigates against the risk that a malicious person, who

has access to a ministry server can then obtain their unique ID and then masquerade as them on another ministry’s server

• So, let’s use an example…• The citizen is interacting with two different ministry services “A”

and “B”• When they successfully authenticate, Ministry A gets a PAI of

ABCDE for them, which they then map to their identity within the database

• Ministry B gets a PAI of MNOPQ • So a person who maliciously obtains ABCDE can’t use this on other

different ministries databases

iSchool…

• At a recent conference, I was with a lady from the Estonian government who has worked on their identity system since 2000

• As we were sitting together in Kigali, she was looking at her children’s homework assignments and if they were in classes using her smartphone

• In Estonia, this is called “iSchool”• This will be modified to leverage SMS for people who

only have a cell phone• So now parents/legal guardians have a way to see

what’s happening at school each and every day

Child’s Parents/Legal Guardians Change…

• When the child’s parents or legal guardian changes, the court system will then automatically send this change to the central national identity system

• Any systems dependent upon this information will then be automatically notified

They’ve Grown Up…

• Now the adult needs to get things like a adult national ID card

• When they are approaching age of majority, the national identity service will automatically send the person an SMS message directing them to go to a government off ice to get their updated adult national identity card

• So the person goes to their office and provides some biometrics which are verified against the national identity and access management system

• The adult card is then printed and given to the person

Driver’s Licenses and Passports…

• The adult wants to get a driver’s license and passport

• So the person goes to their office and provides some biometrics which are verified against the national identity and access management system

• Their tombstone level information is then automatically sent from the identity management server to the driver’s license or passport system

• The adult doesn’t have to fill in any forms with their tombstone level identity information

And Then There Are Payments…

• The citizen now has to pay for things like car/motorcycle registration, license renewals, taxes, paying fines, paying for water and power bills, etc.

Let’s Say They Got A Speeding Ticket…

• They would see that they can pay via their cell or online

• If they do this, the cost is lower than if they pay last minute as is traditionally the case

• Additionally, if they pay even earlier, there will be a further discount!

• So they call up a toll free number to access the government payment portal (or enter a URL on their smartphone, tablet or computer)

Here’s What Happens…

• They authenticate using their voice• The same identity and access management infrastructure

authenticates them sending a PAI to the payment portal • In the blink of an eye, the payment portal then queries all the

ministry services dealing with citizen payments and finds they have a speeding ticket (using a Enterprise Service Bus or “ESB”)

• ESB’s have been around for the last 15 or so years• The IVR then tells the citizen the amount owing and asks how

they want to pay• They can select e-wallet, bank SMS, credit or debit and make

the payment• They didn’t have to go into a government office!

When Their Phone Number Changes…

• Citizens only have to go to one place online where they authenticate and provide their phone number change

• This information is then automatically sent to relevant government ministries, municipalities, crown corporations and third parties like banks and insurance companies

When They Get Married, Change Their Name Or Their Gender…

• When the citizen marries, or changes their name or, changes their gender, they provide their biometrics to the local government office which then verifies their identity

• The change to their identity is then automatically sent to relevant government ministries, municipalities, crown corporations and third parties

When Opening A Bank, Insurance or Telco Account…

• When the citizen is opening a bank, insurance or telco account, they give their consent to provide some biometrics which are then verified against the national identity service

• If successful, their tombstone level identity information is then sent to the third party

• The citizen doesn’t have to fill in any of their tombstone information

When They Move…

• The citizen enters their new address in only one place online by first authenticating against the national identity service

• The service then automatically notifies relevant ministries, third parties, crown corporations and municipalities

• The citizen then doesn’t have to notify each party about their move

If They Need Government Social Services…

• The citizen provides their biometrics in a government office which then are validated

• The government worker can now see all their legal dependents and their accompanying tombstone level information is automatically entered into the social services application

iVoting…

• When the citizen is going to vote, they supply their biometrics which are validated against the national identity service

• Assuming the validation is successful, they then vote online

What Happens When A Citizen Dies?

• The citizen is confirmed to be who others claim them to be via biometrics– E.g. fingerprints

• The business process then leads to an entry into the death registry

• The registry automatically notifies the national identity directory

• The national identity directory then automatically notifies all the government ministries/services

• This mitigates the risk of people using dead people’s identities to masquerade as others

Leverage ICT Identity Investments

• The same infrastructure enables the government to effectively manage a person THROUGH THEIR WHOLE LIFE

• Leverages the national identity and authentication infrastructure

• It makes the life of the citizen much easier since many of the services can be offered via their phone or smartphone wherever the citizen is

In Estonia…

• They went from a GDP per capita of $2000 in the late 1990’s to today approximately $26,000!

• They did this by adopting the internet• They offer more than a 1,000 e-services to

citizens

Summary

• Your country could become the Estonia of Africa – a innovative nation that leveraged the digital world to rethink itself

• Please contact me:– 1-604-861-6804– guy@hvl.net– www.hvl.net