Case Studies

Digital Identity Security Case Studies

Our assignments typically involve deploying innovative technologies and reviewing/revising operational procedures to resolve a broad range of challenges for public and private sector organisations across the world. These assignments are often delivered under Non-Disclosure Agreements and we are, therefore, unable to divulge specific information. The following are indicative examples of our previous assignments:

Public Sector Case Studies

  •  Trust & Electronic Identity Accreditation Scheme Operator

    Production of an EU Member State’s List of Trust Services Providers (TSL) under the EU Regulation N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation). This framework provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities in the EU.

  •  Smart Meter Infrastructure Supplier

    Created registration procedures and recovery procedures documents together with the validation of certification practices statement for use as supporting ancillary annexes with the UK Department of Energy & Climate Change’s (DECC) Smart Energy Code.

  •  EU Pharmaceutical Regulation Agency

    Introduction of capability to digitally sign electronic documents (pdf format) conforming to ETSI TS 102 778-4 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term – PAdES-LTV Profile. Also introduced the capability to verify digital signatures on digitally signed pdf electronic documents using Qualified Certificates.

  •  EU Ministry of Interior

    Security assessment of EU Member State Travel Document Issuing Authority (TDIA)’s PKI operations plus conducted ICAO Compliant Security Audit issuing EAC enabled ePassports, eBiometric Residence Permits.

  •  EU Member State ePassport Issuing Authority

    Deployment of PKI for issuing Extended Access Control (EAC) enabled ePassports and the associated inspection systems.

Private Sector Case Studies

  •  International Identity & Access Management Solution Supplier

    Identity and access management pre-sales consultant engaged to assist organisations to establish their IAM requirements and demonstrate how the supplier’s solutions fulfil stakeholders’ business objectives, such as increased productivity, risks reduction and improved employee and customer service application usage experience.

  •  International Insurance Corporation (Asia)

    Identity management assignment to determine two-factor user authentication security strategy, e.g. selection of identification credential to comply with financial regulatory authority security requirements.

  •  International Technology Provider

    Designed a PKI architecture and associated components, and specified the system functionality required for the electronic inspection of EAC-enabled Electronic Machine Readable Travel Documents (eMRTDs), including ePassports, Biometrics Residence Permits and Identity Cards.

  •  UK Financial Institution

    Designed and deployed a PKI for a UK bank, together with policy and procedures documentation, to support a centralised payments distribution system.

  •  Payments UK, formerly Payments Council & APACS

    Setting the industry security benchmarks, e.g. use of cryptography, for protecting payments from fraud. Writing the UK Banking Industry Security Policy and Standards on Remote Banking for PC, Telephone and Digital TV. I acted as the subject matter security expert to APACS’ Payment Scheme Companies, Card Payment Services and also banks with eBanking services.

  •  International Financial Institution based UK

    I acted as the Group’s subject matter expert on the application of cryptography and determination of controls for key management together with strategy for the establishment of the Group’s PKI. Main responsibility to conduct Risk Reviews of banking service delivery channels using cryptographic protection for Business Service Owner Clients within corporate governance framework, negotiating with Audit & Risk Control Units.

    The activities included the design of cryptographic Security Architecture for 4000 + ATMs, introduction of chip enabled (ICC) payments cards from payment credit card schemes and the introduction of Internet Banking Services for corporate and retail customers.

Digital Identity Security Consultants
Identity & Access Management | Biometric Authentication & Identification | Data Encryption & Digital Signatures | Public Key Infrastructures & Directories

Stacks Image p87_n61
Stacks Image p87_n58
Stacks Image p87_n64

The contents of this website are copyright © 2017 Symbiotic Consulting Services Limited. All rights reserved.
Symbiotic Consulting Services Limited is a company registered in England and Wales, No: 5368511. Registered office: 22 Birch Grove, Welling, Kent, DA16 2JW, United Kingdom.