Five Easy Steps to Tech Transfer Tim Mc

Five Easy Steps to Tech Transfer Tim Mc. Kay, Ph. D. , CISSP, SOUPS 2010 Using Knowledge Based Authentication in New Account Registration on KP. org

What Kaiser Permanente Did In 2008, KP. org began using Knowledge Based Authentication (KBA) as the main security control for the online establishment of new accounts on KP. org, a transactional consumer health portal with over 3 M accounts, which adds 60 K to 80 K new accounts each month. On the portal, users can view parts of their medical records and lab test results, securely email physicians, refill prescriptions and complete other sensitive transactions. Using KBA, accounts can be established and used within one Web session. The process, from exploration to full implementation, took approximately 18 months.

Step 1: Define a Problem • • What is the problem? Who thinks this is a problem? Who has money to solve the problem? What constraints are there to solving the problem? • What new problems will be created by solving this problem?

Step 2: Propose a Solution • • • So what do you know? So who do you know? So how can you know? So what will it cost? So who has to weigh in? So can you get approval?

Step 3: Complete a Purchase • • Invite Select Negotiate Interrogate Agree Comply Buy

Step 4: Make it Work • Create requirements: happy and unhappy paths § Technical § User interface • Run proof of concept: happy and unhappy paths § Technical § User interface • Build/Test/Refine • Prep the System: totality of workflow • Launch § Soft § Progressive § Full

Step 5: Keep it Working • Watch • Talk • Tweak (repeat)