FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs"

Transcription

1 Rolf Lindemann, Nok Nok Labs cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com 1

2 Authentication in Context Single Sign-On Modern Authentication Federation Passwords Strong Risk Based Authentication User Management Physical-to-digital identity 2

3 Cloud Authentication 3

4 Password Problem Hacked from databases Phished Re-used across sites Key logged Ill-suited for mobile devices Easily broken 4

5 No Alternatives SMS-OTP usability (coverage, delay, cost) Device usability (one per site, fragile, cost) User experience Still phishable 5

6 Current Authentication Architectures Authentication Methods Applications RP 1 RP 1? 6

7 FIDO Approach Device 7

8 FIDO Approach challenge (signed) response Private key Public key 8

9 FIDO Approach SE 9

10 FIDO Approach Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t know identity attributes of the user. 10

11 FIDO Approach Same User as enrolled before? Same Authenticator as registered before? Identity binding to be done outside FIDO: This this John Doe with customer ID X. Can recognize the user (i.e. user verification), but doesn t know identity attributes of the user. 11

12 FIDO Approach How is the key protected (TPM, SE, TEE, )? What user verification method is used? SE 12

13 Attestation & Metadata FIDO AUTHENTICATOR FIDO SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (from Metadata Service or other sources) Metadata 13

14 Binding Keys To Apps Use google.com key Use paypal.com key 14

15 FIDO Authenticator Concept Optional Components Injected at manufacturing, doesn t change User Verification / Presence FIDO Authenticator Attestation Key Transaction Confirmation Display Authentication Key(s) Generated at runtime (on Registration) 15

16 Security & Convenience Security Password Convenience 16

17 Security & Convenience Security Password + OTP Password Convenience 17

18 Security & Convenience Security In FIDO: Same user verification method for all servers FIDO Password + OTP Password In FIDO: Arbitrary user verification methods are supported (+ they are interoperable) Convenience 18

19 Security & Convenience Security In FIDO: Scalable security depending on Authenticator implementation FIDO Password + OTP Password In FIDO: Only public keys on server Not phishable Convenience 19

20 Classifying Threats Physical attacks possible on lost or stolen devices ( 3% in the US in 2013) 5 Physically attacking user devices steal data for impersonation 6 Physically attacking user devices misuse them for impersonation Scalable attacks Remotely attacking lots of user devices Remotely attacking lots of user devices steal data for impersonation misuse them for impersonation Remotely attacking lots of user devices misuse authenticated sessions 1 Remotely attacking central servers steal data for impersonation 20

21 FIDO & Federation First Mile Second Mile FIDO USER DEVICE IdP Service Provider BROWSER / APP UAF Protocol FEDERATION SERVER Federation FIDO CLIENT Id DB FIDO AUTHENTICATOR FIDO SERVER Knows details about the Authentication strength Knows details about the Identity and its verification strength. 21

22 Example: FIDO Enterprise Integration Federated Login, e.g. OpenID Connect Cloud-hosted Appl. 1 Cloud-hosted Appl. 2 Cloud-hosted Appl. N Enterprise IT Enterprise Appl. 1 Enterprise Appl. 2 Enterprise Appl. N Internal User IdP FEDERATION SERVER External User Could be operated externally as well FIDO SERVER 22

23 Devices Deployed Today Customers Pat Johnson 23

24 FIDO in Snapdragon Market leader to ship FIDO Authenticators 85+ OEMs as of Q4 >1 billion Android devices shipped Innovative sensor 24

25 First healthcare deployment Physician access to health records up to 50 million Healthcare users FIDO in Healthcare 25

26 FIDO and Google for Work Google for Work announced Enterprise admin support for FIDO U2F Security Key April 21 Google for Work is used by over 5 million businesses worldwide The Security Keys are a great step forward, as they are very practical and more secure. Woolsworth IT 26

27 4 devices with native FIDO support First iris based authenticator in Arrows Docomo has more than 60m customers in Japan FIDO login to Docomo ID & carrier billing payments FIDO in Japan Arrows NX F-04 G Aquos SH-03 Galaxy S6 Galaxy S6 Edge Services with biometric authentication to be expanded sequentially 27

28 FIDO & Government Governments worldwide are looking at FIDO FIDO featured at White House Summit New collaboration framework: Updated Membership Agreement 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that 76% of 2012 network intrusions exploited weak or stolen credentials. NIST Roadmap for Improving Critical Infrastructure Cybersecurity,12-Feb

29 Reduced Cost & Complexity Single Infrastructure Lower Cost & Complexity Any Device Risk Appropriate 29

30 Conclusion Different authentication use-cases lead to different authentication requirements Today, we have authentication silos FIDO separates user verification from authentication protocol and hence supports all user verification methods FIDO significantly improves authentication security FIDO supports scalable security and convenience User verification data is known to FIDO Authenticators only FIDO complements federation Consider piloting a FIDO-based authentication solution 30

31 END cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com 31

How Secure is Authentication?

How Secure is Authentication? FIDO UAF Tutorial How Secure is Authentication? How Secure is Authentication? How Secure is Authentication? Cloud Authentication Password Issues Password might be entered into untrusted App / Web-site

More information

Scalable Authentication

Scalable Authentication Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors

More information

How Secure is Authentication?

How Secure is Authentication? U2F & UAF Tutorial How Secure is Authentication? 2014 1.2bn? 2013 397m Dec. 2013 145m Oct. 2013 130m May 2013 22m April 2013 50m March 2013 50m Cloud Authentication Password Issues Password might be entered

More information

NOK NOK LABS AUTHENTICATION & OTT SERVICES

NOK NOK LABS AUTHENTICATION & OTT SERVICES NOK NOK LABS AUTHENTICATION & OTT SERVICES RAJIV DHOLAKIA VP PRODUCTS & BUSINESS DEVELOPMENT 1 NOK NOK LABS The authentication challenge A DILEMMA UNTIL WE CAN TRULY RECOGNIZE PEOPLE ONLINE, IN REAL TIME...

More information

TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator.

TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator. TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION Any device. Any application. Any authenticator. Table of Contents Introduction... 3 The Problem With Authentication Today... 4 New Possibilities...

More information

Mobile Connect & FIDO

Mobile Connect & FIDO Mobile Connect & FIDO About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well

More information

UAF Architectural Overview

UAF Architectural Overview 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 UAF Architectural Overview Specification Set: fido-uaf-v1.0-rd-20140209 REVIEW DRAFT Editors: Rob Philpott, RSA, the Security Division of EMC Sampath

More information

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.

More information

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1

More information

Device-Centric Authentication and WebCrypto

Device-Centric Authentication and WebCrypto Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the

More information

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

More information

Copyright 2013-2016 FIDO Alliance All Rights Reserved.

Copyright 2013-2016 FIDO Alliance All Rights Reserved. Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services

More information

Modern two-factor authentication: Easy. Affordable. Secure.

Modern two-factor authentication: Easy. Affordable. Secure. Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.

More information

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014 Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

FIDO Security Reference

FIDO Security Reference FIDO Security Reference FIDO Alliance Proposed Standard 09 October 2014 This version: https://fidoalliance.org/specs/fido uaf authnr metadata service v1.0 ps 20141009.html Previous version: https://fidoalliance.org/specs/fido

More information

Usher Mobile Identity for Higher Education Institutions. Rebecca Parks Associate Product Manager, MicroStrategy

Usher Mobile Identity for Higher Education Institutions. Rebecca Parks Associate Product Manager, MicroStrategy Usher Mobile Identity for Higher Education Institutions Rebecca Parks Associate Product Manager, MicroStrategy Agenda Overview of Mobile Identity Verify Personal ID Login to University Systems Unlock Doors

More information

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

Cloud Computing. Chapter 5 Identity as a Service (IDaaS) Cloud Computing Chapter 5 Identity as a Service (IDaaS) Learning Objectives Describe challenges related to ID management. Describe and discuss single sign-on (SSO) capabilities. List the advantages of

More information

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication Mobile App Activation Before you can activate the mobile app you must download it. You can have up to

More information

NISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference - 2013

NISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference - 2013 NISTIC Pilot - Attribute Exchange Network Biometric Consortium Conference - 2013 Market Development Startup (2011) Unrealized Large Market Potential Evolving Value Props & Use-Cases Evolving Tech/Policy

More information

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by

More information

Safewhere*Identify 3.4. Release Notes

Safewhere*Identify 3.4. Release Notes Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.

More information

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION A Goode Intelligence white paper sponsored by AGNITiO First Edition September 2014 Goode Intelligence All Rights Reserved Sponsored

More information

Intelligent Security Design, Development and Acquisition

Intelligent Security Design, Development and Acquisition PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New

More information

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone Although single sign-on (SSO) technology based on Liberty standards is being rapidly adopted by businesses, governments and

More information

Single Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing

Single Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing Single Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing Brian Seggie Director of Security 1 Why are we doing this? Leverage large MICAM investment ($30 M) Improve identity verification to

More information

OpenID & Strong Authentication

OpenID & Strong Authentication OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards, Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs Simplify Multi-factor authentication can

More information

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three

More information

FIDO Trust Requirements

FIDO Trust Requirements FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms

More information

Security Landscape of Cloud Computing

Security Landscape of Cloud Computing Security Landscape of Cloud Computing Amrith Nawoor Sales Consulting Team Leader East Africa & SADC 1 This document is for informational purposes. It is not a commitment to deliver any material, code,

More information

Glinda Cummings World Wide Tivoli Security Product Manager

Glinda Cummings World Wide Tivoli Security Product Manager Featured Speaker IBM Security Solutions! Glinda Cummings World Wide Tivoli Security Product Manager 2010 IBM Corporation IBM Security Solutions! How IBM defines Cloud Computing IBM Security Solutions!

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc. Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal

More information

Password Management Evaluation Guide for Businesses

Password Management Evaluation Guide for Businesses Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various

More information

Deriving a Trusted Mobile Identity from an Existing Credential

Deriving a Trusted Mobile Identity from an Existing Credential Deriving a Trusted Mobile Identity from an Existing Credential Exploring and applying real-world use cases for mobile derived credentials +1-888-690-2424 entrust.com Table of contents Approval of the mobile

More information

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015 SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015 2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any

More information

FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014

FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014 FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014 The FIDO Alliance: Privacy Principles Whitepaper Page 1 of 7 FIDO Privacy Principles Introduction The FIDO Alliance is a non-profit

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

Seven Ways to Create an Unbeatable Enterprise Mobility Strategy

Seven Ways to Create an Unbeatable Enterprise Mobility Strategy Seven Ways to Create an Unbeatable Enterprise Mobility Strategy A practical guide to what business and IT leaders need to do NOW to manage their business s mobile future By Arun Bhattacharya, CA Technologies

More information

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com

Single Sign-On for the Internet: A Security Story. Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com Single Sign-On for the Internet: A Security Story Eugene Tsyrklevich eugene@tsyrklevich.name Vlad Tsyrklevich vlad902@gmail.com BlackHat USA, Las Vegas 2007 Introduction With the explosion of Web 2.0 technology,

More information

Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model

Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?

More information

Advanced Biometric Technology

Advanced Biometric Technology INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

Online Identity Attribute Exchange 2013-2014 Initiatives

Online Identity Attribute Exchange 2013-2014 Initiatives Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other

More information

QUICK INSTALLATION GUIDE ACTIVATE

QUICK INSTALLATION GUIDE ACTIVATE ACTIVATE ACTIVATE ACTIVATE 1. Activate the business cloud A. Service Activation: You will receive a confirmation e-mail within 2 hours maximum BASE business Cloud: Notification/Notificatie B. Go to https://cdashboard.

More information

GLOBAL TELECOM INVOLVEMENT in the I D E N T I T Y E C O S YS T E M. July 2013

GLOBAL TELECOM INVOLVEMENT in the I D E N T I T Y E C O S YS T E M. July 2013 GLOBAL TELECOM INVOLVEMENT in the I D E N T I T Y E C O S YS T E M July 2013 S P E A K E R S David Pollington GSMA (UK/EU) Andrew Johnston TELUS (CANADA) Scott Rice PACIFICEAST / OIX TDWG (US) Telecom

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

THE CHANGING FACE OF MOBILE PAYMENTS SECURITY

THE CHANGING FACE OF MOBILE PAYMENTS SECURITY THE CHANGING FACE OF MOBILE PAYMENTS SECURITY Past and Future of Authentication RAJIV DHOLAKIA NOK NOK LABS rajiv@noknok.com NOK NOK LABS NNL CARTES America APRIL 2013 1 CONSIDER THE HUMBLE IGNITION KEY

More information

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

More information

1 The intersection of IAM and the cloud

1 The intersection of IAM and the cloud 1 The intersection of IAM and the cloud Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Theory, practice, pros and cons with a focus on enterprise deployments of IAM and cloud

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

Mobile Banking Frequently Asked Questions

Mobile Banking Frequently Asked Questions Mobile Banking Frequently Asked Questions What types of Mobile Banking does Midwest BankCentre offer? We offer three types of Mobile Banking: Mobile Apps allows you to easily connect to Midwest BankCentre

More information

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

More information

Two-factor Authentication

Two-factor Authentication Enter only a Prove Identity Two-factor Authentication EXECUTIVE HANDBOOK 2FA With Fingerprint? PIN? Passcode? www.secsign.com INDEX 1 2 3 4 5 6 7 8 9 Data Security Breaches Overview 2014-15 Page 3 How

More information

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Secure Authentication for the Development of Mobile Internet Services Critical Considerations Secure Authentication for the Development of Mobile Internet Services Critical Considerations December 2011 V1 Mobile Internet Security Working Group, SIMalliance AGENDA SIMalliance presentation What s

More information

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation Approved for Public Release Distribution Unlimited 13-1871 2013 The MITRE Corporation All Rights Reserved } OpenID Connect and OAuth2 protocol

More information

MOBILE SECURITY Voice biometrics, Secure elements

MOBILE SECURITY Voice biometrics, Secure elements MOBILE SECURITY Voice biometrics, Secure elements ANNE-MARIE HARTMANN, marketing innovation manager, Cloud Identity & security May 15, 2014 01 OT The M company Mobility is not just a fact of life, it s

More information

Layered security in authentication. An effective defense against Phishing and Pharming

Layered security in authentication. An effective defense against Phishing and Pharming 1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered

More information

OpenID and identity management in consumer services on the Internet

OpenID and identity management in consumer services on the Internet OpenID and identity management in consumer services on the Internet Kari Helenius Helsinki University of Technology kheleniu@cc.hut.fi Abstract With new services emerging on the Internet daily, users need

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password

More information

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com OpenSSO: Simplify Your Single-Sign-On Needs Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com 1 Agenda Enterprise security needs What is OpenSSO? OpenSSO features > > > > SSO and

More information

One-Time Password Contingency Access Process

One-Time Password Contingency Access Process Multi-Factor Authentication: One-Time Password Contingency Access Process Presenter: John Kotolski HRS Security Officer Topics Contingency Access Scenarios Requesting a Temporary One-Time Password Reporting

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Identity Relationship and Access Management for the Extended Enterprise

Identity Relationship and Access Management for the Extended Enterprise Identity Relationship and Access Management for the Extended Enterprise Benefits in External Identity Management CONTENTS Introduction... 3 Internal vs External identities... 3 Productivity vs Convenience...

More information

Mobile multifactor security

Mobile multifactor security Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,

More information

Can We Reconstruct How Identity is Managed on the Internet?

Can We Reconstruct How Identity is Managed on the Internet? Can We Reconstruct How Identity is Managed on the Internet? Merritt Maxim February 29, 2012 Session ID: STAR 202 Session Classification: Intermediate Session abstract Session Learning Objectives: Understand

More information

Final Project Report December 9, 2012. Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540

Final Project Report December 9, 2012. Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540 Final Project Report December 9, 2012 Cloud-based Authentication with Native Client Server Applications. Nils Dussart 0961540 CONTENTS Project Proposal... 4 Project title... 4 Faculty Advisor... 4 Introduction...

More information

AVG Business SSO Partner Getting Started Guide

AVG Business SSO Partner Getting Started Guide AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in

More information

I D C V E N D O R S P O T L I G H T

I D C V E N D O R S P O T L I G H T I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management

More information

Security and Usability

Security and Usability Security and Usability David Hunt: DCH Technology Services A Financial Services View Active Security Passive Security Technologies Impact on Users Big Data Consumer context, do we know you? Active Security

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com R2 Oracle Privileged Account Manager 11gR2 Karsten Müller-Corbach karsten.mueller-corbach@oracle.com The following is intended to outline our general product direction. It is intended for information purposes

More information

Designing federated identity management architectures for addressing the recent attacks against online financial transactions.

Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Dr. Christos K. Dimitriadis Security Officer INTRALOT S.A. Scope and Agenda

More information

Frequently Asked Questions about Mobile Banking and Texting

Frequently Asked Questions about Mobile Banking and Texting Frequently Asked Questions about Mobile Banking and Texting Mobile Banking What is Mobile Banking? Mobile Banking is a free service that allows you to access your account information, and transfer funds

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

BlackShield Authentication Service

BlackShield Authentication Service BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.

More information

Mobile Security. Policies, Standards, Frameworks, Guidelines

Mobile Security. Policies, Standards, Frameworks, Guidelines Mobile Security Policies, Standards, Frameworks, Guidelines Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Rev. 1) http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf

More information

Moving Beyond User Names & Passwords

Moving Beyond User Names & Passwords OKTA WHITE PAPER Moving Beyond User Names & Passwords An Overview of Okta s Multifactor Authentication Capability Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871

More information

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

DEPLOYMENT. ASSURED. SEVEN ELEMENTS OF A MOBILE TEST STRATEGY. An Olenick & Associates White Paper

DEPLOYMENT. ASSURED. SEVEN ELEMENTS OF A MOBILE TEST STRATEGY. An Olenick & Associates White Paper DEPLOYMENT. ASSURED. SEVEN ELEMENTS OF A MOBILE TEST STRATEGY An Olenick & Associates White Paper July 2013 Contents Executive Summary... 1 Mobile Vision... 3 QA Methodology and Process... 4 Deployment

More information

An Overview of Samsung KNOX Active Directory-based Single Sign-On

An Overview of Samsung KNOX Active Directory-based Single Sign-On C E N T R I F Y W H I T E P A P E R. S E P T E M B E R 2013 An Overview of Samsung KNOX Active Directory-based Single Sign-On Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits The Devil is Phishing: Rethinking Web Single Sign On Systems Security Chuan Yue USENIX Workshop on Large Scale Exploits and Emergent Threats (LEET 2013) Web Single Sign On (SSO) systems Sign in multiple

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information