MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Transcription

1 MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013

2 Concept of identity

3 Identity and Access Management Authoritive Identity Source User Identity Feed and Role Management Application SSO & Strong Authentication Support Identity Provisioning Policy Management Workflow and User Lifecycle Credentials Management Recertification Attestation USERS DESK USERS MOBILE Access Control User Self-Service Identity & Administration with Role and Credential Modeling Policy Rules Engine Compliance Governance Identity Provisioning Integration Adapters MS Active Directory and MS Exchange Unix Servers ORACLE EBS RACF Databases Legacy Applications & Physical Access Control

4 The identity landscape is changing

5 The Corporate Reality Today Logical Partners Customers Physical Employees Suppliers Remote Employees 5

6 Balancing needs with effective implementation Drivers Physical and Logical Security Considerations Costs IP Protection Effectiveness Regulatory/Audit Pressures User Experience 6

7 Logical Access Complexity & cost of systems increasing Unmanaged devices Applications Different user requirements Fraud threats Audit Compliance Websites & Remote Access Windows Logon Encryption & Digital Signatures

8 Mobile Device Impact 50% of firms have embraced a multiplatform mobile strategy 60% of firms provide some support to personal devices * Forrester Fall 2010

9 Legacy Physical Access (PACs) Closed loop legacy systems Easy to clone cards No integration with Logical Access data Physical Access Reader Control Panel Panel decides who can enter door Logical Access data 9

10 Multiple Identities and Credentials per User Logical Access Physical Access 10 10

11 One Credential, multiple functions Logical No password changes Portable across devices Multiple applications Secure Physical One Card Simultaneous -legacy & new (PKI) systems. Easy Transition Secure 11

12 The concept of AND to protect your valuables

13 What are the three factors What you know What you have What you are

14 You have seen a digital certificate before: the yellow padlock indicates certificate based banking security

15 Windows Smartcard Logon What can be done? Strong certificate authentication to Windows PIN protected eliminates need for password Easy to use 15

16 Smart Card Log On 16

17 VPN What can be done? Strong certificate based authentication for remote access VPN Outlook Web Access PIN protected eliminates need for password 17

18 and Digital Signature What can be done? Secure storage of certificates for Secure Digitally signing documents 18

19 Secure 19

20 Physical Access Control (PACs) What can be done? Legacy and Next Generation PACs support in one card Multiple card and applet options PIV support 20

21 Citizen 3FA solution

22 Legal Summary ECT Act of 2002 Section 14 You may have an electronic original as long as the integrity is assured Section 15 Data is rebuttable evidence and the evidential will be established by considering the reliability and integrity of the process and how the identity of the initiator was established Section 13 Advanced Electronic Signatures must be used where the law requires a signature, but where your convention is to rely on a signature, this may be any electronic signature that conveys acceptance and has evidential weight

23 Digital Signature capability Document Signing for integrity and accountability

24 Government Signing Use cases Cloud Based Workflow Existing Workflow Signing DocFusion Personal Signing BAS, Persal, Logis, SAP Document Generation Transactional Signing Organisational Signing

25 Authentication and electronic signatures Positive Act of Acceptance Positive Act of Acceptance with verifiable integrity Positive Act of Acceptance with verifiable integrity and F2F and 3FA Biometric Acceptance Server Chip, pin, key Chip, bio, key Electronic Signature Signature Image Password Acceptance OTP Acceptance Smartcard Digital Signature -digital certificate based Digitised tablet Signature Windows store Adv Electronic Signature - Accredited digital certificate based NID, bio, Key Mobile Phone Mobile, Pin, Key

26 Transactional Signing Non repudiation User enrolled with face to face verification and supporting documentation User prompted for fingerprint, smartcard and digital signature on logon User prompted for fingerprint, smartcard and digital signature on transaction approval No transaction can be concluded if user does not acknowledge with a fingerprint and a smartcard present Creates user and personalizes card with fingerprint and digital certificate Recognize request for sensitive page Create Time Stamp and seals the record before storing in the evidence vault Forensic report drawn with enrolment data, downstream page, transaction changes and fingerprint

27 Thank you