Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Transcription

1 Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard

2 WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

3 CREDENTIAL USE IN MULTIPLE APPLICATIONS & DEVICES 3

4 MOST SECURITY BREACHES ARE ATTACKS ON IDENTITY Session Riding Identity Key Logging password 4

5 QUESTION What device type do you feel is most secure for online banking? PC MAC ipad/iphone Android Tablet/Phone 5 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

6 ARE MOBILE DEVICES SECURE? Device & Location Attributes Mobile devices have powerful features built in that organizations can leverage Secure Elements TEE Biometrics Application Sandbox Crypto Users want to carry them Always in hand Always connected Convenient Support work / personal balance Use continues to grow exponentially Out of Band channel Computing power makes them multi-purpose Multipurpose identity capability 6

7 TECHNOLOGY THAT CAN FACILITATE E-GOVERNMENT Strongly Identify the User Provide Secure Access to Information Authenticate Transactions

8 ISSUE STRONG MULTI-PURPOSE CREDENTIALS Strongly Identify the User Provide Secure Access to Information Authenticate Transactions ouser considerations Type of User What domain do they work in What are they using it for oadministrator considerations How easy does it integrate into existing systems How easy is it to use Can it meet short and long term objectives 8

9 QUESTION What second factor user authentication solution do you have in place? Hardware token Soft token SMS One time password None/Other 9 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

10 MANY WAYS TO LEVERAGE ONE DEVICE Device Certificates Toolkits for mobile apps SMS One Time Password egrid Soft Token Out Of Band Transaction Verification Virtual Smart Credential Mobile devices can easily be provisioned with additional or temporary authenticators 10

11 VPN AUTHENTICATION Laptop 1 VPN Device Mobile Transaction Approval 3 Send notification Confirm Transaction 2 Fingerprint replace PIN

12 DEMO EMPLOYEE VPN ACCESS 12

13 DEMO WEB AUTHENTICATION NO PASSWORD 13

14 PHYSICAL LOGICAL CONSOLIDATION Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Logical SAML Physical Logical Physical osingle credential, single admin interface o Smart card, USB, Mobile Smart Credential obenefits o Better usability o Simplified on-board and off-boarding process including credential issuance o Easy migration o Support for new and legacy physical access systems o Higher security 14

15 SECURITY OF A HARDWARE TOKEN WITH THE CONVENIENCE OF MOBILE Mobile Secure World Normal World Digital Identity Trustzone OS Authorized Request Proof of Possession ARM Mobile Microprocessor Mobile Application Mobile OS Authentication Optional validate device fingerprint Trusted Execution Environment Digital ID cannot be stolen, misused by an exploit in the Mobile OS Approve any transaction originated anywhere, securely 15

16 SECURE BROWSING AND Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Secure browser application to protect confidential information Strong certificate based authentication of user via a Mobile Smart Credential Leverages client authenticated SSL supported by Web Servers and Access Managers Secure, encrypted client Digital signing with Mobile Smart Credential certificates

17 DEMO AUTHENTICATION WEB SINGLE SIGN-ON 1.Start Mobile Browser 2.Access corporate intranet 3.Outside firewall without VPN 4.Mobile application verifies enterprise server is authentic 5.Enterprise server authenticate mobile user 6.PIN allows virtual smart card to authenticate 7.Encrypt transfer of intellectual property 17

18 18

19 DEMO: ENCRYPTED BROWSER LOGIN TO WEB RESOURCE Receive encrypted on mobile Decrypt after PIN entry Link in takes us to corporate intranet portal with no VPN Will report if intranet not trusted Enter PIN to authenticate to Web SSO portal November 13,

20 20

21 Cryptographic functions available to mobile apps MOBILE AS THE ENTERPRISE DESKTOP Mobile Enterprise systems VIRTUAL SMART CARD Browser WEB SSO Cloud Services Forms VPN Encryption Web SAML IDP Exchange Sever Virtual Desktops Sign Transaction Access the same systems as a windows desktop PHYSICAL ACCESS LOGICAL ACCESS Mobile behaves like a smart card to windows & physical access 21

22 OUT OF BAND TRANSACTION VERIFICATION Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Transaction Verification / Approval Login / Contract Signing Out of band confirmation and signing of a transaction Simplified process for the user Protects Against Man-in-the Middle, Man-in-the Browser attacks

23 DIGITALLY SIGN ON-LINE TRANSACTIONS Strongly Identify the User Provide Secure Access to Information Authenticate Transactions odigital signatures and transaction verification for non-repudiation of on-line transactions Employees Warrants Lab results Inspection reports Citizens Applications Healthcare submissions Bill payments 23

24 DEMO: APPROVE PAYMENT 1. Transfer money 2. Notification on mobile device at top of mobile screen. 3. Click on notification 4. OPTIONAL Authenticate with fingerprint or PIN 5. Transaction notification reviewed by mobile banking/payment application 6. User approves or rejects

25 DEMO: APPROVE PAYMENT WITH NO DATA CONNECTION Fallback to QR code if mobile data network not available 25

26 MOBILE PRESENTS AN OPPORTUNITY TO Mobile provides a nextgeneration solution for trusted identities Secure Convenient, ease to use, easy to provision Multi-purpose Mobile offers an opportunity to blend user experience and security like never before Lower costs Of authentication Of business processes Strengthen security for Logical & Physical Access Cloud Mobility 26

27 QUESTIONS Ian Wills Regional Sales Manager Entrust