How Secure is Authentication?
|
|
- Abigayle Washington
- 8 years ago
- Views:
Transcription
1 U2F & UAF Tutorial
2 How Secure is Authentication? bn? m Dec m Oct m May m April m March m
3 Cloud Authentication
4 Password Issues Password might be entered into untrusted / Web-site ( phishing ) 1 Password could be stolen from the server 2 Inconvenient to type password on phone 4 Too many passwords to remember à re-use / cart abandonment 3
5 OTP Issues OTP vulnerable to realtime MITM and MITB attacks 1 Inconvenient to type OTP on phone 4 OTP HW tokens are expensive and people don t want another device 3 SMS security questionable, especially when Device is the phone 2
6 Implementation Challenge A Plumbing Problem User Verification Methods lications Organizations Silo 1 Silo 2 1 Silo 3 2? Silo N? New
7 Authentication Needs Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your s? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code)
8 Authentication & Risk Engines Purpose Geolocation (from IP addr.) Explicit Authentication Authentication Server Risk Engine
9 Summary 1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision
10 How does work? Device
11 Experiences ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards) Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards) Login & Password Insert Dongle, Press button Done
12 Universal 2 nd Factor (U2F)
13 How does U2F work? Verify user presence
14 How does U2F work? Is a user present? Same Authenticator as registered before? Can verify user presence
15 How does UAF work? Identity binding to be done outside : This this John Doe with customer ID X. Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t have an identity proof of the user.
16 How does U2F work? How is the key protected? Verify user presence
17 U2F Protocol Core idea: Standard public key cryptography: o User's device mints new key pair, gives public key to server o Server asks user's device to sign data to verify the user. o One device, many services, "bring your own device" enabled Lots of refinement for this to be consumer facing: o Privacy: Site specific keys, No unique ID per device o Security: No phishing, man-in-the-middles o Trust: Verify who made the device o Pragmatics: Affordable today, ride hardware cost curve down o Speed for user: Fast crypto in device (Elliptic Curve) Think "Smartcard re-designed for modern consumer web"
18 U2F Authenticator U2F Registration Client / Browser ID, challenge Relying Party check ID a generate: key k pub key k priv handle h a; challenge, origin, channel id, etc. fc k pub, h, attestation cert, signature(a,fc,k pub,h) s fc, k pub, h, attestation cert, s cookie store: key k pub handle h
19 U2F Authentication U2F Authenticator Client / Browser handle, ID, challenge Relying Party check ID h a retrieve: key k priv from handle h; cntr++ h, a; challenge, origin, channel id, etc. fc cntr, signature(a,fc,cntr) retrieve key k pub from handle h s cntr, fc, s check signature using key k pub set cookie
20 User Presence API: Registration {"typ":"register", "challenge":"ksdjsdasas- AIS_AsS", "cid_pubkey": { "kty":"ec", "crv":"p- 256", "x":"hzqwlfxx7q4s5mtcrmzpo9toywjbqrl4tj8", "y":"xvgugflizx1fxg375hi4-7- BxhMljw42Ht4" navigator.handleregistrationrequest({ }, "origin":" } challenge : KSDJsdASAS- AIS_AsS, app_id : }, callback); callback = function(response) { sendtoserver( response[ clientdata ], response[ tokendata ]); };
21 User Presence API: Auth. { "typ":"authenticate", "challenge":"ksdjsdasas- AIS_AsS", "cid_pubkey": { "kty":"ec", "crv":"p- 256", "x":"hzqwlfxx7q4s5mtcrmzpo9toywjbqrl4tj8", "y":"xvgugflizx1fxg375hi4-7- BxhMljw42Ht4" }, "origin":" navigator.handleauthenticationrequest({ } challenge : KSDJsdASAS- AIS_AsS, app_id : key_handle : JkjhdsfkjSDFKJ_ld- sadsajdklsad }, callback); callback = function(response) { sendtoserver( response[ clientdata ], response[ tokendata ]); };
22 Authentication Example
23 Authentication Example
24 Authentication Example
25 Authentication Example
26 Universal Authentication Framework (UAF)
27 Experiences ONLINE AUTH REQUEST Local USER Verification SUCCESS PASSWORDLESS EXPERIENCE (UAF standards) Transaction Detail Show a biometric or PIN Done SECOND FACTOR EXPERIENCE (U2F standards) Login & Password Insert Dongle, Press button Done
28 How does UAF work? SE
29 How does UAF work? Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t have an identity proof of the user.
30 How does UAF work? Identity binding to be done outside : This this John Doe with customer ID X. Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t have an identity proof of the user.
31 How does UAF work? How is the key protected (TPM, SE, TEE, )? What user verification method is used? SE
32 Attestation & Metadata AUTHENTICATOR SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata
33 Device UAF Registration Relying Party Authenticator 0 Prepare Web Server
34 UAF Registration Authenticator 0 Prepare Web Server
35 UAF Registration Authenticator 0 Prepare Web Server
36 UAF Registration Authenticator 0 Prepare Web Server 1 Legacy Auth + Initiate Reg.
37 UAF Registration Authenticator 0 Prepare Web Server 1 Legacy Auth + Initiate Reg.
38 UAF Registration Authenticator 0 Prepare Web Server 1 Legacy Auth + Initiate Reg. Reg. Request + Policy 2
39 UAF Registration Pat Johnson Link your fingerprint Authenticator 0 1 Prepare Legacy Auth + Initiate Reg. Reg. Request + Policy Web Server 2
40 UAF Registration Pat Johnson Link your fingerprint Authenticator 0 1 Prepare Legacy Auth + Initiate Reg. Reg. Request + Policy Web Server 2
41 UAF Registration Pat Johnson Link your fingerprint Authenticator 0 1 Prepare Legacy Auth + Initiate Reg. Reg. Request + Policy Web Server 2 3 Verify User & Generate New Key Pair (specific to RP Webapp)
42 UAF Registration Pat Johnson Link your fingerprint Authenticator Prepare Legacy Auth + Initiate Reg. Reg. Request + Policy Reg. Response Web Server 2 3 Verify User & Generate New Key Pair (specific to RP Webapp)
43 UAF Registration Pat Johnson Link your fingerprint Key Registration Data: Hash(FinalChallenge) AAID Public key KeyID Registration Counter Signature Counter Signature (attestation key) Authenticator Prepare Legacy Auth + Initiate Reg. Reg. Request + Policy Reg. Response Web Server 2 FinalChallenge=Hash(ID FacetID tlsdata challenge) 3 Verify User & Generate New Key Pair (specific to RP Webapp)
44 UAF Registration Pat Johnson Authenticator 0 Prepare Web Server 1 4 Legacy Auth + Initiate Reg. Reg. Request + Policy Reg. Response 2 3 Verify User & Generate New Key Pair (specific to RP Webapp) Success 5
45 Building Blocks USER DEVICE TLS Server Key RELYING PARTY BROWSER / APP UAF Protocol WEB SERVER CLIENT Cryptographic authentication key reference DB SERVER ASM Authentication keys AUTHENTICATOR Attestation key Authenticator Metadata & attestation trust store Metadata Service Update
46 AAID & Attestation Authenticator Using HW based crypto AAID 1 Based on FP Sensor X Attestation Key 1 Authenticator Pure SW based implementation Based on Face Recognition alg. Y AAID 2 Attestation Key 2 AAID: Authenticator Attestation ID (=model name)
47 Privacy & Attestation SERVER RP1 Model A Bob s Authenticator Using HW based crypto Based on FP Sensor X Model A Serial # SERVER RP2 Model A
48 Attestation & Metadata AUTHENTICATOR SERVER Signed Attestation Object Verify using trust anchor included in Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources) Metadata
49 Facet ID / ID
50 UAF Authentication Authenticator 0 Prepare Web Server
51 UAF Authentication Authenticator 0 Prepare Web Server
52 UAF Authentication Authenticator 0 Prepare Web Server
53 UAF Authentication Authenticator 0 Prepare Web Server
54 UAF Authentication Authenticator 0 Prepare Web Server 1 Initiate Authentication
55 UAF Authentication Authenticator 0 Prepare Initiate Authentication Auth. Request with Challenge 1 Web Server 2
56 UAF Authentication Authenticator 0 Prepare Web Server Just a sec our secure payment technology is working its magic. Initiate Authentication Auth. Request with Challenge 1 2
57 UAF Authentication Pat Johnson Authenticator 0 Prepare Web Server Initiate Authentication Auth. Request with Challenge Verify User & Sign Challenge (Key specific to RP Webapp)
58 UAF Authentication Authenticator 0 Prepare Web Server Pat Johnson 650 Castro Street Mountain View, CA United States Initiate Authentication Auth. Request with Challenge Auth. Response Verify User & Sign Challenge (Key specific to RP Webapp)
59 UAF Authentication Authenticator 0 Prepare Web Server SignedData: SignatureAlg Hash(FinalChallenge) Authenticator random Signature Counter Pat Johnson 650 Castro Street Mountain View, CA United States Signature Initiate Authentication Auth. Request with Challenge Auth. Response FinalChallenge=Hash(ID FacetID tlsdata challenge) 3 Verify User & Sign Challenge (Key specific to RP Webapp)
60 UAF Authentication Pat Johnson Payment complete! Return to the merchant s web site to continue shopping Return to the merchant Authenticator 3 0 Prepare Initiate Authentication Auth. Request with Challenge Auth. Response 1 4 Verify User & Sign Challenge (Key specific to RP Webapp) Success Web Server 2 5
61 Transaction Confirmation Device Relying Party Authenticator Browser or Native 1 Initiate Transaction Web Server Authentication Request + Transaction Text 2 4 Authentication Response + Text Hash, signed by User s private key 5 3 Display Text, Verify User & Unlock Private Key (specific to User + RP Webapp) Validate Response & Text Hash using User s Public Key
62 Transaction Confirmation Device Relying Party Authenticator Browser or Native 1 Initiate Transaction Web Server SignedData: SignatureAlg Authentication Request Hash(FinalChallenge) + Transaction Text Authenticator random Signature Counter Hash(Transaction Authentication Response 4 Text) Signature + Text Hash, signed by User s private key FinalChallenge=Hash(ID FacetID 3 tlsdata challenge) Display Text, Verify User & Unlock Private Key (specific to User + RP Webapp) 2 5 Validate Response & Text Hash using User s Public Key
63 The Authenticator Concept Injected at manufacturing, doesn t change Authenticator User Verification / Presence Attestation Key Transaction Confirmation Display Authentication Key(s) Optional Components Generated at runtime (on Registration)
64 Using Secure Hardware Authenticator in SIM Card User Verification (PIN) SIM Card Attestation Key Authentication Key(s)
65 Client Side Biometrics Trusted Execution Environment (TEE) Authenticator as Trusted lication (TA) User Verification / Presence Attestation Key Store at Enrollment Authentication Key(s) Compare at Authentication Unlock after comparison
66 Combining TEE and SE Trusted Execution Environment (TEE) Authenticator as Trusted lication (TA) e.g. GlobalPlatform Trusted UI User Verification / Presence Transaction Confirmation Display Secure Element Attestation Key Authentication Key(s)
67 UAF Specifications
68 & Federation
69 Source: Paul Madsen, Seminar, May 2014
70 Source: Paul Madsen, Seminar, May 2014
71 Complementary o Insulates authentication server from specific authenticators o Focused solely on primary authentication o Does not support attribute sharing o Can communicate details of authentication to server Federation o Insulates applications from identity providers o Does not address primary authentication o Does enable secondary authentication & attribute sharing o Can communicate details of authentication from IdP to SP Source: Paul Madsen, Seminar, May 2014
72 & Federation First Mile Second Mile USER DEVICE IdP Service Provider BROWSER / APP UAF Protocol FEDERATION SERVER Federation CLIENT Id DB AUTHENTICATOR SERVER Knows details about the Authentication strength Knows details about the Identity and its verification strength.
73 & Federation Assurance High SSO slide Low status quo federatio n No more Password123 bump High Frequency of login Low Source: Paul Madsen, Seminar, May 2014
74 & Federation High Assurance Continuum federatio n Low status quo High Frequency of login Low Source: Paul Madsen, Seminar, May 2014
75 & Federation High Assurance + federatio n federatio n Low status quo High Frequency of login Low Source: Paul Madsen, Seminar, May 2014
76 at Industry Event Readiness SIM as Secure Element Fingerprint, TEE, Mobile Speaker Recognition Mobile via NFC PIN + MicroSD USB
77 ReadyTM Products Shipping today OEM Enabled: Samsung Galaxy S5 smartphone & Galaxy Tab S tablets OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems: Software Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
78 is used Today
79 Conclusion Different authentication use-cases lead to different authentication requirements Today, we have authentication silos separates user verification from authentication protocol and hence supports all user verification methods supports scalable security and convenience User verification data is known to Authenticator only complements federation è Consider developing or piloting -based authentication solutions Dr. Rolf Lindemann, Nok Nok Labs,
How Secure is Authentication?
FIDO UAF Tutorial How Secure is Authentication? How Secure is Authentication? How Secure is Authentication? Cloud Authentication Password Issues Password might be entered into untrusted App / Web-site
More informationScalable Authentication
Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors
More informationFIDO Modern Authentication Rolf Lindemann, Nok Nok Labs
Rolf Lindemann, Nok Nok Labs cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 Authentication in Context Single Sign-On Modern Authentication Federation
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationUAF Architectural Overview
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 UAF Architectural Overview Specification Set: fido-uaf-v1.0-rd-20140209 REVIEW DRAFT Editors: Rob Philpott, RSA, the Security Division of EMC Sampath
More informationNOK NOK LABS AUTHENTICATION & OTT SERVICES
NOK NOK LABS AUTHENTICATION & OTT SERVICES RAJIV DHOLAKIA VP PRODUCTS & BUSINESS DEVELOPMENT 1 NOK NOK LABS The authentication challenge A DILEMMA UNTIL WE CAN TRULY RECOGNIZE PEOPLE ONLINE, IN REAL TIME...
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationTECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator.
TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION Any device. Any application. Any authenticator. Table of Contents Introduction... 3 The Problem With Authentication Today... 4 New Possibilities...
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationSecurity Levels for Web Authentication using Mobile Phones
Security Levels for Web Authentication using Mobile Phones Anna Vapen and Nahid Shahmehri Department of computer and information science Linköpings universitet, SE-58183 Linköping, Sweden {annva,nahsh}@ida.liu.se
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationTwo Factor Authentication for VPN Access
Trends in cloud computing, workforce mobility, and BYOD policies have introduced serious new vulnerabilities for enterprise networks. Every few weeks, we learn about a new instance of compromised security.
More informationFIDO Security Reference
FIDO Security Reference FIDO Alliance Proposed Standard 09 October 2014 This version: https://fidoalliance.org/specs/fido uaf authnr metadata service v1.0 ps 20141009.html Previous version: https://fidoalliance.org/specs/fido
More informationSEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public
SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On Public Speakers Las Vegas, Oct 19-23 Christian Cohrs, Area Product Owner Barcelona, Nov 10-12 Regine Schimmer, Product Management
More informationTrends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36
Trends in Mobile Authentication cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36 E-banking authentication mtan 2 Phishing passiv Man-in-the-Middle
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationThe Password Problem Will Only Get Worse
The Password Problem Will Only Get Worse New technology for proving who we are Isaac Potoczny-Jones Galois & SEQRD ijones@seqrd.com @SyntaxPolice Goals & Talk outline Update the group on authentication
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationCrypho Security Whitepaper
Crypho Security Whitepaper Crypho AS Crypho is an end-to-end encrypted enterprise messenger and file-sharing application. It achieves strong privacy and security using well-known, battle-tested encryption
More informationWeb Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict 2010. All rights reserved
Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010 Fedict 2010. All rights reserved What is Entity Authentication? Entity authentication is the process whereby one party
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationSecure Authentication for the Development of Mobile Internet Services Critical Considerations
Secure Authentication for the Development of Mobile Internet Services Critical Considerations December 2011 V1 Mobile Internet Security Working Group, SIMalliance AGENDA SIMalliance presentation What s
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationOut-Of-Band Authentication Using a Real-time, Multi-factor Service Model
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationAuthentication Scenarios India. Ramachandran
Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages -~800 million mobile, ~200-300 mn migrant workers Authentication Scenarios Government e-praman authentication framework
More informationSecurity Levels for Web Authentication Using Mobile Phones
Security Levels for Web Authentication Using Mobile Phones Anna Vapen and Nahid Shahmehri Department of Computer and Information Science, Linköping University, SE-58183 Linköping, Sweden {anna.vapen,nahid.shahmehri}@liu.se
More informationUSER-FAQ (2FA) Q. What are the key features of Fraud Management Solution (Baroda isecure)?
USER-FAQ (2FA) Q. What is Fraud Management Solution (Baroda isecure)? Ans. Fraud Management Solution (Baroda isecure) is an enhanced security solution which helps reduce chances of phishing attack on customer
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationFrom Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud.
From Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud. Claudio Olati Sales Manager - Gemalto Sergio Sironi Regional Sales Manager - Safenet We are the world leader
More informationFIDO Trust Requirements
FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms
More informationReviewer Guide Core Functionality
securing your personal data Sticky Password Reviewer Guide Core Functionality Sticky Password is the password manager for the entire lifecycle of your passwords. Strong passwords the built-in password
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationLoxin A Solution to Password-less Universal Login
Loxin A Solution to Password-less Universal Login Bo Zhu, Xinxin Fan, and Guang Gong University of Waterloo {bo.zhu,x5fan,ggong}@uwaterloo.ca Abstract. As the easiest and cheapest way of authenticating
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationWhat s wrong with FIDO?
Patented What s wrong with FIDO? Nikos Leoutsarakos Tiny bio Nikos has a Physics background and a M.Sc. in Computer science from McGill University in Montreal, Canada, where he lives with his wife and
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationOpenID & Strong Authentication
OpenID & Strong Authentication CTST 2009: Emerging Technology D14: Smart Cards, Tokens & Digital Identity May 5, 2009 Brian Kelly Vice President TrustBearer Labs Simplify Multi-factor authentication can
More informationExtending APS Packages with Single Sign On. Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox
Extending APS Packages with Single Sign On Brian Spector, CEO, CertiVox / Gene Myers, VP Engineering, CertiVox Introducing APS 2.0 A Platform for Integration APS Dynamic UI HTML5 Extensibility Certified
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationIntel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
More informationA Method of Risk Assessment for Multi-Factor Authentication
Journal of Information Processing Systems, Vol.7, No.1, March 2011 DOI : 10.3745/JIPS.2011.7.1.187 A Method of Risk Assessment for Multi-Factor Authentication Jae-Jung Kim* and Seng-Phil Hong** Abstract
More informationMobile Connect & FIDO
Mobile Connect & FIDO About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well
More informationBusiness Banking Customer Login Experience for Enhanced Login Security
Business Banking Customer Login Experience for Enhanced Login Security User credentials uniquely identify each person who uses the banking platform. The intent of authentication is unequivocal verification
More informationImplementing Identity Provider on Mobile Phone
Implementing Identity Provider on Mobile Phone Tsuyoshi Abe, Hiroki Itoh, and Kenji Takahashi NTT Information Sharing Platform Laboratories, NTT Corporation 3-9-11 Midoricho, Musashino-shi, Tokyo 180-8585,
More informationImplementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.
Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal
More informationTrue Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
More informationProcedure for How to Enroll for Digital Signature
Procedure for How to Enroll for Digital Signature In Online Processing System getting to implement Digital Signature and Electronic Token for security and Authentication Purpose. For that bidder must have
More informationIs Consumer-Oriented Strong Authentication Finally Here to Stay? Arshad Noor, CTO, StrongAuth, Inc. Professional Strategies S22
Is Consumer-Oriented Strong Authentication Finally Here to Stay? Arshad Noor, CTO, StrongAuth, Inc. Professional Strategies S22 Historical Perspective Password-based authentication invented at least 4-5
More informationView from a European Trust Service Provider Server Signing: Return of experience and certification strategy
View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com
More informationA STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW
A STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW July 2012 WHITEPAPER BY MARK BAAIJENS, MANAGING CONSULTANT FOR THE PAYMENT COMPETENCE CENTER Author Mark finished his Master of Science degree
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationMOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO
MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION A Goode Intelligence white paper sponsored by AGNITiO First Edition September 2014 Goode Intelligence All Rights Reserved Sponsored
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationSecurity and Usability
Security and Usability David Hunt: DCH Technology Services A Financial Services View Active Security Passive Security Technologies Impact on Users Big Data Consumer context, do we know you? Active Security
More informationUsing Authorize.net for Credit Card Processing in YogaReg
Using Authorize.net for Credit Card Processing in YogaReg 1. Obtain a credit card merchant account. If you already process credit cards via a terminal, you already have one. You can contact your bank,
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationTrustedX: eidas Platform
TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,
More informationEvaluation and Implementation of SQRL and U2F as 2 nd Factor Authenticators for CERN Single Sign-On
Evaluation and Implementation of SQRL and U2F as 2 nd Factor Authenticators for CERN Single Sign-On September 2015 Author: Azqa Nadeem Supervisors: Vincent Brillault Stefan Lueders CERN Openlab Summer
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationIdentity Management. Prof Audun Jøsang Department of Informatics University of Oslo. Finse May 2014
Identity Management Prof Audun Jøsang Department of Informatics University of Oslo Finse May 2014 The concept of identity Entities have Identities consist of Attributes Systems Persons A B C Names, Identifiers
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationUnderstanding the Role of Smart Cards for Strong Authentication in Network Systems. Bryan Ichikawa Deloitte Advisory
Understanding the Role of Smart Cards for Strong Authentication in Network Systems Bryan Ichikawa Deloitte Advisory Overview This session will discuss the state of authentication today, identify some of
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationFIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014
FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014 The FIDO Alliance: Privacy Principles Whitepaper Page 1 of 7 FIDO Privacy Principles Introduction The FIDO Alliance is a non-profit
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationMulti Factor Authentication API
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationQR-CODE BASED NON-REPUDIATION TRANSACTION VERIFICATION SYSTEM
QR-CODE BASED NON-REPUDIATION TRANSACTION VERIFICATION SYSTEM Jakub Nantl 1 1 Silesian University in Opava, School of Business Administration in Karvina, Univerzitní nám. 1934/3, 733 40 Karviná Email:
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationInternational Journal of Software and Web Sciences (IJSWS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International
More informationArticle. Electronic Notary Practices. Copyright Topaz Systems Inc. All rights reserved.
Article Electronic Notary Practices Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents Key Features and
More informationMobile Electronic Payments
Chapter 7 Mobile Electronic Payments 7.1 Rationale and Motivation Mobile electronic payments are rapidly becoming a reality. There is no doubt that users of mobile phones are willing and even asking to
More informationYubiKey Integration for Full Disk Encryption
YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The
More informationBrainloop Secure Dataroom Version 8.30. QR Code Scanner Apps for ios Version 1.1 and for Android
Brainloop Secure Dataroom Version 8.30 QR Code Scanner Apps for ios Version 1.1 and for Android Quick Guide Brainloop Secure Dataroom Version 8.30 Copyright Brainloop AG, 2004-2015. All rights reserved.
More information2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More informationAndroid pay. Frequently asked questions
Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and
More informationFederated Identity and Single-Sign On
CS 6393 Lecture 5 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 The Web Today User
More informationWhy Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital
More informationSoftware Token Security & Provisioning: Innovation Galore!
Software Token Security & Provisioning: Innovation Galore! Kenn Min Chong, Principal Product Manager SecurID, RSA Emily Ryan, Security Solution Architect, Intel Michael Lyman, Product Marketing Manager,
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More information