Digital identity: Toward more convenient, more secure online authentication
|
|
- Magdalene Glenn
- 8 years ago
- Views:
Transcription
1 Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based services. It s a practical approach that provides an acceptable level of security when accessing a closed system, but today s online activities have evolved beyond what the username/ password format can effectively protect. A study, done by Microsoft more than five years ago, showed that the average American user had 25 online accounts secured using 6.5 passwords. It s reasonable to assume that those numbers have increased in recent years, and this raises serious questions about quality issues regarding passwords and the risks associated with insufficient security. The recent hack of 6.5 million LinkedIn user passwords illustrates the limits of username/password authentication techniques, especially when securing today s online services and protecting transactions of increasing value. Recent initiatives, such as the US National Strategy for Trusted Identity in Cyberspace, show government commitment to enforce cyber security. As stated in the National Security Strategy 1) in 2010, The Internet and e-commerce are keys to our economic competitiveness. This white paper introduces the concerns behind user authentication for online services. It describes various concepts and solutions for digital identity, high-security authentication methods, and digital signatures. 1) National Security Strategy, May 2010, The White House
2 Problems to solve To start with, let s go through a simple example, where we will identify the various steps that must be taken to initiate and utilize online service, and the risks that apply to these steps. Our example begins with Bob, who wants to join a club that will provide him with a wealth of online services, chat rooms, online storage and sharing, instant messaging, mail, localized information, and booking services. Bob has many friends who are already members of the club and he looks forward to sharing messages, information, and pictures with them and the other people he meets online. The first step for Bob is online registration to the club. He s asked to provide his real name or his online nickname, his age (or at least a verification that he is over the minimum required age for participation), and other pieces of information required by the service provider to fulfill their service provision and legal obligations. Based on the information Bob provides, the service provider then issues a token and a credential binding the token to Bob s identity. Bob starts using the service as soon as the registration process is complete. He securely authenticates presenting his token, which is used together with the credential to verify his identity. With the authentication process complete, the service provider grants Bob access so he can start enjoying his subscription services. The service provider offers a directory search function that lets subscribers see if their friends are also connected to the service. Bob uses the directory to look for and connect with his friends. Bob also sees that one of his favorite actresses, Alice, is also online, so he subscribes to get updates on her daily life. As Bob continues to use the service, the opportunities for theft continue to appear. For example, when Bob sees that a good friend has just received a promotion at work, he uses one of the club s localization services to send a celebratory bouquet of flowers from a nearby florist. The club asks Bob to sign his order in such a way that he can t pretend, at a later stage, that he was unaware of his responsibility to the florist or deny that he conveyed the transaction. It is essential that everyone involved in this example service -- Bob, his friends, the celebrities he follows, the shop owners he deals with -- remain protected from fraud and identity theft. Even in the few steps that we ve described, there have been several opportunities where security could fail. To begin, threats can occur at the registration process, especially if subscribers don t have to prove their real identities. Next, during the authentication process, the token or credential could be stolen or hacked from the service provider s server. Similar threats are present when Bob uses the clubs various services, such as ordering a delivery from a local florist. Fortunately, there are ways to reduce these threats and minimize the risk of identity theft. In the next sections, we look at various solutions, including a signature process that can be used with a non-repudiation feature when conducting online transactions. Registration Without appropriate controls, the registration process can t perform strong user authentication. At the same time, the user should only provide the identity attributes and traits required for the service provision, and these need to be treated confidentially to protect privacy. When service access is not anonymous, the registration process should involve an identity verification mechanism, but these mechanisms are not in widespread use. Services that require users to reveal their identity may use an identity verification mechanism during the registration process. In a purely online process, identity verification can be performed using credential guaranteed by a third party, a so-called credentialbroker. For instance, the service might ask the user to prove his identity with an electronic national identity card and a secret, or his bank card hosting a special application. The service provider can then use a third party for the identity check, and issue credentials based on this trusted verification.
3 In our example, Bob filled in all the details, with his identity attributes and traits, using a secured session on the service provider s web site, and proved his identity by using his identity card and PIN. Once Bob s genuine identity was confirmed by the authentication service associated with his identity card, the service provider issued the credential. The security checks used in the registration step have to be balanced against several factors. This typically includes the user s perceived security requirements (the user may not accept going through intensive background checks to register for a social network), the legal requirements (the minimum set of attributes that local laws require be collected), and service requirements. It s also important to note that a seamless, purely electronic registration process is likely to be perceived as more convenient than a system that uses the exchange of paper by mail, and this can increase the rate of registration completion. Authentication The authentication step lets the service provider assert that the user is who he pretends to be, and to grant or deny access to the service under that identity. A stronger authentication process increases the user s confidence in the service. For example, Bob will be more likely to use and promote the club if he is confident that his personal details and data, and the services he gained access to, are well protected. The user authentication process involves presenting an identity (name, nickname, certificate), and proof that a secret is shared between the user and the service provider. The authentication may be more or less secure depending on how the secret is protected. The proof exchanged between the parties may not be the secret (a password), but the result of a mathematical operation using the secret (in this case the secret may be called a key). In addition, the secret can be complemented by other factors, such as something that the user must have in his possession or something that authentically defines or belongs to the user (an identity trait). The authentication strength, that is, the confidence level that the user is who he claims to be, grows with the number of used factors. Single factor vs. multi-factor There are several authentication factors to consider: What the user knows: the secret (password, passphrase, PIN code, etc.) What the user owns: a token, PC, smartphone, etc. What the user is: the user s identity traits (fingerprints, voice, DNA, face, iris, vein network, etc.)
4 The very basic username/password authentication method uses only a what the user knows factor: it is a single-factor authentication method. A method based on a certificate (stored in a USB key or on a PC, for instance) and no password uses only a what the user owns factor: it is also a single-factor authentication method. A method based on a certificate but requires a password or a PIN code from the user is based on what the user owns and what the user knows factors: it is called a multi-factor authentication method. Multi-factor authentication is also called strong authentication. Strong authentication does not preclude the resistance or strength of the factors: A password can be weak, when susceptible to attacks using a dictionary or publicly known information about the user, or can be stronger when based on a long character suite that includes uppercase, lowercase, numeric, and symbol characters A key can be of varying length; the longer it is the more secure it is A certificate can be tamper-protected by smartcard hardware security, or stored on a PC or USB key where it is susceptible to duplication or tampering However, the overall security and access protection depends on the factor strength. This point needs to be taken into consideration when designing the system. Ownership factor The ownership factor ( what the user has ) needs to be deemed genuine by the service provider. Therefore, it is usually issued by the service provider at the registration step and consists of a certificate, comprising at a minimum of a user identifier digitally signed. When logging in to the service, the certificate is presented and the provider verifies the signature to assess its authenticity. In addition to being genuine, the ownership factor should be copy protected, to avoid duplication without the user knowledge. Knowledge factors As mentioned earlier, these are passwords, PIN codes, and other secrets that the user should present to prove his identity. As this information is confidential, it should not be exposed in any way. It makes sense to implement mechanisms where the secret is either verified locally in the terminal or at least used in such a way that it is not transferred as-is to the service provider. Inherence factors These who the user is factors are unambiguous and/or immutable data that identify a person. Biometrics data are among the inherence factors. Regardless of the location where this information is stored, it should be protected against modification, to insure they describe the right individual, and against unauthorized access, as they contain privacy critical information. Privacy Privacy of user identification data, as well as non-traceability of the services used is a key feature of the authentication service. To return to the Bob example, assume he s decided to use his club s credential to subscribe to another service. Bob doesn t want the new service to use non-required identity attributes to profile him. Nor does he want to be traced when browsing through the various services he has chosen. In some countries, there are regulatory bodies that ensure that user privacy is well implemented and respected before a service deployment is authorized. For instance, the default behavior of a system should not give it the ability to monitor user behavior at an atomic level. As a result, minimal disclosure policy, which only provides information required to exercise the service, should be the rule. For example, full name or national ID number are not used unless accessing a service that requires this information. Software vs. hardware (authentication) Software and hardware authentication differ in two main ways: Where the security credentials (the factor elements) are stored Where the authentication algorithm is executed
5 Software authentication refers to when there is no dedicated secure element to store the credentials and run the security algorithm, whereas hardware authentication describes cases where a dedicated element using secured smartcard technology hosts the critical items. Software authentication may also apply to implementations that use server storage and checking of credentials. Today s hardware tokens don t always take the form of a removable token such as a smartcard or a USB key - since more and more systems are equipped with an embedded secure element. Smartphones, tablet PCs and PCs that include Near Field Communication (NFC) can open the secure element for authentication applications. Software and hardware have their respective advantages and disadvantages, summarized in the table. Software Hardware Issuance Easy, possibly online More complex Security Low High Security portability Low High Privacy (by design) Low High Issuance Software has an advantage here as being purely dematerialized. The token is installed online and may be comprised of a certificate, key(s), an algorithm, and so on. Hardware is more complex to handle from an issuance perspective, since it involves personalization and the shipment of tokens. However, there are secured hardware tokens that the user can purchase in stores that can be personalized or bound to an online account. Security Software tokens are intrinsically easier to tamper with or duplicate. Since they reside on equipment connected to the internet, they are more subject to attacks by malware. Moreover, they are not protected by hardware firewalls and therefore are vulnerable to attacks of reverse engineering. Hardware tokens are based on smartcard technology, which is known for its tamper resistance. Information stored on the smartcard is protected by strong hardware firewalls and controlled by password or PIN code. The keys or credentials used by the authentication algorithms never leave the protected environment. Hardware tokens are also ideal for biometrics-based authentication, since user details are kept secure and private in a token and never exposed externally. Smartcard technology implements secure memories to store the critical data (PINs and keys) such that they cannot be read easily. The technology also implements countermeasures against various attacks on the cryptographic algorithms. With software implementations that use standard controllers and memories, the keys and PINs are stored in an unsecured environment. Furthermore, creating secure implementations of cryptographic algorithms poses a significant challenge. The security advantages of hardware tokens are acknowledged by the US National Institute of Standards and Technology (NIST) in their Electronic Authentication Guideline, where they state that hard cryptographic tokens are the only applicable technology for the highest level of authentication assurance 2). Security portability Hardware tokens offer intrinsically secure portability. A token can be used on any equipment providing this equipment can access it. These days, tokens with USB/contactless or smartcard ISO/contactless interfaces are available to secure PCs, NFC devices, and potentially smarttvs and game console devices. 2) Electronic Authentication Guideline, NIST Special Publication , December
6 Privacy (by design) Hardware tokens securely store the user s credentials and attributes, which can be verified locally without any unnecessary exposure to the outside world. Software authentication usually stores user attributes in a server belonging to the service provider, an identity provider or the service provider acting as identity provider for a third-party application. Storing attributes in a hardware token allows a straightforward minimum disclosure implementation that keeps all credentials under the user s direct control. It ensures that unnecessary details are kept hidden in the token and that only the required information is disclosed during the transaction. For instance, a service that requires the user to be more than 18 years old might provide the user with an older than 18 flag instead of asking for specific date of birth. Signature The signature is as important as authentication for maintaining the security of electronic transactions. In the real world, handwritten signatures are used to stipulate that all parties agree for a transaction. In case of dispute at a later stage, the signed contract serves as a reminder of the rights and duties the parties formally agreed to. Handwritten signatures are also used by people to verify and guarantee the validity of the information they provide when engaging in a business transaction or acknowledging the receipt of goods or information. Use cases for digital signature Online signature generation and verification respond to the same use cases as hand-written signatures in the real world. Our old friend Bob, a loyal tax-payer, has decided this year to fill out his tax forms online, through his government web-portal. He authenticates to the portal using his national electronic ID card and initiates a secure session over the internet connection. Once he has finished his tax declaration, Bob confirms that the editing session is complete. The tax declaration is then compiled in a document that Bob signs once he has given it a quick recheck, just as he would have done with a paper-based form. For the virtual digital signature process, Bob re-uses his national electronic ID card and confirms that he agrees with the document contents. This generates a formal signature that requires a specific validation, likely based on a new PIN code presentation. Once generated, the signature is sent to Bob s government portal and is appended to the declaration for future reference. Bob also receives a dated certificate of deposit, built using a similar signature process. Generally speaking, signature generation the proper document signing process- is employed when the user must give another party proof of acceptance or authenticity of a document. In the tax example, signing the online tax form engaged the responsibility of the signing party regarding the information provided. Signing a mail message will prove to the receiver that the sender is who he claims to be. Digitally signing a contract document proves that the signing party received and accepted the contract as-is. Requirements and features The algorithm for signature generation must guarantee that the signature is bound to the document it was generated with and only to that document. If the document is modified, the algorithm needs to produce a different signature regardless of the importance of the modification. The signature process should also date the signature with a timestamp. The signature verification process should check the signature against the related document and the signing party, and therefore control both the authenticity of the document presented and the identity of the signer. Signature algorithms rely on so-called public key cryptography. This technology involves a public key, bound to the user identity, and a private key. The signing operation consists of running an algorithm on the document (or a digest of the document) to build a signature using the private key. Signature verification involves applying reverse operation on the signature using the public key. If the operation results in the document or its digest, then the signature is verified. The basic principle is that only the private key holder can create a signature but everyone else can verify the signature using the public key. The signature can only be trusted if the user s private key is kept in a heavily secured area and never exposed, such as in a hardware token. The user s public key is also bound to the user s identity and is guaranteed by a trusted party. The same generation and verification algorithms are often used by secured authentication processes. If a user wants authentication to a service, he signs a piece of document (a challenge ) randomly issued by the service provider. The provider then verifies the signature and authenticates the user if it s correct. Again, only the holder of the private key which is typically buried in a smartcard can generate the signature and therefore successfully perform authentication.
7 Data encryption Another main challenge is data confidentiality, especially when data is transferred over the internet. As illustrated in the previous example, the hardware token is a highly secured placeholder for cryptographic keys. With the advent of portable data storage and cloud storage, user data privacy is at risk, which can be circumvented by data encryption. A hardware token can be used to encrypt/ decrypt the user s locally or remotely stored data. The challenge in this case is performance of the interface and the encryption/ decryption engine, which can significantly decrease data bandwidth. For encryption based on a hardware token, it s essential that the token can t be accessed by an attacker. Additional access protection to the token (e.g. via a PIN) is usually recommended to achieve Multi-Factor Authentication. Conclusion A good password can improve security, but today s users deal with so many online services that keeping track of a long list of different passwords is cumbersome and prone to error. Multi-factor authentication offers stronger, more convenient security than the traditional username/password method. Software tokens, such as certificates stored in a PC, can enhance authentication strength, but today s software solutions can t reach the level of tamper-resistance enabled by secure silicon technology. The smartcard has become a part of daily life. This technology, the first widely deployed enabler for multi-factor authentication, has proven its efficiency in reducing offline payment fraud and has helped drive success in GSM, 3G, and 4G cellular services by being an essential part of the security architecture. The expanded use of secured silicon technology will support the fight against identity theft and fraud, and has the potential to enable even more end-user services. Based on trusted security, a complete product portfolio and the best contactless performance, NXP is the leader in the overall ID market as well as in key market segments such as transport ticketing, egovernment, access, infrastructure, RFID/Authentication, payments, and NFC. NXP provides the entire ID market with end-to-end solutions, enabling customers to create trusted solutions for a smarter life.
8 NXP Semiconductors N.V. All rights reserved. Reproduction in whole or in part is prohibited without the prior written consent of the copyright owner. The information presented in this document does not form part of any quotation or contract, is believed to be accurate and reliable and may be changed without notice. No liability will be accepted by the publisher for any consequence of its use. Publication thereof does not convey nor imply any license under patent- or other industrial or intellectual property rights. Date of release: December 2012 Document order number: Printed in the Netherlands
PUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationHow TraitWare TM Can Secure and Simplify the Healthcare Industry
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
More informationWhite Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationm Commerce Working Group
m-powering Development Initiative Advisory Board second meeting Geneva, 23 rd of May 2014 m Commerce Working Group M-Commerce structure 2 Definitions Mobile Device m-commerce MFS m-marketing m-banking
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationSecure communications via IdentaDefense
Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationBiometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
More informationMinnesota State Colleges and Universities System Guideline Chapter 5 Administration
Minnesota State Colleges and Universities System Guideline Chapter 5 Administration Appropriate Use and Implementation of Electronic Part 1. Purpose. To establish requirements and responsibilities for
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationPopimsCard. Franck GUIGAN f.guigan@popimscode.com +33 6 14 63 93 36. The magic card. February 16. 2016
PopimsCard The magic card February 16. 2016 Franck GUIGAN f.guigan@popimscode.com +33 6 14 63 93 36 We all need to identify other persons, but official documents are not safe: Authenticating an ID card
More informationTrue Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
More informationInfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures
InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationBriefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationPreventing fraud in epassports and eids
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
More informationINTRODUCTION AND HISTORY
INTRODUCTION AND HISTORY EMV is actually younger than we all may think as it only became available, as a specification that could be implemented, in 1996. The evolution of EMV can be seen in the development
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationCompTIA Security+ Certification SY0-301
CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationArticle. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.
Article Robust Signature Capture Using SigPlus Software Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationNetwork-based Access Control
Chapter 4 Network-based Access Control 4.1 Rationale and Motivation Over the past couple of years, a multitude of authentication and access control technologies have been designed and implemented. Although
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationWEB SERVICES SECURITY
WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More information5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES
5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationHARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY
HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY INSTEAD OF A SECURITY PROBLEM, ENDPOINTS BECOME PART OF THE SECURITY SOLUTION SUMMARY The internet and mobility have made enterprise
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationBiometric Authentication Platform for a Safe, Secure, and Convenient Society
472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.
More informationBusiness Issues in the implementation of Digital signatures
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationSECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS
SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationWhite Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication
White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More information2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More informationAuthentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationProtecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations
More informationMODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationMore effective protection for your access control system with end-to-end security
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationMulti-Factor Authentication
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationA unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or
SBA Procedural Notice TO: All SBA Employees CONTROL NO.: 5000-1323 SUBJECT: Acceptance of Electronic Signatures in the 7(a) and 504 Loan Program EFFECTIVE: 10/21/14 The purpose of this Notice is to inform
More informationStop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd
Stop Identity Theft with Transparent Two-Factor Authentication e-lock Corporation Sdn Bhd December 2009 Table Of Content Table Of Content... 2 Executive Summary... 3 1. Introduction... 4 1.1 The Issue
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationSignicat white paper. Signicat Solutions. This document introduces the Signicat solutions for digital identities and electronic signatures 2015-08
Signicat white paper Signicat Solutions This document introduces the Signicat solutions for digital identities and electronic signatures 2015-08 Version 1.1 2015-08-20 Disclaimer Please note that this
More informationWhy Use Electronic Transactions Instead of Paper? Electronic Signatures, Identity Credentialing, Digital Timestamps and Content Authentication
Why Use Electronic Transactions Instead of Paper? Electronic Signatures, Identity Credentialing, Digital Timestamps and Content Authentication Introduction By allowing the exchange of information more
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationFIDO Trust Requirements
FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms
More informationCyber Essentials Questionnaire
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More information