Intel Identity Protection Technology (IPT) Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Steve Davies Solution Architect Intel Corporation 1 Copyright 2013, Intel Corporation. All rights reserved.
Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. No system can provide absolute security under all conditions. Requires an Intel Identity Protection Technology-enabled system, including a 2nd or 3rd gen Intel Core processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com. Intel, Intel Core, Ultrabook, Insider, vpro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2013, Intel Corporation. All rights reserved. 2
Your questions coming into this session 1. What is this improved user-friendly strong authentication? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 3
4 ebanking Use Case
5 Garanti Example Login using OTP generated by hardware token
Garanti Example Login using OTP generated by hardware token Enter hardware token generated One-Time Password for 2 nd factor authentication 6
7 Garanti Example Login using OTP generated by hardware token
8 Garanti Example Login using OTP sent by SMS to mobile phone
9 Garanti Example Login using OTP sent by SMS to mobile phone
10 Garanti Example Login using OTP sent by SMS to mobile phone
11 Garanti Example Login using OTP generated by Intel IPT
12 Garanti Example Login using OTP generated by Intel IPT
I see the user experience benefit But is it giving up some security? No, it is not giving up security 13
14 Enterprise VPN Use Case
15 VPN Example Login by typing OTP generated by hardware token
VPN Example Login by copy/paste OTP generated by Intel IPT My VPN token - X 16834096 copy 16
I see the user experience benefit But it is not really something new? Yes it is something new 17
18 B2B and B2C Websites
19 B2B / B2C Example Traditional login with username / password only
20 B2B / B2C Example Login with Mydigipass.com OTP
21 B2B / B2C Example Login with Mydigipass.com OTP phone or token
22 B2B / B2C Example Login with Mydigipass.com OTP Intel IPT
I see the user experience benefit But is it giving up some security? No, it is not giving up security 23
Add More Security PIN protect the Intel IPT OTP release My VPN token 0 9 7 4 3 1 8 2 6 5 Enter PIN My VPN token - X 16834096 copy 24
PIN Entry with Software Applets User view and malware view My VPN token 0 9 7 4 1 Confirm $50,000 transfer to account 3 # 8 9237-4602 5 2 6 Enter PIN What User Sees My VPN token 0 9 7 4 3 1 8 2 What Malware Sees 6 5 Enter PIN X My VPN token - X 16834096 copy 25
26 PIN Entry embedded in Webpage This is what the user sees
27 PIN Entry embedded in Webpage This is what malware sees
Hardware-based Security in the platform Win Apps Browsers Main OS Malware Win OS ME-based Apps ME DLL Separate CPU/RAM/Flash Trusted Execution Environment for Security Operations Crypto, Secure Display Main CPU Chipset Hardware based security isolated from the host 28
How It Works: Intel Components Intel Identity Protection Technology (IPT) Security features built into the chipset Security Service algorithm applet runs in the firmware Intel IPT generates OTP in isolated space 698731 29
Your questions coming into this session 1. What is this improved user-friendly strong authentication? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 30
Intel Identity Protection Technology Platform Roadmap Atom Tablets Install Base Ultrabooks vpro Desktops & Laptops Core Desktops Core Tablets Core Laptops Atom Phones 2012 2013 2014 Mid 2013, on all Intel Core systems and extending to Intel Atom based phones and tablets in 2H 2013 To become ubiquitous in worldwide Intel-based platforms 31 Intel, Intel Core, Ultrabook, Insider, vpro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation. *Other names and brands may be claimed as the property of others.
Intel Identity Protection Technology Service Building Solution Blocks Internet On-Premise or Cloud or Mixed Website Consumer - Enterprise Authentication Server Provisioning & Verification Services Token Record Storage 32 *Other names and brands may be claimed as the property of others.
Your questions coming into this session 1. What is this improved user-friendly strong authentication? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 33
Why is this relevant to you? Your Customer s Benefits Easy to use Protects against many types of attacks Opt-in gives you freedom Complements existing 2FA with : Hardware based User friendly strong authentication solution Enhance brand value & reputation Complements existing 2FA with 34
35