Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation 1 Copyright 2013, Intel Corporation. All rights reserved.

Your questions coming into this session 1. What improved user-friendly authentication is this all about? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 2

3 ebanking use case

4 Garanti example existing login using hardware token generated OTP

Garanti example existing login using hardware token generated OTP Enter hardware token generated One-Time Password for 2 nd factor authentication 5

6 Garanti example existing login using hardware token generated OTP

7 Garanti example existing login using SMS generated OTP

8 Garanti example existing login using SMS generated OTP

9 Garanti example existing login using SMS generated OTP

10 Garanti example NEW : login on an IPT system

11 Garanti example NEW : login on an IPT system

I see the benefits so it s most likely giving up some security No, it s not 12

13 Enterprise VPN use case

14 VPN example existing login by typing in a hardware token generated OTP

VPN example NEW : login by copy - paste of OTP My VPN token - X 16834096 copy 15

I see the benefits but it s not really something new is it well it is 16

17 B2B and B2C Websites

18 B2B / B2C example traditional login with username and password only

19 B2B / B2C example NEW : login with Mydigipass.com OTP

20 B2B / B2C example NEW : login with Mydigipass.com OTP phone or token needed

21 B2B / B2C example NEW : login with Mydigipass.com OTP no phone / no token

Same as before, I see the benefits But aren t you giving up some security here Same answer: no, we re not 22

Add more security NEW : PIN protect the automatic OTP release My VPN token 0 9 7 4 1 6 3 8 2 5 My VPN token - X Enter PIN 16834096 copy 23

I get it But it s really nothing special Not if you re not a malware 24

Here s what malware, MitB, MitM sees My VPN token 0 9 7 4 1 Confirm $50,000 transfer to account 3 # 8 9237-4602 5 2 6 Enter PIN What User Sees My VPN token 0 9 7 4 3 1 8 2 What Malware Sees 6 5 Enter PIN X My VPN token - X 16834096 copy 25

26 Embedded in Webpage.

27 This is what malware sees

Protected Transaction Display Bank generates an encrypted image with transaction details and sends it to the user s PC View seen by a user View seen by malware Encrypted bitmap; On screen randomly placed keypad Remote PTD can run any size overlay and include text, logos, etc. 28

Your questions coming into this session 1. What improved user-friendly authentication is this all about? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 29

Hardware-based Security into the platform Win Apps Browsers Main OS Malware Win OS ME-based Apps ME DLL Separate RAM/Crypto ME Firmware + Security Hardware Main CPU chipset Hardware based security isolated from the host 30

Hardware-based Security into the platform Win Apps Browsers Main OS Malware Win OS ME-based Apps ME DLL Separate RAM/Crypto ME Firmware + Security Hardware Main CPU chipset Security and Manageability Firmware Improved isolation from Host execution environment Separate memory, Separate Crypto, Security building blocks: Protected Timers, Secure Key Storage, 31 Separate Work Space Enables Strong Root of Trust for Security Services

How It Works: Intel Components Intel Identity Protection Technology (IPT) Security features built into the chipset Security Service algorithm applet runs in the firmware Intel IPT generates OTP in isolated space (Intel ME) 698731 32

Intel Identity Protection Technology roadmap Atom Phones Atom Tablets Install Base Ultrabooks vpro Desktops & Laptops Core Desktops Core Tablets Core Laptops 2012 2013 2014 Mid 2013 on all Core systems and extending to Atom based phones and tablets in 2H 2013 To become ubiquitous in worldwide Intel platforms 33 Intel, Intel Core, Ultrabook, Insider, vpro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation. *Other names and brands may be claimed as the property of others.

Your questions coming into this session 1. What improved user-friendly authentication is this all about? 2. What is it that Intel offers to support this? 3. What is it that VASCO offers to support this? 34

Intel Identity Protection Technology Service building solution blocks Internet In Premise or Cloud or Mixed Website Consumer - Enterprise Authentication Server Provisioning & Verification Services Token Record Storage 35 *Other names and brands may be claimed as the property of others.

Intel Identity Protection Technology integration into VASCO s solutions Website -- Application VASCO s methods for 2FA 36

Intel Identity Protection Technology Intel Identity Protection Technology complements / extends the existing 2FA with: Hardware based User friendly strong authentication solution 37 *Other names and brands may be claimed as the property of others.

Why is this relevant to you? Your Customer s Benefits Easy to use Protects against many types of attacks Opt-in gives you freedom Complements existing 2FA with : Hardware based User friendly strong authentication solution Enhance brand value & reputation Complements existing 2FA with 38

Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. No system can provide absolute security under all conditions. Requires an Intel Identity Protection Technology-enabled system, including a 2nd or 3rd gen Intel Core processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com. Intel, Intel Core, Ultrabook, Insider, vpro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2013, Intel Corporation. All rights reserved. 39