Secure Your Enterprise with Usher Mobile Identity Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy
Agenda Introduction to Usher Unlock the enterprise Dematerialize traditional forms of identity The Usher identity Usher capabilities Identity verification Cybersecurity for system access Unlock workstations Physical access Usher Analytics Security Q&A 2
Unlock the enterprise with mobile identity Usher is a mobile identity platform designed to provide security for every business system and application across an enterprise. Dematerialize traditional forms of identity into a mobile identity badge Link the mobile badge to its owner with Touch ID Extend the mobile identity to every business process and application 3
Dematerialize traditional forms of identity Usher replaces traditional forms of identity such as IDs, passwords, and tokens, with mobile identity badges on a smartphone, allowing for advanced authentication while increasing convenience for end users. Mobile identity: advanced authentication Mobile identity: more convenient than traditional methods Inherent multiple factors of authentication PKI encrypted Out-of-band communication No keystrokes Always with you Instantly deployed Instantly revoked Instantly regenerated Bluetooth proximity Usher code scan 4
The Usher identity Usher is an elegant and powerful mobile app that lets users validate their identity in person or over the phone, log in to applications, open entryways, and unlock workstations. Key panel Bluetooth panel Site code panel Validation panel Usher badge 5
Authenticate your identity anytime, anywhere An industrial-strength security checkpoint in your pocket. Confirm identity in person Verify identity over the phone Validate group affiliation Broadcast identity to anyone near you 6
Bolster cybersecurity for system access Usher injects unparalleled speed, simplicity, and security into your business processes and applications. Log in to web applications without entering passwords Deliver SSO for SAML-enabled and mobile applications 7
Unlock workstations securely Usher allows users to log in to workstations with just their smartphones. Unlock Mac workstations using Bluetooth Login and unlock PC workstations by scanning QR code Quickly login to a workstation paired with a smartphone through Bluetooth Low Energy or by scanning a QR Code Provide a more seamless, convenient user experience without the hassle of passwords and tokens 8
Seamlessly access physical entryways Secure every entryway with digital keys. Scan a QR Code Tap an Usher Key 9
Gain a 360-degree view of your network Traditional forms of identification and authentication lack the analytical power to support information-driven decisions. With Usher, all end-user activity is captured and stored in the Usher Analytics database. Cybersecurity Network analysis Usher Analytics provides complete visibility of all identity actions across a network. Analyze your data from many different points of view, filtering on geography, timeframe, identity-related activity, and more. 10
Deploy Usher to the enterprise Usher enables network administrators to deploy and manage thousands of badges in a matter of minutes, while ensuring employees are accessing systems securely. IDMs: Active directory Open LDAP Web and Cloud applications Workstations: Mac (unlock using Bluetooth) Windows 7,8, and Server 2008 Available on: iphone ios 7.0+ ADFS Physical access control systems SAML Android 4.0+ 11
Usher is built from the ground up for bulletproof security Usher incorporates all best practices of security into the platform. Mobile Clients Mobile App 1. AES-GCM encryption of credentials 2. Integrated with biometrics 3. Time-limited QR and Usher codes 4. Offline Usher code generation 5. Encrypted authentication tokens 6. Encrypted X.509 client certificates Site Agents" TLS" Usher Server TLS" Existing ID Repositories" IDMS SSO PACS" Communication 7. Out-of-band transmissions 8. Encrypted channel using TLS protocol with X.509 certificates Usher Server 9. Certificate Authority for clients 10. Encrypted X.509 certificates 11. AES-GCM encryption of credentials 12. OAuth, SAML, and OpenID standards Site Agents 13. Individual IDM agents 14. Encrypted X.509 client certificate for each agent Usher Analytics Intelligence 15. Monitoring, Alerting and Analytics 12
Usher platform: multi-factor authentication Usher provides a multi-factor authentication system to ensure that an Usher mobile identity cannot be compromised or stolen. Something You know Something You have Something You are Phone passcodes ensure that only the owner of the phone can use it. PKI certificates ensure that only a phone registered to a user can authorize the Usher server to present his/her ID. Touch ID adds a layer of security that is convenient for users. 13
Usher platform: four layers of phone security Four layers of security protect identities if a phone is lost or stolen. Layer 1 Phone passcodes Layer 2 Finding or wiping the Phone Layer 3 Touch ID Layer 4 AES-GCM Encryption 14
Questions?
Thank You! Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy