Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Similar documents
Deriving a Trusted Mobile Identity from an Existing Credential

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Business Banking Customer Login Experience for Enhanced Login Security

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

API-Security Gateway Dirk Krafzig

Agenda. How to configure

Strong Authentication. Securing Identities and Enabling Business

Entrust IdentityGuard Comprehensive

Software Token Security & Provisioning: Innovation Galore!

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

NCSU SSO. Case Study

Enhancing Web Application Security

CompTIA Security+ Certification SY0-301

Copyright Giritech A/S. Secure Mobile Access

Trends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona

Mobile Access Software Blade

Scalable Authentication

Secure Web Access Solution

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Defending the Internet of Things

Central Desktop Enterprise Edition (Security Pack)

MCBDirect Corporate Logging on using a Soft Token

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Entrust IdentityGuard

Longmai Mobile PKI Solution

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Building Secure Applications. James Tedrick

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

RSA SecurID Two-factor Authentication

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

The Convergence of IT Security and Physical Access Control

The Security Behind Sticky Password

A Guide to New Features in Propalms OneGate 4.0

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Information Security Basic Concepts

Advanced Authentication

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Okta/Dropbox Active Directory Integration Guide

Secure Your Enterprise with Usher Mobile Identity

Using etoken for Securing s Using Outlook and Outlook Express

Strong Authentication for Secure VPN Access

Leveraging SAML for Federated Single Sign-on:

BlackShield ID Agent for Remote Web Workplace

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Self-Service Portal Registering, downloading & activating a soft token

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

HP Software as a Service. Federated SSO Guide

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

FileCloud Security FAQ

Public Key Applications & Usage A Brief Insight

How Secure is Authentication?

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

SECUREAUTH IDP AND OFFICE 365

How Secure is Authentication?

The Convergence of IT Security and Physical Access Control

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Chapter 10. Cloud Security Mechanisms

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Biometric SSO Authentication Using Java Enterprise System

Improving Online Security with Strong, Personalized User Authentication

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SAP Single Sign-On 2.0 Overview Presentation

Connected Data. Connected Data requirements for SSO

Authentication Levels. White Paper April 23, 2014

Manual for Android 1.5

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Ensuring the security of your mobile business intelligence

HOTPin Integration Guide: DirectAccess

WHITE PAPER Usher Mobile Identity Platform

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Flexible Identity Federation

Device-Centric Authentication and WebCrypto

AVG Business SSO Partner Getting Started Guide

Two Factor Authentication and PKI Token (for Windows)

Secure Access Portal. Getting Started Guide for using the Secure Access Portal. August Information Services

Cybersecurity and Secure Authentication with SAP Single Sign-On

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

PHIN Systems Security and Two Factor Authentication. Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC

How CA Arcot Solutions Protect Against Internet Threats

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Introduction to SAML

SVN5800 Secure Access Gateway

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Mobile Device as a Platform for Assured Identity for the Federal Workforce

Security Best Practices for Microsoft Azure Applications

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

Contents. Introduction: Identities are Critical to Our Digital Life Mobile The Foundation of Next Generation Identities... 7

Service Description for Avaya Messaging Service Release 1.0 A hosted Software-as-a-service offering

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

STRONGER AUTHENTICATION for CA SiteMinder

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

OpenID & Strong Authentication

The Who, What, When, Where and Why of IAM Bob Bentley

Transcription:

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard

WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

CREDENTIAL USE IN MULTIPLE APPLICATIONS & DEVICES 3

MOST SECURITY BREACHES ARE ATTACKS ON IDENTITY Session Riding Identity Key Logging password 4

QUESTION What device type do you feel is most secure for online banking? PC MAC ipad/iphone Android Tablet/Phone 5 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

ARE MOBILE DEVICES SECURE? Device & Location Attributes Mobile devices have powerful features built in that organizations can leverage Secure Elements TEE Biometrics Application Sandbox Crypto Users want to carry them Always in hand Always connected Convenient Support work / personal balance Use continues to grow exponentially Out of Band channel Computing power makes them multi-purpose Multipurpose identity capability 6

TECHNOLOGY THAT CAN FACILITATE E-GOVERNMENT Strongly Identify the User Provide Secure Access to Information Authenticate Transactions

ISSUE STRONG MULTI-PURPOSE CREDENTIALS Strongly Identify the User Provide Secure Access to Information Authenticate Transactions ouser considerations Type of User What domain do they work in What are they using it for oadministrator considerations How easy does it integrate into existing systems How easy is it to use Can it meet short and long term objectives 8

QUESTION What second factor user authentication solution do you have in place? Hardware token Soft token SMS One time password None/Other 9 Entrust DataCard Datacard Corporation. Corporation. All rights All reserved. rights reserved.

MANY WAYS TO LEVERAGE ONE DEVICE Device Certificates Toolkits for mobile apps SMS One Time Password egrid Soft Token Out Of Band Transaction Verification Virtual Smart Credential Mobile devices can easily be provisioned with additional or temporary authenticators 10

VPN AUTHENTICATION Laptop 1 VPN Device Mobile Transaction Approval 3 Send notification Confirm Transaction 2 Fingerprint replace PIN

DEMO EMPLOYEE VPN ACCESS 12

DEMO WEB AUTHENTICATION NO PASSWORD 13

PHYSICAL LOGICAL CONSOLIDATION Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Logical SAML Physical Logical Physical osingle credential, single admin interface o Smart card, USB, Mobile Smart Credential obenefits o Better usability o Simplified on-board and off-boarding process including credential issuance o Easy migration o Support for new and legacy physical access systems o Higher security 14

SECURITY OF A HARDWARE TOKEN WITH THE CONVENIENCE OF MOBILE Mobile Secure World Normal World Digital Identity Trustzone OS Authorized Request Proof of Possession ARM Mobile Microprocessor Mobile Application Mobile OS Authentication Optional validate device fingerprint Trusted Execution Environment Digital ID cannot be stolen, misused by an exploit in the Mobile OS Approve any transaction originated anywhere, securely 15

SECURE BROWSING AND EMAIL Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Secure browser application to protect confidential information Strong certificate based authentication of user via a Mobile Smart Credential Leverages client authenticated SSL supported by Web Servers and Access Managers Secure, encrypted email client Digital signing with Mobile Smart Credential certificates

DEMO AUTHENTICATION WEB SINGLE SIGN-ON 1.Start Mobile Browser 2.Access corporate intranet 3.Outside firewall without VPN 4.Mobile application verifies enterprise server is authentic 5.Enterprise server authenticate mobile user 6.PIN allows virtual smart card to authenticate 7.Encrypt transfer of intellectual property 17

18

DEMO: ENCRYPTED EMAIL BROWSER LOGIN TO WEB RESOURCE Receive encrypted email on mobile Decrypt after PIN entry Link in email takes us to corporate intranet portal with no VPN Will report if intranet not trusted Enter PIN to authenticate to Web SSO portal November 13, 2015 19

20

Cryptographic functions available to mobile apps MOBILE AS THE ENTERPRISE DESKTOP Mobile Enterprise systems VIRTUAL SMART CARD Browser EMail WEB SSO Cloud Services Forms VPN Encryption Web EMAIL SAML IDP Exchange Sever Virtual Desktops Sign Transaction Access the same systems as a windows desktop PHYSICAL ACCESS LOGICAL ACCESS Mobile behaves like a smart card to windows & physical access 21

OUT OF BAND TRANSACTION VERIFICATION Strongly Identify the User Provide Secure Access to Information Authenticate Transactions Transaction Verification / Approval Login / Contract Signing Out of band confirmation and signing of a transaction Simplified process for the user Protects Against Man-in-the Middle, Man-in-the Browser attacks

DIGITALLY SIGN ON-LINE TRANSACTIONS Strongly Identify the User Provide Secure Access to Information Authenticate Transactions odigital signatures and transaction verification for non-repudiation of on-line transactions Employees Warrants Lab results Inspection reports Citizens Applications Healthcare submissions Bill payments 23

DEMO: APPROVE PAYMENT 1. Transfer money 2. Notification on mobile device at top of mobile screen. 3. Click on notification 4. OPTIONAL Authenticate with fingerprint or PIN 5. Transaction notification reviewed by mobile banking/payment application 6. User approves or rejects

DEMO: APPROVE PAYMENT WITH NO DATA CONNECTION Fallback to QR code if mobile data network not available 25

MOBILE PRESENTS AN OPPORTUNITY TO Mobile provides a nextgeneration solution for trusted identities Secure Convenient, ease to use, easy to provision Multi-purpose Mobile offers an opportunity to blend user experience and security like never before Lower costs Of authentication Of business processes Strengthen security for Logical & Physical Access Cloud Mobility 26

QUESTIONS Ian Wills Regional Sales Manager Entrust Datacard Ian.wills@entrust.com @iancwills

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information