New Paradigms of Digital Identity:

Size: px
Start display at page:

Download "New Paradigms of Digital Identity:"

Transcription

1 A Telefonica White Paper New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) February 2016

2 1. Introduction The concept of identity has always been the key factor when it comes to establishing a relationship between individuals. Identification as a way to ensure someone is who they claim to be gains even greater relevance in an increasingly digitized world. This also brings a host of new challenges, including: Multidimensionality of digital identities. Their management and how this impacts on the definition of Corporate Identity (Social Identity vs Validated Identity). Attribution. Validation of the data (attributes) that make up and define a digital identity. Identity proofing. Validation of the relationship of an identity in the digital world with an identity in the real world. 3 The aim of this document is to discuss the concept of digital identity in the current ecosystem, talk about IAM solutions (Identity and Access Management) and IDaaS (IAM as a Service) and propose a model that will reduce complexity in the process of authenticating and authorizing identity management.

3 2. The Digital Identity Ecosystem For many years, the way of moving an individual s identity into the digital world has involved the creation of a digital representation of the individual. The manner in which this individual s digital identity is formulated depends on where it is to be used. From the perspective of the public sector, the validation of the relationship between this digital identity and the real world identity (identification/identity proofing) is vital. Typically, this identification process concludes with the generation of a set of credentials which links the individual with their identity in the digital world. This is the case of the processes that allow to register an individual within the society by issuing a unique number or physical token (e.g. national identifiers, social security numbers, digital certificate passwords, etc.). This issuance, managed by public authorities, constitutes a legally validated record, and it can be affirmed that these credentials correspond uniquely to a single individual. In addition, during the process of generating these credentials, certain attributes, which define the individual (such as name, surname, date of birth, nationality, gender, etc) will be validated. This set of identifiers, along with the validated attributes, whilst taking into account this 1:1 relationship with the individual which they identify, may be called Physical Identity. In private companies the scenario is slightly different. Companies have a need to validate the existence of an individual and their attributes in order to create another type of identity: Corporate Identity. To that end, it is possible to delegate the physical responsibility for carrying out the identification of individuals to the issuers of these identities. This is the case for a service provider who, in order to convert individuals into users of their systems or services, create their own credentials (e.g. an online banking user, a company employee or a consumer of services of a retail outlet). They require, to a greater or lesser degree, the submission of the corresponding physical identities so as to incorporate the attributes, which have already been validated, into the new identity. By creating these corporate digital identities, in addition to the attributes already validated by third parties, it is possible to add new attributes which can be validated by the service provider (e.g. postal address, bank account or phone number) or, even, attributes that it was not possible to validate but which have been provided by the individual themself now the user. This type of digital identity, unlike physical identities, does not have a unique relationship with the individual. That is to say, the same person may have multiple identities with a single service provider (e.g. in the case of a provider that identifies its users by their account number, a user may have multiple accounts with the same provider). These digital identities have traditionally been managed by IAM (Identity and Access Management) systems. With the advent of Social Media and the emergence of Social Identities, there is no longer a need for identification to link digital identities to a physical identity. It is now possible for individuals to assign themselves an identity on a Social Media site and, although they are asked to provide attributes, there is no robust process of identification to validate the authenticity of those attributes. The creation of an identity on a social network such as Facebook is a case where, unlike the previously mentioned, the information which an individual will be asked for during the identification process is not directly validated. When a new user joins Facebook, identification is established by requesting a prior digital identity (i.e. an account). It could be argued that this identification is verified by an identification request made to the account provider. However, there is no certainty that this provider actually validates the attributes of the individual. 4

4 Figure 1 How to obtain the best balance between usability, security and verification when authenticating and identifying users? PHYSICAL IDENTITY CORPORATE IDENTITY SOCIAL IDENTITY add VERACITY SECURITY B2B B2C USABILITY add SECURITY Digital Certificate Physical Check IAM Social Login User/Password - 2FA (token - IDAAS solutions are key factors in the evolution of traditional IAM management models. Whilst the benefits of social identities means better usability (fewer passwords, login and registration steps, improved and easy support) and improved intelligence (which make it easier to use these OTT solutions), there are disadvantages concerning privacy or identity theft. This, in turn, is leading to hybrid models which link digital identities generated by service providers with the identities that users provide. This need, together with the emergence of federated identity management, has given rise to complex scenarios in which identity management is carried out in a fragmented and adaptable way. This fragmentation means that now whoever issues and validates the credentials of a digital identity does not necessarily have to be the owner of the resource. This means being able to provide identity, as well as its management, as a service (IDaaS). Figure 2 How does Identity & Access Management work? 5

5 3. New Models of Authentication/ Authorization as a Service: AuthaaS Following this trend (IDaaS), in which companies or service providers increasingly delegate certain aspects of identity management to a third party, it is fundamental to focus on verifying that an individual is who they claim to be and therefore authorize their access to a resource. User authentication must be able to validate that the credentials a user provides have not been altered and thus enable verification that the user who owns them is, in fact, a legitimate user of the system. User authorization must be able to establish how users can gain access to certain resources, and who is authorized to do so at any given time. AuthaaS solutions should adapt how users authenticate, access and interact with the business. Within this proposal the mobile device is the key: Maximizes universality, allowing any user to interact anywhere using any technology. The mobile device is the only physical device that nowadays can be considered universal. Maximizes usability, allowing user interactions with no barriers (anywhere, anytime) Identification, with solutions that give the ability to individuals, businesses and governments to trust and have confidence in the identities of people with whom they interact. The use of mobile device requires a SIM card which distribution is highly regulated by the market (Telcos) and in that process a validation of the identity holder is carried out prior to activation controlled; Evolving security. Mobile device allows companies to create authentication/authoritation adaptatives schemes over traditional IAM models. Figure 3 Mobile devices key factors in the search for convergence between physical identity and digital identity. Network Connectivity 3G 4G Wifi Internet, apps and data ID-related Technologies Camera GPS Screen NFC Bluetooth Biometric Sensors Security elements to protect user data SIM (Suscriber Identity Module) MICRO SD (Micro Secure Digital) ese (Embedded Secure Element) Your mobile, your identity. 6

6 1. Mobile Device = Authentication Device There are a huge number of types of credentials that are being explored in order to create a way of preserving the unchanged relationship of digital identities. The various solutions that exist on the market today are based on something that the individual knows (e.g. passwords), something that the individual possesses (e.g. physical tokens: smartcards, NFC tokens, etc.), something that the individual is (e.g. fingerprints, voice signature, iris signature, etc.), or something that tells you how the individual behaves (e.g. behavioural analysis). In fact, in order to ensure the usability of authentication solutions, hybrid systems are often devised involving several of these methods, and providing differing degrees of authentication. Mobile devices as authenticators: They act as alternative channels for the verification of access to services (enabled for OTP service implementation via SMS, or automatic notification via APP). They are a good method to protect users against malicious acts, such as phishing or identity theft. They provide different degrees of authentication: Simple Authentication: Single factor: Something I have. Click OK (SMS URL or SIM click OK) Strong Authentication: Two factors: Something I have and something I know. PIN Two factors: Something I have and something I am. Biometrics 2. Mobile Devices as Authorization Devices The most frequent use of the authentication mechanisms mentioned above is usually related to the control of access to the resources of a system. This enables authorization mechanisms to establish how users can gain access to certain resources, and who is authorized to do so at any given time. In this regard, as is the case with authentication, mobile devices can be used as elements of interaction with users which can apply global strategies (Mandatory Access Control MAC) or discretionary strategies (DAC). As a part of those strategies, different methods are defined: RBAC, capabilities, as a couple of examples. In a complementary manner, the use of mobile devices would enable the role of who defines access policy to be widened, so that it is not only the owner of the resource. This would enable the mobile user to set controls on the use of resources when such a use is made using their credentials. 3. Mobiles Devices as Signature Devices Mobile devices incorporated as part of business processes can be used to perform digital signature processes, either by using a digital certificate stored on the device itself, through the use of a PIN encrypted in the SIM card, or by using a handwritten signature (biometrics). It is clear that mobile devices used as identity tokens offer companies or service providers the following benefits: A secure element for the authentication and identification of users thanks to the use of the operator s infrastructure: mobile network + SIM as a secure container. A link between physical identity and digital identity. Phone numbers enable us to establish this link between identities, by enabling the identification of an individual in services, both public and private, thanks to authentication and the sharing of attributes. 7 Global reach. Mobile devices (Smartphones) have undoubtedly become the most used and widely adopted form of technology which keeps digital users connected. More frequent log-ins by removing passwords while improving security, at the time it improves customer insights by receiving a persistent, unique, User ID across any device used by the same user. Creation of adaptive models. Mobile identity management as part of IAM solutions enables authentication/adaptive authorization systems to be configured based on context. This enables risk-based policies to be defined and so improves the end user experience (mobility, elimination of the password). Show innovation and leadership by supporting a mobile first strategy. A link between physical identity and digital identity. Phone numbers enable us to establish this link between identities, by enabling the identification of an individual in services, both public and private, thanks to authentication and the sharing of attributes. Global reach. Mobile devices (Smartphones) have undoubtedly become the most used and widely adopted form of technology which keeps digital users connected. More frequent log-ins by removing passwords while improving security, at the time it improves customer insights by receiving a persistent, unique, User ID across any device used by the same user. Creation of adaptive models. Mobile identity management as part of IAM solutions enables authentication/adaptive authorization systems to be configured based on context. This enables risk-based policies to be defined and so improves the end user experience (mobility, elimination of the password). Show innovation and leadership by supporting a mobile first strategy.

7 4. An integrated vision Based on the mobile device as the key to set authentication and authorization, Telefonica go for a combined model Authentication/ Authorization as a Service that allows companies to: a) Enjoy different levels of authentication (multifactor adaptive authentication) depending on the context and the risks that the company are ready to assume: from basic authentication to strong authentication. b) Be able to apply an effective access control strategy (Authorization) across traditional IT environments and over current IAM environments: OTP and digital latch. c) In addition, under the same approach, the integration of the solution with business processes will allow the Enterprise to turn the mobile device company in a security tool to sign. Telefónica has increased its Security offering with the generation of brand new and innovative products focused on Identity and Privacy. Our Identity and Access solutions adapt to the way users authenticate, access and interact with businesses, based on a vision that maximizes four key vectors: Identification; solutions that give the ability to individuals, businesses and governments to have confidence in the identities of people with whom they interact. Universality; allowing any user to interact anywhere using any technology. Compliance; making security a companion for your business, not a barrier. Usability; solutions that allow user interactions with no barriers (mobility and avoiding the use of passwords). Figure 4 AuthaaS reduces complexity when authenticating and authorizing combined with Enterprise current IAM solutions. SERVICE PROVIDER TELEFÓNICA SERVICE Enable users to authenticate to your applications and to authorize access to resources via their phone AUTHENTICATION AUTHORIZATON AUTHENTICITY Basic Authentication Strong Authentication Otp Digital Signature Seamless Click OK SMS Url Click OK SMS Applet SIM Applet + PIN TEE + Biometrics SIM / SMS Digital Latch SIM + Certificate Biometric signature - Fingerprint - Handwritten 8

8 Secure digital identity is now in our hands Mobile Connect an operator service for secure authentication and identification Uses a mobile phone for authentication (i.e. no passwords). Easy to use, anonymous and many uses including second factor authentication. Develops a secure way of sharing attributes putting the user in control. Leverages existing operator assets there is no user name and password to make a phone call or send SMS. Offered as APIs for service providers to integrate into their digital services. A digital Switch Latch protect your business and provide your users with an extra security layer Latch lets you implement a safety latch on your online services. By minimizing the time during which services are accessible the risk of theft or unauthorized usage is reduced. Reduces the risk of attacks directed at your online services by letting the users lock the service account or selected features conveniently, when they don t want to use them. Independent of other authentication mechanisms, as it supports most platforms and programming languages through APIs, SDKs and plugins. Available for Android, Blackberry, iphone, Firefox OS devices and Windows Phone. Sign your documents using your mobile phone SealSign digital and biometric signature to securely sign electronic documents through your mobile phone Scalable, modular and full enterprise platform for electronic document signatures compatible with digital certificates, biometric systems, OTP systems and long-term archiving of signed documents. Reduces costs associated with hardcopy management (printing, digitalization, transfer, archiving). Improves productivity and efficiency of business processes. Accessible from business applications and mobile devices. Generates electronic documents with full legal validity. Possibility of service via cloud or on-premise platform to meet enterprise needs. For more information see Telefonica Security Services portfolio at 9

9 5. About Telefonica Business Solutions Telefonica Business Solutions, a leading provider of a wide range of integrated communication solutions for the B2B market, manages globally the Enterprise (Large Enterprise and SME), MNC (Multinational Corporations), Wholesale (fixed and mobile carriers, ISPs and content providers) and Roaming businesses within the Telefonica Group. Business Solutions develops an integrated, innovative and competitive portfolio for the B2B segment including digital solutions (m2m, Cloud, Security, e-health or Digital Marketing) and telecommunication services (international voice, IP, bandwidth capacity, satellite services, mobility, integrated fixed, mobile, IT services and global solutions). Telefonica Business Solutions is a multicultural organization, working in over 40 countries and with service reach in over 170 countries. Telefónica Business Solutions Telefónica Business Solutions 10

10 6. Contact us For further information about our Security Services contact us at: or visit our website: 11

11 This document is the property of Telefonica. Any reproduction, distribution or public communication without the express written consent of Telefonica is forbidden. T9358

Identity & security CLOUDCARD+ When security meets convenience

Identity & security CLOUDCARD+ When security meets convenience Identity & security CLOUDCARD+ When security meets convenience CLOUDCARD+ When security meets convenience We live in an ever connected world. Digital technology is leading the way to greater mobility and

More information

Using Biometric Authentication to Elevate Enterprise Security

Using Biometric Authentication to Elevate Enterprise Security Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of

More information

Mobile: Purely a Powerful Platform; Or Panacea?

Mobile: Purely a Powerful Platform; Or Panacea? EBT: The Next Generation 2017 Mobile: Purely a Powerful Platform; Or Panacea? Evan O Regan, Director of Product Management Authentication & Fraud Solutions Entrust Datacard POWERFUL PLATFORM OR PANACEA

More information

Mobile Devices prioritize User Experience

Mobile Devices prioritize User Experience Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile

More information

Identity Management as a Service

Identity Management as a Service Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by

More information

Choosing the right two-factor authentication solution for healthcare

Choosing the right two-factor authentication solution for healthcare Choosing the right two-factor authentication solution for healthcare The healthcare industry s transition from paper to electronic records has introduced significant security risk from hackers around the

More information

Authentication Technology for a Smart eid Infrastructure.

Authentication Technology for a Smart eid Infrastructure. Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Digital Interconnect Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively

More information

Solution. Imagine... a New World of Authentication.

Solution. Imagine... a New World of Authentication. A Solution Imagine... a New World of Authentication. Imagine a World Where Passwords can t be hacked People can t share credentials Users can t pretend to be someone else Where authentication is more Secure

More information

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach 4 We have a PASSWORD

More information

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com @jgrantindc Digital: The Opportunity

More information

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused

More information

A NEW MODEL FOR AUTHENTICATION

A NEW MODEL FOR AUTHENTICATION All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world

More information

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing Janne Jutila, Head of Business Development, GSMA Fragility of passwords No matter what you tell them, users

More information

white paper SMS Authentication: 10 Things to Know Before You Buy

white paper SMS Authentication: 10 Things to Know Before You Buy white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling

More information

The Internet of Things

The Internet of Things 1 The Internet of Things The Internet of Things (IoT) is a new vision of the Internet in which any type of object or thing that generates or consumes data on the network can be connected. It is the evolution

More information

EMERGING TRENDS AROUND AUTHENTICATION

EMERGING TRENDS AROUND AUTHENTICATION EMERGING TRENDS AROUND AUTHENTICATION Michelle Salway Senior Director Sales - EMEA May 2017 1 BIOMETRICS: A GIFT FROM THE DEVICE MAKERS & BIOMETRIC VENDORS DEVICES ARE RICH IN AUTHENTICATION CAPABILITIES,

More information

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for

More information

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor

More information

NFC Identity and Access Control

NFC Identity and Access Control NFC Identity and Access Control Peter Cattaneo Vice President, Business Development Agenda Basics NFC User Interactions Architecture (F)ICAM Physical Access Logical Access Future Evolution 2 NFC Identity

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

BlackBerry Enterprise Identity

BlackBerry Enterprise Identity Datasheet BlackBerry Enterprise Identity The Challenge: Cloud services are critical in today s enterprises, yet a reliance on the cloud comes with real and growing security risks. Enterprises want a simple,

More information

Keep the Door Open for Users and Closed to Hackers

Keep the Door Open for Users and Closed to Hackers Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According

More information

User Authentication Best Practices for E-Signatures Wednesday February 25, 2015

User Authentication Best Practices for E-Signatures Wednesday February 25, 2015 User Authentication Best Practices for E-Signatures Wednesday February 25, 2015 Agenda E-Signature Overview Legality, Authentication & Best Practices Role of authentication in e-signing Options and applications

More information

Authentication Methods

Authentication Methods CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks

More information

USE CASES. See how Polygon s Biometrid can be used in different usage settings

USE CASES. See how Polygon s Biometrid can be used in different usage settings USE CASES See how Polygon s Biometrid can be used in different usage settings Web/Mobile Authentication Digital user authentication using biometrics Password management is increasingly harder for the user.

More information

How I Learned to Stop Worrying and Love the Internet of Things

How I Learned to Stop Worrying and Love the Internet of Things SESSION ID: SSC-W07 How I Learned to Stop Worrying and Love the Internet of Things Steven Sprague CEO Rivetz Corp @skswave The Big Shift Known Networks Ports Firewalls Packets SSL Known Devices Identity

More information

Dissecting NIST Digital Identity Guidelines

Dissecting NIST Digital Identity Guidelines Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether

More information

Safelayer's Adaptive Authentication: Increased security through context information

Safelayer's Adaptive Authentication: Increased security through context information 1 Safelayer's Adaptive Authentication: Increased security through context information The password continues to be the most widely used credential, although awareness is growing that it provides insufficient

More information

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks

More information

How to Evaluate a Next Generation Mobile Platform

How to Evaluate a Next Generation Mobile Platform How to Evaluate a Next Generation Mobile Platform appcelerator.com Introduction Enterprises know that mobility presents an unprecedented opportunity to transform businesses and build towards competitive

More information

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:

More information

Cross-Operator Identity Services. 13. January 2012, Telekom Innovation Laboratories

Cross-Operator Identity Services. 13. January 2012, Telekom Innovation Laboratories Cross-Operator Identity Services. Ingo.Friese@telekom.de 13. January 2012, Introduction. Successful Telco Identity needs joint R&D. We believe that IdM is one of the most important application enabler,

More information

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN Trusted Identities Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN WHAT YOU WILL LEARN TODAY Strong identity verification as a security measure and business enabler Authentication

More information

Identity and Authentication PKI Portfolio

Identity and Authentication PKI Portfolio Identity and Authentication PKI Portfolio Gemalto offers comprehensive public key infrastructure (PKI) authentication solutions that provide optimal levels of security. Supporting a wide portfolio of IDPrime

More information

Put Identity at the Heart of Security

Put Identity at the Heart of Security Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyński Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the

More information

PKI Credentialing Handbook

PKI Credentialing Handbook PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key

More information

Prof. Christos Xenakis

Prof. Christos Xenakis From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering

More information

Prof. Christos Xenakis

Prof. Christos Xenakis From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop

More information

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet Datasheet BlackBerry WorkLife Persona The Challenge An increasing number of employees today are using their own devices for work purposes, blurring the line between personal and business usage. This demand

More information

SAP Security in a Hybrid World. Kiran Kola

SAP Security in a Hybrid World. Kiran Kola SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal

More information

Security Strategy for Mobile ID GSMA Mobile Connect Summit

Security Strategy for Mobile ID GSMA Mobile Connect Summit Security Strategy for Mobile ID GSMA Mobile Connect Summit Singapore, 22 nd November 2017 G+D Mobile Security G+D Mobile Security: Managing Billions of Connected Digital Identities Today 660 million contactless

More information

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free! LinQ2FA Stay Fraud Free! Helping You Direct Communication Secure to your Your customers Network LINQ2FA Stay Fraud Free! Enhance your security against cyber fraud with Two Factor Authentication Suitable

More information

Identity Management: Setting Context

Identity Management: Setting Context Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA joe.pato@hp.com Identity Management is the set of processes,

More information

The new standard for user authentication

The new standard for user authentication + + The new standard for user authentication the convenient authentication 03 Summary 04 How does it work? 05 Benefits of convenient authentication for end users 06 Use cases 07 Click & Mortar 08 Natural

More information

The Mobile World Introduction

The Mobile World Introduction TABLE OF CONTENTS The Mobile World 3 SMS for Courier & Postal Services - Introduction 7 SMS for Courier & Postal Services Outbound SMS 8 SMS for Courier & Postal Services Inbound SMS 10 Technical Overview

More information

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips Table of Contents Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips 2 Current State of BYOD in the Enterprise Defining BYOD Bring-Your-Own-Device (BYOD): a business practice

More information

SMB Cloud InsightsTM

SMB Cloud InsightsTM 2015 SMB Cloud InsightsTM CHINA DEFINITIONS Cloud Services Defined This research focuses on the cloud services that matter most to SMBs: IaaS, web presence and web applications, unified communications,

More information

Security Architecture Models for the Cloud

Security Architecture Models for the Cloud White Paper Security Architecture Models for the Cloud Introduction While Hardware Security Module (HSM) customers traditionally have their own infrastructures and data centers and run HSMs on premises,

More information

Identity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID

Identity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID Identity Ecosystem Design challenges Wim Coulier eidas Expert Belgian Mobile ID Belgian Mobile ID respects the guidelines provided by is the reference for digital identification and authentication in Belgium

More information

Next Generation Authentication

Next Generation Authentication Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%

More information

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between Certificate Enrollment- and Signing Services for the Cloud A behind-the-scenes presentation of a successful cooperation between Introduction Based on our experience and the request from the market we would

More information

BlackBerry 2FA. Datasheet. BlackBerry 2FA

BlackBerry 2FA. Datasheet. BlackBerry 2FA Datasheet BlackBerry 2FA BlackBerry 2FA The Challenge: Critical enterprise systems especially cloud services are more exposed than ever before because of the growing threat of cybercrime. Passwords alone

More information

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com :: @jgrantindc 1 WHAT IS REGTECH? RegTech: Technology

More information

Innovative Authentication method for boosting Mobile Connect global roll-out

Innovative Authentication method for boosting Mobile Connect global roll-out Innovative Authentication method for boosting Mobile Connect global roll-out GB Patent Pending 1803719.2 US Patent Pending 15928348 IPification solution could very well be what is missing to 2018, Shanghai

More information

Authlogics for Azure and Office 365

Authlogics for Azure and Office 365 Authlogics for Azure and Office 365 Single Sign-On and Flexible MFA for the Microsoft Cloud Whitepaper Authlogics, 12 th Floor, Ocean House, The Ring, Bracknell, Berkshire, RG12 1AX, United Kingdom UK

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform

More information

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy

More information

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.

More information

Integrated Access Management Solutions. Access Televentures

Integrated Access Management Solutions. Access Televentures Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1

More information

Trust Services for Electronic Transactions

Trust Services for Electronic Transactions Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg

More information

Challenges and. Opportunities. MSPs are Facing in Security

Challenges and. Opportunities. MSPs are Facing in Security Challenges and Opportunities MSPs are Facing in 2017 Security MSPs work in an environment that is constantly changing for both the needs of customers and the technology in which they provide. Fanning the

More information

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the

More information

AS emas emudhra Authentication Solution

AS emas emudhra Authentication Solution AS emas emudhra Authentication Solution Create your own trusted enterprise network of users, devices, applications! With malware, ransomware and other cyber threats constantly thrown at Enterprises, a

More information

Citizen Biometric Authentication based on e-document verification. e-government perspective. Mindshare Ruslans Arzaniks Head of Development

Citizen Biometric Authentication based on e-document verification. e-government perspective. Mindshare Ruslans Arzaniks Head of Development Citizen Biometric Authentication based on e-document verification. e-government perspective. Mindshare 2017 Ruslans Arzaniks Head of Development About us WHO WE ARE X Infotech is a global provider of software

More information

Singapore s National Digital Identity (NDI):

Singapore s National Digital Identity (NDI): Singapore s National Digital Identity (NDI): Leaving no one behind Kwok Quek Sin Director, National Digital Identity Programme Government Technology Agency PART 1 INTRODUCTION TO NDI Better Living For

More information

Five Reasons It s Time For Secure Single Sign-On

Five Reasons It s Time For Secure Single Sign-On Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide

More information

Yubico with Centrify for Mac - Deployment Guide

Yubico with Centrify for Mac - Deployment Guide CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component

More information

IBM Security Access Manager

IBM Security Access Manager IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure

More information

Two-Factor Authentication User FAQ s

Two-Factor Authentication User FAQ s Two-Factor Authentication User FAQ s What is Two-Factor Authentication (2FA)? What does Symantec Validation and ID Protection (VIP) do? I don t have a smartphone, what is my alternative? How many devices

More information

Identity Management. Rolf Blom Ericsson Research

Identity Management. Rolf Blom Ericsson Research Identity Management Rolf Blom Ericsson Research Identity Management Agenda What is a Digital Identity Why Identity Management Identity Management Roles and technology User attitudes User Requirements Standardization

More information

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD Imagine that you re a CISO in charge of identity and access management for a major global technology and manufacturing company. You

More information

PSD2 webinar session - Q&A

PSD2 webinar session - Q&A PSD2 webinar session - Q&A Q: How does hardware based solutions such as OTP tokens will provide dynamic linking with single transactions? In general, users can enter payment information, such as the amount

More information

DigitalPersona Altus. Solution Guide

DigitalPersona Altus. Solution Guide DigitalPersona Altus Solution Guide Contents DigitalPersona... 1 DigitalPersona Altus Solution... 4 MODULAR SOLUTION CREATE-CONFIRM-CONTROL... 4 EXPERT SERVICES ASSESS-DESIGN-DEPLOY-SUPPORT... 5 DigitalPersona

More information

Technical Overview. Version March 2018 Author: Vittorio Bertola

Technical Overview. Version March 2018 Author: Vittorio Bertola Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which

More information

Securing Multiple Mobile Platforms

Securing Multiple Mobile Platforms Securing Multiple Mobile Platforms CPU-based Multi Factor Security 2010 Security Workshop ETSI 2010 Security Workshop Navin Govind Aventyn, Inc. Founder and CEO 1 Mobile Platform Security Gaps Software

More information

Hassle-free banking in the DIGITAL AGE through NEXT-GEN. Technologies W H I T E PA P E R

Hassle-free banking in the DIGITAL AGE through NEXT-GEN. Technologies W H I T E PA P E R Hassle-free banking in the DIGITAL AGE through NEXT-GEN Technologies W H I T E PA P E R Experience smooth transactions with the new generation of banking and payments using facial recognition. Financial

More information

PSD2 Compliance - Q&A

PSD2 Compliance - Q&A PSD2 Compliance - Q&A Q: How do hardware-based solutions such as OTP tokens provide dynamic linking with single transactions? In general, users can enter payment information such as the amount of money

More information

Verizon Software Defined Perimeter (SDP).

Verizon Software Defined Perimeter (SDP). Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.

More information

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017 THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017 An IT Architect s Guide to Implementation Considerations and Best Practices When Developing a BYOD Strategy As the consumerization

More information

Octopus Online Service Safety Guide

Octopus Online Service Safety Guide Octopus Online Service Safety Guide This Octopus Online Service Safety Guide is to provide you with security tips and reminders that you should be aware of when using online and mobile services provided

More information

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide Implementing Your BYOD Mobility Strategy An IT Checklist and Guide 2012 Enterproid IBYOD: 120221 Content 1. Overview... 1 2. The BYOD Checklist... 1 2.1 Application Choice... 1 2.2 Installation and Configuration...

More information

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded

More information

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK KEY BENEFITS AT A GLANCE Ensure your journey to the cloud is secure and convenient, without compromising either. Drive business agility

More information

Meeting the requirements of PCI DSS 3.2 standard to user authentication

Meeting the requirements of PCI DSS 3.2 standard to user authentication Meeting the requirements of PCI DSS 3.2 standard to user authentication Using the Indeed Identity products for authentication In April 2016, the new PCI DSS 3.2 version was adopted. Some of this version

More information

Make security part of your client systems refresh

Make security part of your client systems refresh Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for

More information

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust Solution Brief: Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust DeviceTone, our ready to run "connect, manage and enable" solution for product companies, makes secure connectivity,

More information

1.1. HOW TO START? 1.2. ACCESS THE APP

1.1. HOW TO START? 1.2. ACCESS THE APP Table of Contents 1. Get Started 1.1. How to start? 1.2. Access the app 1.3. Username and password 2. Mobile Banking features 3. Security 4. Accounts and inquiries 5. Transfers and beneficiaries 6. Charges

More information

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization GUIDE BOOK 4 Steps to Cloud Access Management A Practical Step-by-Step Guide to Managing Cloud Access in your Organization Cloud Access Challenges in the Enterprise Cloud apps in the enterprise have become

More information

White Paper. EVERY THING CONNECTED How Web Object Technology Is Putting Every Physical Thing On The Web

White Paper. EVERY THING CONNECTED How Web Object Technology Is Putting Every Physical Thing On The Web White Paper EVERY THING CONNECTED Is Putting Every Physical Thing Every Thing Connected The Internet of Things a term first used by technology visionaries at the AUTO-ID Labs at MIT in the 90s 1 has received

More information

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1 Fencing the Cloud with Identity Roger Casals Senior Director Product Management Shared vision for the Identity: Fencing the Cloud 1 Disclaimer Copyright 2014 Symantec Corporation. All rights reserved.

More information

Single Secure Credential to Access Facilities and IT Resources

Single Secure Credential to Access Facilities and IT Resources Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access

More information

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY Verisec is a Swedish IT-security company specialized in digital identity and information security solutions for the banking and payments industry.

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

The Orbit Travel App. An innovative travel solution to provide Orbit World Travel clients with a seamless business travel experience.

The Orbit Travel App. An innovative travel solution to provide Orbit World Travel clients with a seamless business travel experience. The Orbit Travel App An innovative travel solution to provide Orbit World Travel clients with a seamless business travel experience. USER GUIDE 1 About the App The smart all-in-one travel companion for

More information

Enabling Compliance for Physical and Cyber Security in Mobile Devices

Enabling Compliance for Physical and Cyber Security in Mobile Devices Enabling Compliance for Physical and Cyber Security in Mobile Devices Brandon Arcement & Chip Epps HID Global Sept 12, 2016 1630-1730 ET Agenda Smart Devices vs. Traditional Cards Mobility Infrastructure

More information

Cracking the Access Management Code for Your Business

Cracking the Access Management Code for Your Business White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access

More information

Storage Made Easy. SoftLayer

Storage Made Easy. SoftLayer Storage Made Easy Providing an Enterprise File Fabric for SoftLayer STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR SOFTLAYER The File Fabric is a comprehensive multi-cloud data security solution built on

More information

How Next Generation Trusted Identities Can Help Transform Your Business

How Next Generation Trusted Identities Can Help Transform Your Business SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2

More information

PKI is Alive and Well: The Symantec Managed PKI Service

PKI is Alive and Well: The Symantec Managed PKI Service PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions

More information