TRUST ELEVATION WITH SAFELAYER TRUSTEDX. David Ruana, Helena Pujol 14Q4

Transcription

1 TRUST ELEVATION WITH SAFELAYER TRUSTEDX David Ruana, Helena Pujol 14Q4

2 About Safelayer Providing ID technologies for Multi-factor Authentication PKI Authentication Digital Signature Since

3 Safelayer Identity Services Identity Federation Trust Elevation Multifactor authentication Signature/Transaction confirmation Single Sign-On with factor memory Standard web integration (cloud, mobile apps ) 3

4 Adaptive Authentication trust elevation trust elevation trust elevation trust elevation National Institute of Standards and Technology (NIST) ITU-T X.1254 / ISO/IEC classifications 4

5 LoA Accumulation in Authentication Flows Configurable authentication sequence Transparent for the user Requests an additional factor only when necessary Authentication is adapted to: The security requirements of each application User identity: role, department, quarantined identities, etc. Available authentication mechanisms Contextual information: device, location, business rules, keystroke biometrics, etc. LoA accumulation Up to high security levels On corporate and federated identities User profile is progressively updated 5 5

6 Authentication Factors Primary authentication Trust elevation Step-up Contextual authentication Behavioural biometrics Device identification (1) Explicit device registration Password Out-of-band OTP (2) Safelayer Mobile ID (3) Client SSL Third parties (4) (1) «Supplement to Authentication in an Internet Banking Environment», US FFIEC, June 2011 (2) SMS, , SW token, HW token (3) Also for transaction confirmation with PKC (4) Authentication can be delegated to apps, biometrics, 6

7 Classification of authentication methods Credential validators and federated identity providers 7

8 Authentication and SSO requirements Authentication requirements Minimum authentication level Specific authentication flow(s) Single Sign-On preferences Based on authentication level Based on authentication factors Credential validation steps Context factor analysis Not enabled SSO propagation between application groups Composition and selective delivery of identity attributes 8

9 Combination of requirements and result Minimum authentication level or specific authentication flow(s) SSO (Enabled/Disabled) Relying party platform configuration Relying party integration OAuth 2.0 (acr_values) / SAML 2.0 (RequestedAuthnContext) OAuth 2.0 (prompt) / SAML 2.0 (ForceAuthn) Relying party Identity Provider defaults Authorization scopes Intersection of requirements to guarantee most restrictive security and convenience preferences Authentication response includes new authentication level that was reached or specific authentication flow that was successfully executed User session in Identity Provider is updated 9

10 User-friendly PKI authentication Out-of-band authentication Trust elevation Transaction confirmation Document signing Federation with social networks 10

11 Thank you, David Ruana Helena Pujol Product Management Safelayer Secure Communications, S.A. All Rights Reserved. This material is intellectual property of Safelayer Secure Communications S.A. This material may be used or copied only in accordance with Safelayer.