Gaining Business Value from IoT

Similar documents
Put Identity at the Heart of Security

Using Biometric Authentication to Elevate Enterprise Security

Fujitsu World Tour 2016

Role of Biometrics in Cybersecurity. Sam Youness

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Keep the Door Open for Users and Closed to Hackers

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

USE CASES. See how Polygon s Biometrid can be used in different usage settings

EMERGING TRENDS AROUND AUTHENTICATION

Hassle-free banking in the DIGITAL AGE through NEXT-GEN. Technologies W H I T E PA P E R

ANNUAL SECURITY AWARENESS TRAINING 2012

Executive Customer Council 2017

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

Identity Management as a Service

Digital Identity Trends in Banking

DigitalPersona for Healthcare Organizations

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

We collect the information listed below as a consequence of our business activities.

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Virtual Machine Encryption Security & Compliance in the Cloud

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

European Union Agency for Network and Information Security

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

The European Union approach to Biometrics

How Next Generation Trusted Identities Can Help Transform Your Business

Integrated Access Management Solutions. Access Televentures

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Lecture 41 Blockchain in Government III (Digital Identity)

Security Specification

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

New Paradigms of Digital Identity:

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION

Single Secure Credential to Access Facilities and IT Resources

Cyber Security Updates and Trends Affecting the Real Estate Industry

Retail Security in a World of Digital Touchpoint Complexity

Whitepaper on AuthShield Two Factor Authentication with SAP

CipherCloud CASB+ Connector for ServiceNow

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

white paper SMS Authentication: 10 Things to Know Before You Buy

Blue Bird Airways PRIVACY NOTICE

Cyber Security Guidelines for Public Wi-Fi Networks

Internet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m

PSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK

Meeting the requirements of PCI DSS 3.2 standard to user authentication

Identity & Access Management

Choosing the right two-factor authentication solution for healthcare

BlackBerry 2FA. Datasheet. BlackBerry 2FA

SECURE DATA EXCHANGE

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

FFIEC CONSUMER GUIDANCE

Airport Security & Safety Thales, Your Trusted Hub Partner

Authentication Technology for a Smart eid Infrastructure.

Securing trust in electronic supply chains

Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

PALM VEIN TECHNOLOGY

Mobile Devices prioritize User Experience

A practical guide to IT security

SWAMID Person-Proofed Multi-Factor Profile

Altitude Software. Data Protection Heading 2018

Adobe Sign and 21 CFR Part 11

Overview of Akamai s Personal Data Processing Activities and Role

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

Vidder PrecisionAccess

Access Management Handbook

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

General Data Protection Regulation (GDPR)

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Prof. Christos Xenakis

Prof. Christos Xenakis

Securing Your Most Sensitive Data

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Datasheet Fujitsu PalmSecure Contactless Biometrics Authentication

The security challenge in a mobile world

BEST PRACTICES FOR PERSONAL Security

EU Passport Specification

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

INTUS 1600PS Palm Vein Authentication

GM Information Security Controls

THE FUTURE IS DECENTRALIZED

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Crash course in Azure Active Directory

Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey Friedberg

Identity & security CLOUDCARD+ When security meets convenience

Safelayer's Adaptive Authentication: Increased security through context information

DATA PROTECTION BY DESIGN

Effective Strategies for Managing Cybersecurity Risks

How Cyber-Criminals Steal and Profit from your Data

PRIVACY AND ONLINE DATA: CAN WE HAVE BOTH?

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

Transcription:

Gaining Business Value from IoT Digital Aviation Conference 2018 Thomas Bengs GM, Head of Biometrics EMEIA Enterprise Cybersecurity EMEIA Human Centric Innovation Co-creation for Success 0 2018 FUJITSU

Digital Transformation will enable transport infrastructure providers and operators to realise the vision of Intelligent Mobility by improving access to the transport network providing new ways to optimise supply & demand making journeys more seamless 1 2018 FUJITSU

A today`s standard travel process Booking Drive & Parking Check in Check in luggage Security check Immigration Passport control Shopping Lounge Boarding Inflight shopping Destination immigration Rental car Hotel What do all these activities have in common? 2 2018 FUJITSU

Your IDENTITY is requested! Each of these listed processes require a kind of identification document National ID card Passport VISA Driver License Boarding Pass Credit Card 3 2018 FUJITSU

Does Security meets Convenience? For most of those activities corporations implement combinations of single or multiple different methods to avoid misuse Password, Pin, Airline bonus card, Credit card, Passport, Driver License. Are those methods really safe? NO, because Identity fraud is more or less easy they are not compatible beyond each others or only with massive efforts they are forgotten/lost or manipulated by purpose in case of misuse there is no proof of identity who really performed the activity Most of the identity processes are not secured and they are not convenient 4 2018 FUJITSU

STILL TOO MANY ATTACK POINTS for our IDENTITY Screen contents can be read Webcam and microphone (internal/external) can be activated and controlled (room surveillance possible) External HDDs, USBs can install viruses and backdoors unnoticed Remote access Transfer and control of the systems by remote access Access to critical data Administrations can access sensible data unnoticed Communication (Internet/LAN/WAN) Backdoors to active / passive network components Data is intercepted Outgoing data can be intercepted, read and manipulated Main memory saves data unencrypted BIOS, OS, driver, application can contain backdoors Mouse and keyboard input can be read Internal data media (HDD, SSD, DVD) are readable despite encryption Intranet Internet Extranet Cloud Physical access to systems through insufficiently secured access processes Hacker attacks hacker attacks are facilitated by monitoring that is not end-toend; logs can be falsified 5 2018 FUJITSU

Identity fraud is around us Terrorist attacks Misuse of social media It takes 20 years to build a reputation and five minutes to ruin it Warren Buffet Financial transactions fraud IP theft 50% of organizations suffered a data breach in 2016 Enterprise data theft/manipulation Cyber attacks Cisco annual Cybersecurity report 2017 2016 Ponemon Cost of Data Breach Study 6 2018 FUJITSU

A world in motion needs Biometric identification Possible identification methods Precision of Biometrics Risk of Fraud Ownership Knowledge Biometrics To be transferred Yes Yes No To be stolen Yes Yes No To be forgotten Yes Yes No To be copied Yes Yes No To be lost Yes Yes No To be altered Yes Yes No Known methods Keys Password Vein Tokens Pin Iris Smart Cards "Selfie" Fingerprint Face Voice Key stroke Biometrics is the preferred method for secured & convenient identification processes 7 2018 FUJITSU

A deeper view to selected biometric modalities Deeper View Comparision Face Recognition Iris Recognition Palm Vein Recognition Security Level LOW-Middle Middle-High Very High Usability Depends on environment Middle Depends on environment Middle Broad Range Convenience factor Fair Fair Fair Privacy Factor (GDPR) Very Low Still High Very High Accuracy / Applicability Low-Middle Middle Very High 8 2018 FUJITSU

Biometric identification Secure & Convenient 9 2018 FUJITSU

Vision of a seamless Customer journey 10 2018 FUJITSU

Use case Berlin airports & Vienna airport Requirements Physical access control / Time & attendance Fast and easy access for airport staff, airline crews, federal police, customs, third parties Secure against authentication fraud Insensitive to environmental influences Robust and reliable high availability Solution PalmSecure-based physical access control terminals & turnstiles Template on card method biometric template is stored on LEGIC smart card 50,000 enrollments Customer benefits High security level true authentication Reduction of administration effort & costs Keyless operation Simplifies the authorization process for new people 11 2018 FUJITSU

Biometric applications need a strong IAM Identity Access Management is not just a product it is a SOLUTION Business Identity Management Access Management Business: - Defining the the IAM processes like access rights, protection levels, protected areas, building up a meta directory Membership Access Right Technology: - Interfacing the different applications and platforms to interact together User Roles / Groups Resources Technology IAM starts with identification but it also then includes, the way of communication forward & backward to/from the resources to work with Enterprise Access Management: - Defining access roles / groups - Defining authentication processing - Defining identitity management - Defining external access management 12 2018 FUJITSU

Hybrid IT the Fujitsu way On premise IT environment Cloud services of different vendors Microsoft Open and Standard Integration Interfaces Fujitsu Identity as a Service Google Repositories for different user groups Employees Subcontractors Partners Customers On premise Applications Identity Lifecycle Management and Provisioning Access Rights and Control Multiple Authentication Mechanisms Federation to the cloud and on premise Single Sign-On Password Management Biometrics Amazon 13 2018 FUJITSU

FIDO the Fujitsu way End user device - mobile phone - tablet - notebook Biometric match on device Match with public key to get application login Login to application Login request to application Private key stored on device Public key 14 2018 FUJITSU

FIDO A Japanese Megabank use case The bank starts to provide its mobile banking application as it s first FIDO service. At ATM ATM card-less and 4 digits PIN-less At the counter Passbook-less and Stamp-less Channel collaborations with FIDO authentication On the internet Password-less OTP-less The bank aims to expand FIDO solution to its other channels to solve a problem, as each channel currently requires users of different authentication, and improve service usability. Password and OTP for Internet banking. Password and PIN for ATM Stamp requirement at the counter In addition to Bank, Trust, and Stock Crosschannel, a collaboration of Credit card and Debit card is expected to create more business opportunities. Trust Stock Credit card Debit Card Other areas cross-channel collaboration (Bank, Trust, and Stock) 15 2018 FUJITSU

FIDO Security meets Convenience ID / PW OTP FIDO Reuse Hard to remember new ones, often using same ones Not reusable Not reusable Phishing Can be easily snatched High phishing risk Not reusable Only the authentication result is transfered Low risk Key Logger High risk due to physically typing in Not reusable No risk due to biometrics and encrypted keys Complexity of operation For each services it requires an (different) ID / PW For each services it requires an OTP Very easy operation Necessary to change regularly To maintain security level it needs to be frequently changed Not reusable Need not to be changed 16 2018 FUJITSU

Privacy is important REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( General Data Protection Regulation) article 2 (material scope) section 1, article 4 (definitions) and article 9 (processing of special categories of personal data) Don`t compromise yourself You are all you`ve got Unless every single user has not approved (explicit consent) that his personal data shall be processed for one or more specified purposes any processing/usage of those are strictly prohibited In order to be legally compliant it is mandatory to document such written explicit consent where the scope of processing of personal data is defined and every user signs this prior to registration/enrolment 17 2018 FUJITSU

Vielen Dank 18 2018 FUJITSU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback