Security Strategy for Mobile ID GSMA Mobile Connect Summit

Similar documents
Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

21 & 22 November 2017 Suntec Exhibition & Convention Centre, Suntec City

Dissecting NIST Digital Identity Guidelines

Jrsys Mobile Banking Solutions

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Mobile Connect Driving Global Economic Growth Through Secure Mobile Identity

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

M2MD Communications Gateway: fast, secure, efficient

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

Welcome to State Bank of Herscher s Online Banking!

Next Generation Authentication

PKI Credentialing Handbook

Safelayer's Adaptive Authentication: Increased security through context information

WHITE PAPER 2019 AUTHENTICATOR WHITE PAPER

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

M2MD Communications Gateway: fast, secure and efficient

Identity & security CLOUDCARD+ When security meets convenience

e-sign and TimeStamping

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

The Open Application Platform for Secure Elements.

Security in NFC Readers

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?

Mobile Identity Management

SxS Authentication solution. - SXS

New Paradigms of Digital Identity:

Integration Guide. SafeNet Authentication Client. Using SAC CBA for VMware Horizon 6 Client

Measuring Authentication: NIST and Vectors of Trust

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Payment Services Group

Hardware One-Time Password User Guide November 2017

Trusted National Identity Schemes. Coralie MESNARD

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

Digitalisation and electronic signatures

THE SECURITY LEADER S GUIDE TO SSO

Digital Identity Trends in Banking

Cryptologic and Cyber Systems Division

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Yubico with Centrify for Mac - Deployment Guide

APG8205 OTP Generator

More than just being signed-in or signed-out. Parul Jain, Architect,

Welcome to Adobe. This document will help you with initial account setup and password reset.

eauthentication and Cross Boarder etransaction

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Authentication Technology for a Smart eid Infrastructure.

Singapore s National Digital Identity (NDI):

SafeNet Authentication Client

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA

The Digital Identity Revolution

MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Secure Access Manager User Guide December 2017

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

New Business. Opportunities for Cellular IoT. Loic Bonvarlet Director of Marketing Secure Identity Arm. Copyright 2018 Arm, All rights reserved.

Bringing you an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator. Mars 2016

Solution. Imagine... a New World of Authentication.

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Kigen SIM Solutions. Unlock the full potential of IoT

SafeNet Authentication Client

eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister

AS emas emudhra Authentication Solution

ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

Mobile Payment in a cashless future Trends/Benefits/Solutions

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

A privacy-preserving authentication service using mobile devices

POPA MOBILE BANKING USER GUIDE

Using existing security infrastructures

Publishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.

A National e-authentication Service

Exostar Identity Access Platform (SAM) User Guide September 2018

OATH : An Initiative for Open AuTHentication

How-to Guide for Exercise Access the Demo Appliance Landscape (Week 1, Unit 6, Part 1)

Internet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m

Hardware One-Time Password User Guide August 2018

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

Kickstart. Overview. Oct 2017

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

E X O S T A R, LLC D A T E : M AY V E R S I O N : 4.0

Exostar Identity Access Platform (SAM) User Guide July 2018

TRUST ELEVATION WITH SAFELAYER TRUSTEDX. David Ruana, Helena Pujol 14Q4

Put Identity at the Heart of Security

SafeNet Authentication Client

Building on existing security

PSD2 Compliance - Q&A

USE CASES. See how Polygon s Biometrid can be used in different usage settings

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

Secure Access Manager User Guide September 2017

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

Enabling Compliance for Physical and Cyber Security in Mobile Devices. Chip Epps & Daniel Bailin HID Global

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

The CISO s Guide to Deploying True Password-less Security. by Bojan Simic and Ed Amoroso

Transcription:

Security Strategy for Mobile ID GSMA Mobile Connect Summit Singapore, 22 nd November 2017 G+D Mobile Security

G+D Mobile Security: Managing Billions of Connected Digital Identities Today 660 million contactless and dual interface cards issued over the past 6 years #1 in esim Management Digital Banking for Financial Institutions Managed connectivity for Telecommunication Industries +1.5 billion EMV cards provisioned over the past 5 years >100 mobile payments solutions provided to leading financial institutions 8 of the top 10 car manufacturers trust in G+D Mobile Security s connected car solutions 2.9 billion SIM cards managed in over 80 countries +1 billion mobile devices managed globally 100 million authentication cards protecting access for customers worldwide SECURING MOBILE LIFE Scalable IoT Security for Enterprise & OEM

Introduction: Level of Assurance Level of Assurance 1 At Level of Assurance 1 (LoA1), there is minimal confidence in the asserted identity of the entity, but enough confidence that the entity is the same over consecutive authentication events. LoA1 is used when minimum risk is associated with erroneous authentication. There is no specific requirement for the authentication mechanism used; only that it provides some minimal assurance. *When using Mobile Connect API, Level of Assurance 1 does not apply. Level of Assurance 2 At Level of Assurance 2 (LoA2), there is some confidence in the asserted identity of the entity. LoA2 is used when moderate risk is associated with erroneous authentication. Successful authentication will be dependent upon the entity proving, through a secure authentication protocol, that the entity has control of an agreed credential. During a Mobile Connect authentication for LoA2, the user will be prompted and will need to respond on their mobile device* to prove that they are in possession of the device (the credentials). As defined, LoA2 only provides some confidence that we know for sure that the user has access to the mobile device. We also describe this as "Something you have". If the application using the Mobile Connect API is on the mobile data network at the time of the request, the user may not have to respond to a prompt to prove that they are in possession of the device as this can be done by the mobile network. This is referred to as seamless authentication. Level of Assurance 3 At Level of Assurance 3 (LoA3), there is high confidence in an asserted identity of the entity. LoA3 is used where a substantial risk is associated with erroneous authentication. Identity proofing procedures shall be dependent upon verification of identity information. During a Mobile Connect authentication for LoA3, the user will be required to enter a secret PIN that they agreed beforehand. As defined, LoA3 provides a high confidence that the user that has access to the mobile device is also the entity to which the identity was assigned, as only that entity should know the PIN. We describe this as "Something you have and something you know". It is possible to replace the "something you know" second factor in an LoA3 authentication with for "Something you are" provided by bio-metric factors such as a fingerprint. This is dependant on mobile network operators local authenticator implementations. Level of Assurance 4 At Level of Assurance 4 (LoA4), there is very high confidence in an asserted identity of the entity. This LoA is used when a high risk is associated with erroneous authentication. LoA4 provides the highest level of entity authentication assurance defined by this standard. LoA4 is similar to LoA3, but it adds the requirements of in-person identity proofing. https://developer.mobileconnect.io/level-of-assurance

Secure SIM-based Service UX LOA2 Security level AB WebService Please enter Welcome your mobile to number +65 AB WebService 7956 0753 Confirm logon to AB WebService? OK YES NO

Secure SIM-based Service UX LOA3&4 Security level Bank Web Account Please enter Welcome your mobile to number Enter PIN +65 Web 7956Account 0753 Bank OK OK CANCEL

GSMA Mobile Connect LoA4: PKI Infrastructure PKI Advantages - Flexibility in Key Distribution - Non-Repudiation Use-case PKI Disadvantages - HW Requirements on Client and performance - PKI Entities management: CA, VA, CRL Maintenance - Post-quantum Cryptography resilience

Convenience / Security / Complexity Complexity Solution Convenience OTP SIM LoA2 Mobile App SIM LoA3 SIM LoA4 Security

Server Side: One Connection Multiple Authenticators SINGLE POINT FOR CONNECTION Mobile Connect Interface Optionally others MULTI-AUTHENTICATOR SECURE, SCALABLE High-Security Data Centres Multi-tenant environments High-Availability OTP WIB Java App Others SP EXPERIENCE Simple SP on-boarding Clear MNO integration

Mobile ID Suite: Two systems, One Solution Mobile Id Suite SIM based Java Applet authentication (3DES/AES) WIB Authentication (3DES) One-Time-Password (OTP) SW App Auth Smartphone application authentication (PKI) Mobile ID Suite WIB Java App LOA2 & LOA3 use cases support: Self-Service Portal, MNOs VAS, Enterprise login, Cloud login, e-commerce, online banking login, egov login

Smartphone App Authenticator secured by G&D TAK (Trusted Application Kit)

Thank you for your attention! Pedro Hernandez pedro.hernandez@gi-de.com Head of Product Management Cyber Security Solutions G+D Asia Giesecke & Devrient GmbH, 2017. Subject to change without notice.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback