Enabling Compliance for Physical and Cyber Security in Mobile Devices Brandon Arcement & Chip Epps HID Global Sept 12, 2016 1630-1730 ET
Agenda Smart Devices vs. Traditional Cards Mobility Infrastructure Considerations Mobility Technology Considerations The Future: Wearables and Beyond Convergence & Compliance The Security Landscape Contextual Authentication Using Analytics 2
Do You Remember the First Time You Saw This? 3
It's a New World 4
Phones & Wearables vs. Cards Smart Devices Easy to keep with you Online via tethering Typically user-owned and controlled User desire for wide range of uses User more likely to safeguard device Less likely to share device Wide range of costs Cards Not always convenient Always offline Issuer controlled Easily displayed credential with unlimited battery life Mature processes to deploy and manage Low cost 5
Mobile Access: Market Insights 6
More Demand for More Convenience Enable building occupantsto use smartphone, tablet, or wearable to enter controlled areas Fewer items to carry Remote, over-the-air credentialing Lost or forgotten cards no longer a problem Open doors from distance in long range applications Adds to perception of innovative environment 7
The Need for Greater Efficiency Make physical access administrationeasier with digital, online processes Replace physical credential management with digital experience Over-the-air credentialing of remote workers and visitors Streamline operations with integration to PACS or Visitor system Sustainable process with reduced waste and lower carbon footprint 8
The Need for Higher Security Provide higher levels of authentication in physical access control Easily deprovision unauthorized devices Deactivate in PACS system Revoke credential over-the-air Missing mobile devices are reported almost immediately Applications can be protected with biometric and/or passcode Vulnerabilities can be addressed quickly through remote update Mobile devices are rarely forgotten, lost, or stolen 9
Infrastructure Considerations for Mobile Access 10
Credential Provisioning Centralized Remote 11
Physical Access Control Traditional Architecture Physical Access Control 12
Physical Access Control Traditional Architecture w/ Mobile Over-the-Air Credential Management Physical Access Control 13
Mobile Access Remote Credential Provisioning 1) Administrator manages users and credentials via cloud portal 2) Credential transferred into device over the air 3) Device authenticates to reader using Mobile App 4) Reader sends credential data to panel 14
Technology Considerations for Mobile Access 15
NFC vs. Bluetooth Security Read Range User Experience Application Breadth Transaction Speed 16
NFC vs. Bluetooth NFC Communication based on contactless smart card standards Communication based on legacy Bluetooth standard Android Android andios 424 kbit/s data rate 270 kbit/s data rate Range up to 10cm Range up to 100m 17
Privacy Concerns 18
Mixed Populations Mobile Devices &LegacyCredentials 19
The Future: Wearables & Beyond 20
Tap to Open or Login for Wearables Nymi Band Continuous authentication technology called HeartID Authenticate users via their electrocardiogram (or ECG) Secure communication channel Simply tap band to access cloud apps and doors 21
Contextual Authentication Examples Single vs. Multi factor Exterior doors Interior doors High security doors Windows logon VPN Banking 22
Convergence One Credential for secure access to cloud, data and the door 23
Convergence Examples User Experience Single Card for PACS, Windows Logon and Network Access Mobile smartphones Policy Network access only allowed after authentication at the door VPN connection only allowed after GPS verified in sync with travel plans 24
Corporate ID Landscape is Rapidly Evolving.. More devices More Apps More Identity Data 25
Noun: criminal activities carried out by means of computers or the Internet The US Government proposes to spend $14 Billion in 2016 and $19 Billion in 2017 fighting cybercrime 26
Am I Really Dealing With My Bank? SMiShing Vishing Phishing Dear HSBC Customer Your account has been blocked due to suspicious activity. To restore access please Logon here. Copyright HSBC Bank 2015 All rights reserved. 27
Noun: the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this Sounds simple, but the activities required to be protected can be complex and costly Cryptography forms the basis for trust on line. - Bruce Schneier Fellow Berkman Center Harvard University 28
Cybersecurity is the result of applying consistent, coherent and connected identity and trust frameworks to the component parts of any given ecosystem If you solve the identity problem based on consistent trust, you dramatically reduce cyber risk Identity Cybersecurity Trust 29 29
Create Trusted Identities Natural Identity Trusted Identity Digital Certificates A digital certificate is issued to employees and customers to establish and protect a trusted identity; that Allows that person to do the same things in the electronic world that they do in the physical world Trusted identities combat fraud and protect against cybercrime 30
Establish User Confidence Device Binding Digital Certificate Mobile Banking App Live Security Center If you suspect fraud, please contact our fraud team. Press for Help Hello Mr Smith, Please confirm your transaction request for funds transfer at ATM Las Vegas. Hello Mr Smith, Please sign your nameusing your finger so we can verify you. Digital Cert Live Security Center Push Behavioural 31
Manage Your Risk Profile 32
Future Trends 33
Deliver Frictionless Authentication Multi-modal biometrics Transactional Analysis Behavioural Analysis (What We Do Today) Multi Decision Factor Authentication Engine Contextual Analysis Threat Detection Predictive Analytics 34
& Continuous Risk-Based Authentication Multi-modal biometrics Continuous Risk Assessment Transactional Analysis Contextual Analysis Decision Step Up Engine Auth Behavioural Analysis Threat Detection Confidence 12 10 8 6 4 2 0 Step Up 0 2 4 6 8 Time Span Predictive Analytics 35
Trusted Services Dashboard 36
Empower Mobility with Trust and Confidence Authentication Service 37
Next Steps See HID Global @ Booth #3901 Adjacent to ASSA ABLOY booth (#3601 ) Mobile Access on Android & Apple Wearables Biometrics Security Intelligence 38
Thank you Brandon Arcement, barcement@hidglobal.com Chip Epps, cepps@hidglobal.com 39