NFC Identity and Access Control

Similar documents
Defense Manpower Data Center CAC/PKI NFC

Single Secure Credential to Access Facilities and IT Resources

Strategies for the Implementation of PIV I Secure Identity Credentials

Strong Authentication for Physical Access using Mobile Devices

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

Solution. Imagine... a New World of Authentication.

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Mobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April 8, 2019

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Identiv FICAM Readers

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Identity and Authentication PKI Portfolio

New Paradigms of Digital Identity:

Enabling Compliance for Physical and Cyber Security in Mobile Devices

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

Crash course in Azure Active Directory

How Next Generation Trusted Identities Can Help Transform Your Business

Building Digital Key Solution for Automotive

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

No More Excuses: Feds Need to Lead with Strong Authentication!

ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION

Identity & security CLOUDCARD+ When security meets convenience

Leveraging HSPD-12 to Meet E-authentication E

Using the Prototype TWIC for Access A System Integrator Perspective

Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories

IDGo Middleware and SDK for Mobile Devices

How to Align Information Security and Safety in Healthcare

Interagency Advisory Board Meeting Agenda, February 2, 2009

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Overview. DigitalPersona Logon for Windows Data Sheet. DigitalPersona s Composite Authentication transforms

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

Match On Card MINEX 2

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?

FREEDOM ACCESS CONTROL

VMware PIV-D Manager Deployment Guide

Secure Lightweight Activation and Lifecycle Management

Bluetooth mobile solutions APPLICATION NOTE / FAQ. Page 1 on 24

Smart Card Alliance Member Webinar: Mission Expansion and Name Change. February 22, 2017

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

AirKey. Simply smart. Now also available for iphone

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

Leveraging the LincPass in USDA

FAMILY BROCHURE. Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Using Workspace ONE PIV-D Manager. VMware Workspace ONE UEM 1811 VMware Workspace ONE PIV-D Manager

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

EMERGING TRENDS AROUND AUTHENTICATION

Mobile: Purely a Powerful Platform; Or Panacea?

GSM Association (GSMA) Mobile Ticketing Initiative

State of the Industry and Councils Reports. Access Control Council

Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans

Helping Meet the OMB Directive

Mobile Devices prioritize User Experience

Why Active Directory Represents the Future of Physical Security

Biometric Use Case Models for Personal Identity Verification

Quick Reference Guide

The Open Protocol for Access Control Identification and Ticketing with PrivacY

How I Learned to Stop Worrying and Love the Internet of Things

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

How Mobile is Reshaping Payments

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Digital Identity Trends in Banking

HCE security implications. Analyzing the security aspects of HCE

FIPS and Mobility (SP Derived PIV Credentials) Sal Francomacaro FIPS201/PIV Team NIST ITL Computer Security Division

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

Enabling Compliance for Physical and Cyber Security in Mobile Devices. Chip Epps & Daniel Bailin HID Global

Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions

Cisco Spark from Telstra. Empower teamwork

Yubico with Centrify for Mac - Deployment Guide

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

g6 Authentication Platform

Smart Card meets Connectivity New Opportunities in Mobile Business with NFC Technology. Smart Card Alliance2005 Fall Annual Conference Martin Bührlen

CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

Limited Edition Product Overview

Revision 2 of FIPS 201 and its Associated Special Publications

Power LogOn s Features - Check List

2016 Global Identity Summit Pre-Conference Paper Hardening Authentication Technologies

Biometric Technology

Interagency Advisory Board Meeting Agenda, March 5, 2009

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

benefits for customers with subscriptions in CSP

Smartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen

Who s Protecting Your Keys? August 2018

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Interagency Advisory Board Meeting Agenda, December 7, 2009

Secure Government Computing Initiatives & SecureZIP

Physical Access End-to-End Security

PKI and FICAM Overview and Outlook

ID 1xx Series Cryptoterminals Trusted Hardware Security for Mobile Identity Solutions

Changes to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division

Transcription:

NFC Identity and Access Control Peter Cattaneo Vice President, Business Development

Agenda Basics NFC User Interactions Architecture (F)ICAM Physical Access Logical Access Future Evolution 2 NFC Identity and Access Control

Basics NFC Radio Capabilities - Very Short Range - Typically requires touch or tap - Shows user intent - Compatible with Contactless Smart Cards (ISO 14443) Works both ways: - Use credentials from a smart card on-device e.g. sign an email with a key on your smart badge - Emulate a smart card e.g. use you phone instead of a badge at the door 3 NFC Identity and Access Control

Basics Secure Elements - Single Wire Protocol (SWP) connects some SEs to the NFC radio - NFC Interface can power SE over SWP; No Battery Required - SE s without SWP connections can interact over NFC via apps - Multiple Secure Element Options - SWP: - SIM / UICC - Embedded NFC SE - microsd card (emerging new standard) - Non SWP: - Internal - Trusted Platform Module (TPM) - Trusted Execution Environment (TEE) - External - Contact card reader - Bluetooth reader/device - Cloud (HCE) 4 NFC Identity and Access Control

Smart Card vs Mobile Device Secure Element User Interface Communications Channel Additional Sensors 5 NFC Identity and Access Control

Smart Card vs Mobile Device PIV card Dual Interface Smart card One secure element Contactless interface ISO 14443 Contact interface External ISO 7816 NFC Device Multiple secure elements Contactless interface NFC (incl ISO 14443) Contact interface Internal only Communications Bluetooth, 3G, 4G, SMS, WiFi Screen, keyboard Camera, microphone GPS Fingerprint Sensor Lots more 6 NFC Identity and Access Control

NFC User Interactions 1. Desktop Computer Application 2. Physical Access - Opening a Door 3. Mobile Device App 4. Logical Remote Access from Mobile Device 7 NFC Identity and Access Control

User Interaction Desktop Computer Application 1. Desktop Computer Application 2. Physical Access - Opening a Door 3. Mobile Device App 4. Remote Access from Mobile Device Secure Credentials Desktop Applications Windows Login Email signing Secure Remote Access 8 NFC Identity and Access Control

User Interaction Physical Access Opening A Door 1. Desktop Computer Application 2. Physical Access - Opening a Door 3. Mobile Device App 4. Remote Access from Mobile Device Secure Credentials Physical Access Unlock Door 9 NFC Identity and Access Control

User Interaction Mobile Device App 1. Desktop Computer Application 2. Physical Access - Opening a Door 3. Mobile Device App 4. Remote Access from Mobile Device Secure Credentials Mobile Apps File Encryption Document Signing 10 NFC Identity and Access Control

User Interaction Remote Access from Mobile Device 1. Desktop Computer Application 2. Physical Access - Opening a Door 3. Using Mobile Device App 4. Remote Access from Mobile Device Secure Credentials Cloud Data 11 NFC Identity and Access Control

(F)ICAM - Identity, Credential, and Access Management - Why ICAM? - US-based: - Standards - Policy Guidance - Best Practices - Vendor Support 12 NFC Identity and Access Control - Practical Experience - All Federal Agencies - Many Federal Contractors - Other Commercial entities - Some other countries too! Incl disc of International Stds. - NFC works well with other architectures. ICAM is a just a well-known example

(F)ICAM - Identity, Credential, and Access Management 13 NFC Identity and Access Control

(F)ICAM - Identity, Credential, and Access Management 14 NFC Identity and Access Control

Logical Access Credentials in Smart Card Applications Email Mail Client Authentication S/MIME - Signing / Encryption Document Management Signing Encryption Synchronization Authentication Secure Remote Access VPN Secure Web Sites Mobile App Credentials 15

Logical Access Credentials in Smart Card Issues Contact Interface no NFC May be required for policy compliance Contactless Interface Credential Access Current FICAM limited FIPS 201-2 full set using Opacity Security Concerns No different from contactless cards Mobile Operating System API Support How does an app access the credentials? Few standards; limited support 16

Logical Access Credentials in Mobile Device Applications Email Mail Client Authentication S/MIME - Signing / Encryption Document Management Signing Encryption Synchronization Authentication Secure Remote Access VPN Secure Web Sites Other Application Credentials 17

Logical Access Credentials in Mobile Device Contact Interface Accessible via Mobile App App in device can access the SE via the contact interface User interaction (e.g. PIN entry) NFC via Card Emulation mode Contactless Interface Direct SE to NFC over SWP No different from contactless cards Battery not required Perfect Card Emulation 18

Physical Access Credentials in Mobile Device Contact Interface Accessible via Mobile App App in device can access the SE via the contact interface User interaction (e.g. PIN entry) NFC via Card Emulation mode Contactless Interface Direct SE to NFC over SWP No different from contactless cards Battery not required Perfect Card Emulation 19

Physical Access Credentials in Mobile Device Available Today Major PACS Vendors Support ISO 14443 devices Smart Cards NFC Devices Standards-based and proprietary solutions SWP SE solutions are seamless Real Innovation in Development Leveraging Device Capabilities Communication via device Reader can be off-line Biometric Integration Cloud-based Services 20

Future Evolution Mobile Devices with NFC Enable New Capabilities Lots of Great Work in Many Different Categories Interface Protocols NFC Layered Security Secure Channel Against Eavesdropping Device Pairing FIPS 201-2 / ANSI Opacity NFC + Other Communications Channels Bluetooth Secure Simple Pairing (SSP) with NFC Device Selection (improves user experience; ensures correct device is selected) Securely Connect (Out-of-band) Bluetooth Application Launch Credential Policy How Credentials in SE s used with NFC relate to other devices Example: NIST 800-157 Derived Credentials 21 NFC Identity and Access Control

Future Evolution Peer to Peer Devices are Symmetric Example, mutual authentication Instead of validating an employee badge with a handheld, any employee can validate any other Example, field incident security perimeter Enables dynamic perimeter, real-time access to location, list of check in/check out Making Dumb Readers Smart Cost is in the phone E.g. for higher security at night, give night access team phones with fingerprint readers Use phone communication channels 22 NFC Identity and Access Control

Future Evolution Engage Mobile Device Features with NFC Combining elements to enhance security Biometrics Fingerprint Facial Voice Iris Location Velocity Temperature Example: Secure Unified Communications Everyone connects with their mobile device to the weekly project call. They are strongly authenticated with a crypto key in an SE, a facial image is captured and a fingerprint is verified. The device provides voice communication and a shared whiteboard. As per corporate policy, all participants are stationary (not driving) and indoors in an approved location (home, main office, branch office). 23 NFC Identity and Access Control

NFC for Identity & Access Control Here Today A Strong Addition to the Smart Card Ecosystem 24

Peter Cattaneo Vice President Business Development Peter.Cattaneo@Intercede.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback