© FIRST NATIONAL BANK Oracle IDM at First National Bank Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994] An Oracle

© FIRST NATIONAL BANK

Oracle IDM at First National Bank

Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994]

An Oracle Open World 2014 Presentation


Securely Extend Applications to Mobile Devices


• Several years ago, we recognized the need to replace our security offering and add needed feature sets. With Oracle’s Identity and Access Management platform we were able to do so.

• With the introduction of our mobile solutions in 2013, we recognized the need to enhance our customer experience by providing easier ways to login and view basic account details. With Oracle’s Mobile Social and Gateway additions we will be able to do so.



Oracle IDM at First National Bank• Past, Current, Future Use of IDM• Current, Future State of First National Bank Mobile App• Architecture, Management and Challenges of Mobile

Social and Gateway components for our First National Bank Mobile App

• Recap



Past Use (2012-2014)

• TriCipher Appliance Replacement• Integrated into newly created and existing websites and mobile

applications servicing our customer base• SAML Single Sign-On for Rewards and Collections• Challenged with product base configuration during rollouts, solved

by leveraging Advanced Customer Support assessments• Team familiarity with the Oracle IDM stack grew tremendously

having to add in tuning, partitioning, archiving• Design upgrade plan for our product base and begin build out



Past Install• OAM, OAAM, OIM 11g R1 (IAM Suite)

• OIF, OID, OVD 11g R1 (IDM Suite)

• Oracle RDBMS

• OAM 10g WebGate (Web Server)

• Cisco Load Balancers



Current Use (2014)

• Continue design and build out of infrastructure for our planned IDM upgrades

• Purchase Mobile Social and OAG components of the IDM stack• Design and build out infrastructure for our mobile implementation to

allow passcode and quick balance capabilities within our Mobile application

• Upgrade OAAM, OID, OVD in production• Continued leverage of Advanced Customer Support for upgraded

installs, health assessments, and overall guidance



Current Install• Upgraded

– OAAM 11g R2 PS2

– OVD, OID 11g R1 newer version

– Oracle RAC for upgraded components

– F5 Load Balancers for upgraded components

• Maintained

– OAM, OIM 11g R1 [limited use] (IAM Suite)

– OIF 11g R1 (IDM Suite)

– Oracle RDBMS

– OAM10g WebGate (Web Server)

– Cisco Load Balancers



Future Use (2014-2015)

• Implement Mobile Social and Oracle API Gateway for use by our mobile application

• Implement passcode and quick balance in our mobile application• Upgrade OIF, OAM, and OAM WebGates• Build out Active/Hot Standby location• Continued leverage of Advanced Customer Support for upgraded

installs, health assessments, and overall guidance



Future Install• Upgrade To

– OAM 11g R2 PS2

– OAG 11g R2 PS2

– OIF 11g R1 newer version

– Oracle RAC for upgraded components

– OAM 11g R2 PS2 WebGate (Web Server)

– F5 Load Balancers for upgraded components



First National Bank Mobile App

• Current State

– Custom built mobile application using REST Web Services

– XML to JSON API implementation for authentication and session management

• Future State

– Allow customer to login to native Mobile app on a registered device using passcode or password

– Allow customer to see balance and limited transaction history without logging in (quick balance)

– Leverage Oracle Access Manager Mobile Social, Oracle API Gateway, Oracle Adaptive Access Manager

– Use Aurionpro, Client Resources, Inc. and internal staff to assist with architecture, configuration, and coding efforts

– Possible use of OAuth, SOAP Services to RESTful Services, OTP for challenge question



First National Bank Mobile App - Login



First National Bank Mobile App - Enable Passcode and Quick Balance



First National Bank Mobile App - Set Passcode



First National Bank Mobile App - Passcode and Quick Balance Entry



First National Bank Mobile App - Quick Balance View



Mobile Social IDM Enhancements

• Mobile Social Architecture• Passcode, Token, Device, User Management• Password, Passcode, Quick Balance Interactions• Challenges

• Please welcome, Rakesh Meena, Security Architect with Aurionpro



Mobile Social Architecture



Mobile Social Management

• Passcode & Quick Balance Management– Alternative authentication method, managed by preferences– First time setup requires password entry– OVD attribute used for storage using SHA1 has format

• Token Management– OAM User Token– OAM JWT Token– Access Token– Client Registration Handle Client Token

• Device Management– KBA, Jail Broken, Lost/Stolen, Black List with OAAM

• User Management– Handled by custom APIs with OID/OVD



Password Login



Passcode Login



Quick Balance



Mobile Social Challenges

• Leveraging existing solutions

– Access Management

– Identity Management(user profile management, application provisioning and password support)

– Adaptive Access management

• KBA , OTP (sms/email/push notification), Jail break detection, Device Black list and White list

• Enabling new features relevant to mobile devices (numeric passcode authentication)

• Addressing security risks specific to mobile devices (lost/stolen device)

• Single Sign On across multiple native applications and native applications to browser application

• Cloud Based Authentication (ability to login with Facebook/LinkedIn/Google/Yahoo/Twitter accounts)



Mobile Social Challenges

• Standards (OAuth 2.0) support

• API Transformation (XML to JSON conversion)

• API Control and Governance (traffic throttling, auditing transactions and SLA monitoring/enforcement)

• API Monitoring and API Analytics

• API Security

– Threat protection(threating content scan and blocking) , Certificate management, Data encryption and redaction

– Integration with Access Management backend for Authentication and Authorization

• Enabling services(API) over multiple channels (mobile smartphone, mobile tablet , desktop browser, mobile browser , kiosk)

• Auditing and Reporting from single data source and ability to co-relate user session events(desktop browser, mobile native applications and mobile browser applications)




• Recap– External websites and mobile app authentication

– Single Sign-On to External Partners

– 11g R2 Upgrades

– Mobile Social Implementation for Passcode and Quick Balance

• Contact Us– Dawn Johnson Director, IDM First National

• [email protected] (402.602.5429)– Chris Trickel Director, Middleware First National

• [email protected] (402.602.7108)– Rakesh Meena Security Architect Aurionpro

• [email protected] (732.734.1478)


Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994]

An Oracle Open World 2014 Presentation


Documents

© FIRST NATIONAL BANK Oracle IDM at First National Bank Securely Extend Applications to Mobile Devices: Developing a Mobile Architecture [CON7994] An Oracle