Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Simple, secure mobile push authentication and verification solution
HID Approve™
Benefits Features Specifications Differentiators
2
Introduction
HID Approve™ is a next-generation mobile multi-factor authentication solution. By combining public key-based cryptography with mobile push notifications, HID Approve™ delivers a simple and secure way for users to authenticate their access requests and verify their transactions. With a simple swipe gesture, you get proof-of-possession for “something a user has” to achieve strong two-factor authentication. With a comprehensive set of security customizations, including requiring a PIN to open, organizations can strike a balance between security and usability.
3
HID Approve™: How it works
To log in or verify a transaction, a request is sent to the authentication server where a push notification is triggered and sent to the registered mobile device by the iOS or Android service. No personal identifiable information is included in the push notification.
Transaction details are passed between the mobile device and the server over an out-of-band secure channel. This prompts the user to validate their login request by a swipe gesture. Once approved, the authentication server triggers a verification response to the banking application, and the login is successful.
Push Notification
Broker
UserApplication
ActivID®
AuthenticationMobileDevice
Out-of-BandSecure Channel
!
USERAPPLICATION
USERAPPLICATION
MOBILEDEVICE
Step [ 1 ]User signs in
Step [ 2 ]User approvessign-in request
Step [ 3 ]User gains access
4
Benefits
The HID Approve™ mobile app combines public key-based cryptography and push technology to create a new experience for customers of banks, retailers and healthcare providers as well as between employees and enterprises or organizations. This software-based solution is more intuitive and user-friendly compared to traditional methods of authentication and helps minimize the risk of the wrong person accessing confidential and proprietary information.
Trustedidentity
Seamless experience
Simplified compliance
Low cost of ownership
Flexibledeployment
5
Fully customizable andfine-grained security policies
Secure channel out-of-band activation and authentication
Runtime Application Self-Protection (RASP) to detect and preventreal-time app attacks
Easy and flexible user activationwith QR codes or manual entry
Mobile SDK option for integration into corporate apps
Multiple device registration for user convenience
Support for over 15 languages out-of-the-box
Multiple account registration with multiple service providers in a single app
Compliant with FFIEC, NIST, SAMA, and PSD2 regulations
Secure code (one-time password) option for mobile offline scenarios in case of connectivity challenges
User/CustomerFeatures
Features
The flexible and secure activation process of HID Approve™ ensures that each user’s device is securely personalized using state-of-the-art cryptographic protocols, provided through a straightforward and easy user experience. Users may securely register HID Approve™ with multiple user accounts and service providers, eliminating the need to manage multiple tokens or mobile apps for their two-factor authentication needs.
Out-of-the-box customization enables organizations to keep their brand at the forefront of the user experience without the need to build and maintain a custom mobile application.
System Features
6
Authentication Methods
• Mobile push with public key cryptography
• One-time password: OATH HOTP Event, TOTP Time-based, OCRA
• iOS 8.0 and up (mobile and tablet in portrait mode)
• Android 4.1 and up (mobile and tablet in portrait mode)
• Android KeyStore (hardware backed on version 4.3 and later)
• iOS KeyChain (hardware backed)
• OIDC/OAuth2
• TLS v1.2x509
• HPKP rfc7469
• ECDH
• 800-56 KDF
• PKC#5
• ECC
• RSA2048
• Oath
• HMAC-SHA2
• RADIUS
• SAMLv2
• ADFSv3
Platforms
Protocol and CryptographyStandards
Secure Key Generation and Storage
Specifications
7
Why HID Approve™?
This solution is available as a turnkey application or a software development kit for integration into existing corporate applications.
FlexibleDeployment
HID delivers more control for organizations already providing an app by supporting an on-premise model. It allows easy deployment and faster time to market with the ready-made app.
Increased Control
With server-side configuration capabilities, customers can easily customize the background color, logo and font color to support their brand guidelines.
Effortless Rebranding
Users can verify their access and transactions with a simple swipe gesture, reducing the risk of accidental verification. Users can also register multiple devices for their convenience.
Better UserExperience
8
GET IN TOUCH
HID Approve™ is a new addition to the broad range of authentication products and services offered by HID Global that enables organizations to achieve a maximum return on investment for all their authentication needs.
© 2018 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo and the Chain Design are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.2018-08-23-iam-hid-approve-eb-en PLT-04024
hidglobal.com
FIND OUT MORE
p r o d u c t s
G
E N U I N
E