SESSION ID:

#RSAC

Chris Taylor

How Next Generation Trusted Identities Can Help Transform Your Business

SPO-W09B

Senior Product ManagerEntrust Datacard@Ctaylor_Entrust

#RSAC

Identity underpins our PERSONAL life

2

#RSAC

Identity underpins our WORK life

3

#RSAC

So, what’s the problem?

4

TOO MANY IDENTITIES, TOO MANY PASSWORDS

#RSAC

Mega-breaches target password weaknesses

5

#RSAC

Solving the core issue

6

BUILDING A TRUSTED DIGITAL IDENTITY & EMPOWERING MOBILITY

#RSAC

Achieving Usability & Security

7

#RSACSO HOW DO WE MOVE

TOWARDS TRUSTED

IDENTITES?8

#RSAC

9

#RSAC

Benefits of a Mobile-Based Trusted Identity

10

Protect the business & our customers

Improve productivity & UX

New Services / better processes

Reduce IT cost and complexity

#RSAC

Powerful Native Features Enhance Security

11

TEE & Secure Element

Biometrics Crypto

“Out of Band” Channel

Application Sandbox

Device & Location Attributes

#RSACTransparent/Low friction security that adapts to risk

12

RISK VECTORS

Jail broken phonesLost/stolen phonesRogue applicationsBreached credentialsImpersonating devicesBanking trojans/malwareCNP fraud

SECURITY LAYERS

USER

OPERATING SYSTEM

CHANNEL

TRANSACTION

DEVICE

Jailbreak detectionSandboxingMalware detectionTrusted execution environment (TEE)

Device fingerprintingGeo-locationDevice IDProtected application access

Mutual SSL authentication

Adaptive authenticationEmbedded digital IDPush authentication

Push transaction signingTransaction signing tokens

#RSAC

MOVING TOWARDS

THE PASSWORD-LESS

ENTERPRISE

13

#RSAC

APPROVALS & SIGNING

TRANSACTIONVERIFICATION

FEDERATE TO SAAS

PHYSICALACCESS

VPN

LOGICAL ACCESS

Use Cases

#RSAC

VPN Authentication

15

PROBLEM:

Hardware tokens are secure but not user friendly

IT provisioning and logistics is complex

Expensive, limited use technology

SOLUTION:

Mobile Push Authentication simplifies 2FA for users and IT

#RSAC

Mobile Push for VPN authentication

16

No hardware tokens to carry

Better user experience

Easy user provisioning

Certificate approach is password-less

xxxxx

xxxxx

xxxxx

#RSAC

Physical / logical access

17

PROBLEM:

Passwords are painful to use and insecure

Smart cards are expensive and complex to deploy

Building access cards are insecure

SOLUTION:

Transform mobile devices into multi-purpose virtual smart cards

#RSAC

Windows SCLO

18

Traditional Smart Card

#RSAC

Windows SCLO

19

Traditional Smart Card

Virtual smart card reader

Mobile Virtual Smart Card

Convenient “auto-detect”

Secure “auto-logout”

#RSAC

Physical access

20

NFC-based communication to PACs

Convenient / always in hand

Strong Authentication

Can’t be “skimmed”

PKI certificate-based

Biometrics

PIV / Derived Credential compliant

#RSAC

On-the-go approvals

21

PROBLEM:

Constant need to improve business process (employees and customers)

Many processes require formal approvals / signatures

Traditional digital signing is complex to deploy and have a poor UX

SOLUTION:

Use mobile for anywhere, anytime digital signing

#RSAC

Digital Signature Using Mobile

22

Enable Business Transformation

Convenient / user friendly process

Improve internal efficiency

Improve consumer experience

2. Transaction approval

1. Transaction origination• Doctor writing a prescription • Banker offering a loan• Employee submitting a requisition

#RSAC

Summary

23

Identity is critical to today’s connected enterprise

Dated authentication methods fall short

Security Usability Cost / IT management

Mobile trusted identities transform business and the password-less enterprise

More secure More convenient Truly multi-purpose

#RSAC

Apply what you have learned today

Next week you should: Identify opportunities and use cases in your organization whereby

trusted identities on mobile devices can be leveraged

In the first three months following this presentation you should: Assess the critical qualities that would be used in the vendor

qualification process Begin vendor selection

Within size months you should: Select a vendor’s solution and conduct a pilot with your first use case Plan the implementation for supporting all use cases

24

#RSAC

BACK UP

25

#RSAC

All industries are at risk

26

EMPLOYEE IDENTITIES ARE BECOMING A WEAK LINK

#RSAC

Mitigating the risk of fraud

27

PROBLEM:

Fraud attacks are increasing in scope and sophistication

Customer data, enterprise systems, intellectual property & money are at risk

Malware can “ride” on authenticated user sessions

SOLUTION:

Use mobile to verify transactions “out of band” defeating account takeovers

3USE CASE

#RSAC

Mitigating the risk of fraud

28

3USE CASE

Let’s say you want to execute a $5000 bank transfer…

How can you be sure your PC is not infected with malware?

Compromised with desktop Malware?

#RSAC

Mobile for Transaction Verification

29

3USE CASE

Compromised with desktop Malware?

Transaction details retrieved over secure connection

QR Code

Offline TransactionVerification

#RSAC

• Not portable• Secure location• Work only

• Portable• Less Secure Locations• Work & some personal

• Highly portable• Anywhere anytime access• BYOD

Mobile will become the New Enterprise Desktop

#RSAC

Mobile as the New Desktop

31

DIGITAL IDENTITY

#RSAC

Entrust Datacard Corporate Overview

32

Trusted Identities | Secure Transactions

Privately held, headquartered in Minneapolis, MN, USA

Founded in 1969

Approximately $650M in annual revenue

2,000+ employees

34 worldwide locations

Sales, service and support covering 150+ countries

#RSAC

So what’s the problem?

33

Too many identities

Too many passwords

Too many password rules / changes

Lost / forgotten cards / hardware tokens

More regulatory laws around identities

#RSAC

Mobile- A unique blend of security and usability

34

Users want to carry them

• Always in hand• Always connected• Convenient• Support work / personal balance

Smart phones are becoming ubiquitous

• Both enterprise and consumer segments

Technology and security allows them to be used for multi-purpose trusted identities

#RSAC

Adaptive Authentication Platform

35

FRICTIONLESS EXPERIENCENo passwordsIdentify with a simple swipeFamiliar for smartphone usersHighly secure

ENABLING SOLUTIONAdaptive authentication — identifies risksLayered security — device, identity & behavior analyticsSupport for Apple, Samsung & Windows devicesTransaction signing for CNP transaction

RELEASE 11

#RSAC

Security for Every Vulnerability

36

AUTHENTICATION

USERPhone Jailbreak or

Root Detection

MOBILE SECURITY ONLINE SECURITY

App Access Control —PIN, Biometrics

Device Authentication —Device Fingerprinting

Adaptive Authentication — External Risk Engines & Contextual Data

User Authentication — Transparent OTP or Certificate-Based

Transaction Authentication —Mobile Push Notifications

Strong Identity Protection —TEE Storage

DEVICE

CHANNEL

TRANSACTION

APPLICATION

#RSAC

Stronger controls are not always betterSome offer better security but… Costly Logistics to issues / replace User have to carry them User experience frustrating Not multi-purpose Can you issue them to customers and partners?

More complex passwords?

Hardware tokens for the masses?

USB security keys?

Smart cards?