1 / 11

Balancing Customer Privacy with Strong Authentication

Balancing Customer Privacy with Strong Authentication. David Strom david@strom.com (516) 944-3407 TISC Boston 11/13/1999. The challenge. Customers want simplicity Store operators want security. The old method: SSL/credit cards. How to deal with returning customers?

kimama
Download Presentation

Balancing Customer Privacy with Strong Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Balancing Customer Privacy with Strong Authentication David Strom david@strom.com (516) 944-3407 TISC Boston 11/13/1999

  2. The challenge • Customers want simplicity • Store operators want security

  3. The old method: SSL/credit cards • How to deal with returning customers? • How to deal with breaks in shopping session? • How to deal with peak loads? • Are they really secure? (Perception vs. reality)

  4. Current authentication methods • Passwords • Cookies • Database logins • Certs and PKI infrastructure • Single sign on system products

  5. Keeping track of passwords is tough • We all have too many of them • Where to store them? • Using same strings can compromise security • Different sites have different requirements for length, numeric characters, etc.

  6. Technology to the rescue • Lucent Web Assistant (lpwa.com:8000) • Compuserve RPA (www.compuserve.com/rpa)

  7. Cookies • Not everyone likes them (I do) • Not good if you use multiple machines or use public PC • Not good when you upgrade/change browsers

  8. Do you really want to do this? • Setup CA server • Generate a secure root CA • Train Reg Authorities to manage certs • Develop customer cert policies

  9. Solution: Single sign-on systems • Password synch • Login automation/scripting • Centralized security admin • Kerberos/tokens • Web interfaces?

  10. Products • Axent WebDefender • CyberSafe TrustBroker Suite • enCommerce • Gradient NetCrusader • HP Praesidium Domain Guard • IBM Snare Works • Internet Dynamics Conclave • Netegrity SiteMinder • Security Dynamics Technologies Keon Suite

  11. Panel • Deepak Taneja, Netegrity • Michael Onders, enCommerce

More Related