1 / 27

Steve Kirsch Founder & CTO stk@oneid

Meet your new digital identity. Steve Kirsch Founder & CTO stk@oneid.com. Security today. Endpoints: unrealistic Users care about convenience Data: straightforward AuthN /Z: hard and important. Identity remains badly broken; nobody has solved it.

allie
Download Presentation

Steve Kirsch Founder & CTO stk@oneid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meet your new digital identity Steve Kirsch Founder & CTO stk@oneid.com

  2. Security today • Endpoints: unrealistic • Users care about convenience • Data: straightforward • AuthN/Z: hard and important

  3. Identity remains badly broken; nobody has solved it • Inconvenient: 100’s of usernames/passwords • Insecure: Today’s security paradigms are fundamentally flawed leading to never ending breaches and forced password changes • Will get worseas EMV rolls out • Unsustainable • # of pwd • # of breaches My 300+ usernames and passwords

  4. Two largest causes of never ending security breaches • Use of shared secrets (for >50 years): • Passwords • Credit card numbers, CVV • OTP including RSA SecurID • Voltage Identity Based Encryption (IBE) • KBA • Misc: “Safety images”/Passmark, biometrics • Centralized storage of sharedsecrets creates centralized risk

  5. Number of consumer websites allowing login w/o a shared secret 0 We are still nowhere 30 years after the invention ofpublic key crypto!

  6. User authentication: TodayShared secrets Enterprise Apps External Websites Desktop, Mobile Apps Offline (QR or NFC ID) Steve I have >300 different usernames and passwords! This is unsustainable

  7. Digital identity done right: no shared secrets Websites Enterprise Apps Desktop, Mobile Apps Offline (QR or NFC ID) Steve Convince your device URU Your device digitally asserts your ID to everyone else using PK(with your express approval)

  8. DEMO

  9. OneID Login Signature Flow After verification, user is logged in ✓ ✓ Signature C ✓ ✓ 1 Website Verifies Signatures 6 5 2 3 ✓ Signature A ✓ ✓ ✓ Signature B 4 ✓

  10. Pairing technology End to end secure transfer of crypto secrets between devices

  11. End-to-end secure credit card transactions w/o PCI risk Issuer (OneIDcompatible) OneIDpaymentgateway “INVOICE: Pay JC Penney$32.42” Using “Steve’s Personal VISA card”--a438ef3103439afe20… Verifies signature against public keys of user “INVOICE: Pay JC Penney$32.42” Send signed invoice to participating Issuer as credit or debit ; else verify signature, lookup card and send “old fashioned way” as credit card User

  12. Benefits Consumers Merchants • Reduce user frustration • Eliminate need for uname/password • No more lost pwd • Eliminate manual form fill, CAPTCHA • Increase security • Can even use public terminals w/o risk • Attacks (phish, malware, MITM, …) and identity theft difficult • Credit cards number isn’t given out • Increase privacy • RP can’t see repo and vice-versa • No PII on user device • Put user in control • Identity can’t be asserted w/o user participation • Higher sales • Since easy to login and register w/o typeing • Better security • Public keys on file aren’t a security risk • AuthN/Z no longer relies on shared secrets • Lower costs • Reduce lost password support costs • Reduced PCI liability • No need to handle credit cards • Reduced charge backs • Burden is on the consumer

  13. Integrated touch points • OneID allows a unified customer experience across multiple touch points: • On-line • In-store • Mobile • Over the phone

  14. Mobile app authN/Z • Log into OneID app => all other apps logged in

  15. OneID in-store Tap to Identify Confirm on Phone • Pay Starbucks • $9.45?

  16. Over the phone authN/Z • Punch in 3 digit number on phone • Confirm on mobile Confirm youridentity OR

  17. In-person AuthN • Tap static NFC tag at hotel check-in disk • Confirm on mobile Confirm youridentity OK to releasecontact info?

  18. Mobile pay • “Identify” to merchant • E.g., tap phone to static NFC tag at register • Confirm on phone OK to pay? $15.24

  19. OneID capabilities On-line In-personOver the phone • Authentication • Filling out forms • Secure credit card transactions • Authorization • Information sharing including updates • Proving digital claims (age>x, student, …) • Repository of non-forgeable “digital proof” (software RTU, music licenses, physical good receipts, proof of purchase)

  20. Key features • Easy to use • Convenient • Secure against most all attacks: physical, phishing, malware • Private • User-centric/User in control • No shared secrets with cloud repository • Portable • “Have it your way” security vs. convenience: • Device, Site, Transaction (+type). Max {user,RP}

  21. Two-Factor Auth: More secure & convenient than SecurID vs “Blank check” Outgoing Wire Transfer • Insecure • In-band (vulnerable to MITM) • Vulnerable shared secret • Can’t see what you are approving • Inconvenient • Another device to carry • Hard to use • Wastes time • Everyone hates them • Terrible GUI/UX Recipient: Sasha OrloffAmount: $5,000 USDBank: CitiBank OneID mobile phone app

  22. OneID is unique • Username: OPTIONAL • Password: OPTIONAL • Even I do not define a password, you cannot break into my account • It has to be that way since we know passwords are too easily divulged through social engineering, phishing, key logging, and guessing

  23. Very difficult to attack Need 6 secrets to win

  24. $1M if you can log in as me! I’ll even give you my username, password, and PINto make it easier

  25. About OneID • Founded: May 2011 • 18 employees • CEO: Alex Doll, former COO PGP • San Jose, CA and Austin, TX • $7M in funding

  26. “I believe OneID will be one of the most significant platforms to be built in the next 10 years” • Jonathan Heiligerformer VP OperationsFacebook

  27. Simple & Secure Digital Identity

More Related