maeson maherry n.
Skip this Video
Loading SlideShow in 5 Seconds..
MAESON MAHERRY PowerPoint Presentation
Download Presentation


152 Views Download Presentation
Download Presentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013

  2. Concept of identity

  3. Identity and Access Management User Identity Feed and Role Management Application SSO & Strong Authentication Support Identity Provisioning Policy Management Authoritive Identity Source Workflow and User Lifecycle Credentials Management Recertification Attestation Policy Rules Engine Compliance Governance Identity & Administration with Role and Credential Modeling Access Control User Self-Service USERS DESK Identity Provisioning Integration Adapters USERS MOBILE Unix Servers ORACLE EBS MS Active Directory and MS Exchange Legacy Applications & Physical Access Control RACF Databases

  4. The identity landscape is changing

  5. The Corporate Reality Today Physical Partners Customers Logical Employees Remote Employees Suppliers

  6. Considerations Drivers Physical and Logical Security Costs IP Protection Effectiveness Regulatory/Audit Pressures User Experience Balancing needs with effective implementation 6

  7. Logical Access • Complexity & cost of systems increasing • Unmanaged devices • Applications • Different user requirements • Fraud threats • Audit Compliance Websites & Remote Access Windows Logon Encryption & Digital Signatures

  8. Mobile Device Impact • 50% of firms have embraced a multiplatform mobile strategy • 60% of firms provide some support to personal devices * Forrester Fall 2010

  9. Legacy Physical Access (PACs) • Closed loop legacy systems • Easy to clone cards • No integration with Logical Access data Panel decides who can enter door radio Physical Access Reader Control Panel Logical Access data

  10. Multiple Identities and Credentials per User Logical Access • Physical Access 10

  11. One Credential, multiple functions Physical • Simultaneous - legacy & new (PKI) systems. • Easy Transition • Secure Logical One Card • No password changes • Portable across devices • Multiple applications • Secure

  12. The concept of “AND” to protect your valuables

  13. What are the three factors

  14. You have seen a digital certificate before: the yellow padlock indicates certificate based banking security

  15. Windows Smartcard Logon • What can be done? • Strong certificate authentication to Windows • PIN protected – eliminates need for password • Easy to use

  16. Smart Card Log On llll

  17. VPN • What can be done? • Strong certificate based authentication for remote access • VPN • Outlook Web Access • PIN protected – eliminates need for password

  18. Email and Digital Signature • What can be done? • Secure storage of certificates for • Secure email • Digitally signing documents

  19. Secure Email llll

  20. Physical Access Control (PACs) • What can be done? • Legacy and Next Generation PACs support in one card • Multiple card and applet options • PIV support

  21. Citizen 3FA solution

  22. Legal Summary – ECT Act of 2002

  23. Digital Signature capability Document Signing for integrity and accountability

  24. Government Signing Use cases Cloud Based Workflow Existing Workflow Signing DocFusion Personal Signing Document Generation BAS, Persal, Logis, SAP OrganisationalSigning Transactional Signing

  25. Authentication and electronic signatures Positive Act of Acceptance with verifiable integrity Positive Act of Acceptance Positive Act of Acceptance with verifiable integrity and F2F and 3FA Server Chip, pin, key Biometric Acceptance Chip, bio, key Password Acceptance Smartcard Adv Electronic Signature - Accredited digital certificate based Digital Signature -digital certificate based Electronic Signature Mobile, Pin, Key NID, bio, Key OTP Acceptance Windows store Mobile Phone Digitised tablet Signature Signature Image

  26. Transactional SigningNon repudiation User enrolled with face to face verification and supporting documentation Creates user and personalizes card with fingerprint and digital certificate User prompted for fingerprint, smartcard and digital signature on logon Recognize request for sensitive page User prompted for fingerprint, smartcard and digital signature on transaction approval Create Time Stamp and seals the record before storing in the evidence vault No transaction can be concluded if user does not acknowledge with a fingerprint and a smartcard present Forensic report drawn with enrolment data, downstream page, transaction changes and fingerprint

  27. Thank you