se-4111 max berman, user authentication for mobile devices and access
DESCRIPTION
Presentation SE-4111, User Authentication for Mobile Devices and Access, by Max Berman at the AMD Developer Summit (APU13) November 11-13, 2013.TRANSCRIPT
Developer Summit
November 2013
1
Presenters
• Max Berman, EVP of Business Development
• Len Mizrah, Ph.D., President and CEO
2
Who we are
Authernative is a leading provider of innovative user authentication solutions
3
Foundation
4
26 Granted US & foreign Patents 14 Pending Patent Applications 6 Issued Trademarks
User Authentication(mobile & online)
Server(site)-to-UserAuthentication
TransactionAuthentication
Encryption Key Mgmt./ Mutual Authentication
U.S. NIST FIPS 140-2 & Canada CSE FIPS 140-2
NIST 800-63 Level 3 Assurance
GSA, Alliant, CIOSP3, FedRamp, GovWin
GTRA Security Awards
CERTIFIED & ACCREDITED
TECHNOLOGY
BACKED BY INTELLECTUAL PROPERTY
Industry Quotes
5
• "Passwords are dead, our relationship with passwords are done at Google”, Heather Adkins, Google’s Information Security Executive (Sept, 2013)
• “Because a smartphone is the one device few people are without, it's seen as the perfect place to store credentials”. ‐ Antone Gonsalves, CSO (2013)
• “I think it's brilliant, we're finding that smartphone‐based authentication will be the type of authentication mode in the future” ‐ Trent Henry, analyst for Gartner (Aug, 2013)
Mobility Brings New Challenges to Authentication
• Security
• Design for mobility/single device
• Cross platform
• TCO, deployment
6
User Authentication Evolution
7
Inception 1990s/2000s 2008 2011
Google Android Pattern
Password / PIN /
Security Questions
Token/ Smart Card/ Biometric
Soft Token/SMS PIN
2007
Microsoft Windows 8 Pattern Login
Pattern Based Authentication
Solution: Passline®
8
pattern‐based One‐Time PIN Authentication
PCTabletSmartphone
Authernative solves the mobile & cross platform authentication challenges with an easy to use and secure, pattern‐based one‐time PIN solution
How Passline® Works
9
• The user creates a secret pattern within a grid.
• The pattern of cell positions are highlighted and numbered in the order they were selected.
• At login, the grid displays random digits that appear more than once
• The user is asked to enter certain digits displayed in the secret pattern.
• The question changes each time
Passline®:
App/FileLock
Secure YourDevice
Unlock NFCMobile Wallet
E‐CommerceTransactions
OTP Challenge Soft‐token
DeviceManagement
Access e‐healthrecords
Cloud/NetworkAccess
Defense‐Net Operations
Secure Authentication to device and platform services
10
Gaming DRM/Content
ID Mgmt/SSO
Comparison Matrix
Cost Low Med-High High
Security Highly Scalable Med-High Med-High, requires device
Hardware None Sensor, PCB, component Card + reader, tokenIntegration Easy Complex ComplexScalability Universal Hardware dependent Hardware dependentFailure Rate None Low-Med Low
Passline® Biometrics Tokens / Smart Card
11
Value Proposition
12
Scalable Security
Easy Deployment
Low Cost
High combinatorial security In‐/Out‐of‐band, multi‐factor No failure rate FIPS 140‐2 certified crypto
Software algorithm Cross platforms/devices/OS Mass deployable Credential self‐service
No hardware No sensors No PCB/components Much lower cost thanbiometrics or token
13
2013 © Authernative, Inc. Proprietary & Confidential
15
16
17
Facebook Login
Key Take Aways
18
• Unique, innovative technology will work across x86, ARM cores, Windows, Android, Chrome, Trustzone ecosystems
• Takes advantage of the TEE crypto accelerators, RNG and secure storage capabilities. Combined hardware & software meets highest Government security requirements (FIPS 140‐2 Level 3 and NIST 800‐63 Level 4 assurance)
• Single technology serves both the consumer and enterprise (BYOD) markets. It scales from single device access to client‐server and mobile‐to‐cloud access
• Enables MDM, client‐to‐cloud, secure payments/NFC, ID Mgmt/vault, SSO, data protection/encryption, DRM/content anywhere and gaming
• Lowest cost, easiest implementation and most scalable level of security available today