enabling compliance for physical and cyber security in mobile …€¦ · the future: wearables...

Enabling Compliancefor Physical and Cyber Security

in Mobile Devices

Brandon Arcement & Chip Epps

HID Global Sept 12, 2016

1630-1730 ET

Agenda

• Smart Devices vs. Traditional Cards

• Mobility Infrastructure Considerations

• Mobility Technology Considerations

• The Future: Wearables and Beyond

• Convergence & Compliance

• The Security Landscape

• Contextual Authentication

• Using Analytics

2

Do You Remember the First Time……You Saw This?

3

It's a New World

4

Phones & Wearables vs. Cards

Smart Devices

• Easy to keep with you

• Online via tethering

• Typically user-owned and controlled

• User desire for wide range of uses

• User more likely to safeguard device

• Less likely to share device

• Wide range of costs

Cards

• Not always convenient

• Always offline

• Issuer controlled

• Easily displayed credential with unlimited battery life

• Mature processes to deploy and manage

• Low cost

5

Mobile Access: Market InsightsMobile Access: Market InsightsMobile Access: Market InsightsMobile Access: Market Insights

6

More Demand for More Convenience

Enable building occupants to use smartphone, tablet, or wearable to enter controlled areas

• Fewer items to carry

• Remote, over-the-air credentialing

• Lost or forgotten cards no longer a problem

• Open doors from distance in long range applications

• Adds to perception of innovative environment

7

The Need for Greater Efficiency

Make physical access administration easier with digital, online processes

• Replace physical credential management with digital experience

• Over-the-air credentialing of remote workers and visitors

• Streamline operations with integration to PACS or Visitor system

• Sustainable process with reduced waste and lower carbon

footprint

8

The Need for Higher Security

Provide higher levels of authentication in physical access control

• Easily deprovision unauthorized devices

• Deactivate in PACS system

• Revoke credential over-the-air

• Missing mobile devices are reported almost immediately

• Applications can be protected with biometric and/or passcode

• Vulnerabilities can be addressed quickly through remote update

• Mobile devices are rarely forgotten, lost, or stolen

9

Infrastructure Considerations Infrastructure Considerations Infrastructure Considerations Infrastructure Considerations for Mobile Accessfor Mobile Accessfor Mobile Accessfor Mobile Access

10

Centralized

Remote

Credential Provisioning

11

Physical Access Control Traditional Architecture

Physical Access Control

12

Physical Access Control

Physical Access Control Traditional Architecture w/ Mobile

Over-the-Air Credential Management

13

Mobile AccessRemote Credential Provisioning

2) Credential transferred

into device over the air3) Device authenticates to

reader using Mobile App

4) Reader sends credential

data to panel

1) Administrator manages users and

credentials via cloud portal

14

Technology ConsiderationsTechnology ConsiderationsTechnology ConsiderationsTechnology Considerationsfor Mobile Accessfor Mobile Accessfor Mobile Accessfor Mobile Access

15

User Experience

Security

Application Breadth

Transaction Speed

Read Range

NFC vs. Bluetooth

16

NFC vs. Bluetooth

NFC

• Communication based on contactless smart card standards

• Android

• 424 kbit/s data rate

• Range up to 10cm

• Communication based on legacy Bluetooth standard

• Android and iOS

• 270 kbit/s data rate

• Range up to 100m17

Privacy Concerns

18

Mixed PopulationsMobile Devices & Legacy Credentials

19

The Future: The Future: The Future: The Future: Wearables & BeyondWearables & BeyondWearables & BeyondWearables & Beyond

20

• Nymi Band

• Continuous authentication technology

called HeartID

• Authenticate users via their

electrocardiogram (or ECG)

• Secure communication channel

• Simply tap band to access cloud

apps and doors

Tap to Open or Login for Wearables

21

Examples

• Single vs. Multi factor

• Exterior doors

• Interior doors

• High security doors

• Windows logon

• VPN

• Banking

Contextual Authentication

22

ConvergenceConvergenceConvergenceConvergence

One Credential

for secure access to cloud, data and the door

23

• User Experience

• Single Card for PACS, Windows Logon and Network Access

• Mobile smartphones

• Policy

• Network access only allowed after authentication at the door

• VPN connection only allowed after GPS verified in sync with travel plans

Convergence Examples

24

Corporate ID Landscape is Rapidly Evolving..

More devices More Apps More Identity

Data

25

Noun: criminal activities carried out by means of computers or the Internet

The US Government proposes to spend

$14 Billion in 2016 and

$19 Billion in 2017 fighting cybercrime

26

Am I Really Dealing With My Bank?

SMiShingPhishing

Dear HSBC Customer

Your account has been blocked

due to suspicious activity.

To restore access please Logon

here.

Copyright HSBC Bank 2015

All rights reserved.

Vishing

27

Noun: the state of being protected against the criminal or unauthorized use of

electronic data, or the measures taken to achieve this

Sounds simple,

but the activities required to be protected can be complex and costly

“Cryptography forms the basis for trust on line.” - Bruce Schneier

Fellow Berkman Center

Harvard University

28

Cybersecurity is the result of applying consistent, coherent and

connected identity and trust frameworks to the component

parts of any given ecosystem

If you solve the identity

problem based on

consistent trust, you

dramatically reduce

cyber risk

Cybersecurity

TrustIdentity

2929

Natural Identity Trusted Identity

Trusted identities combat fraud and protect against cybercrime

Create Trusted Identities

Digital

Certificates

� A digital certificate is issued to employees and customers to establish and

protect a trusted identity; that

� Allows that person to do the same things in the electronic world that they do

in the physical world

30

Mobile Banking App

Live Security Center

If you suspect fraud, please

contact our fraud team.

Press for Help

Establish User Confidence

Hello Mr Smith,

Please confirm your

transaction request for funds

transfer at ATM Las Vegas.

Device Binding

Digital

Certificate

Digital Cert Push BehaviouralLive Security Center

Hello Mr Smith,

Please sign your name using

your finger so we can verify

you.

31

Manage Your Risk Profile

32

Future Trends

33

Deliver Frictionless Authentication

Decision

Engine

Predictive Analytics

Transactional Analysis

Contextual

Analysis

Threat Detection

Behavioural Analysis

Multi-modal biometrics

Multi Factor

Authentication

(What We Do Today)

34

& Continuous Risk-Based Authentication

Multi-modal biometrics

Behavioural Analysis

Threat Detection

Predictive Analytics

Contextual

Analysis

Transactional Analysis

Decision

Engine

0

2

4

6

8

10

12

0 2 4 6 8

Confidence

Time Span

Step Up

Continuous Risk Assessment

Step Up

Auth

35

Trusted Services Dashboard

36

Empower Mobility with Trust and Confidence

Authentication Service

37

• See HID Global @ Booth #3901

• Adjacent to ASSA ABLOY booth (#3601 )

• Mobile Access on Android & Apple

• Wearables

• Biometrics

• Security Intelligence

Next Steps

38

Thank you

• Brandon Arcement, barcement@hidglobal.com

• Chip Epps, cepps@hidglobal.com

39