enabling compliance for physical and cyber security in mobile …€¦ · the future: wearables...
TRANSCRIPT
Enabling Compliancefor Physical and Cyber Security
in Mobile Devices
Brandon Arcement & Chip Epps
HID Global Sept 12, 2016
1630-1730 ET
Agenda
• Smart Devices vs. Traditional Cards
• Mobility Infrastructure Considerations
• Mobility Technology Considerations
• The Future: Wearables and Beyond
• Convergence & Compliance
• The Security Landscape
• Contextual Authentication
• Using Analytics
2
Do You Remember the First Time……You Saw This?
3
It's a New World
4
Phones & Wearables vs. Cards
Smart Devices
• Easy to keep with you
• Online via tethering
• Typically user-owned and controlled
• User desire for wide range of uses
• User more likely to safeguard device
• Less likely to share device
• Wide range of costs
Cards
• Not always convenient
• Always offline
• Issuer controlled
• Easily displayed credential with unlimited battery life
• Mature processes to deploy and manage
• Low cost
5
Mobile Access: Market InsightsMobile Access: Market InsightsMobile Access: Market InsightsMobile Access: Market Insights
6
More Demand for More Convenience
Enable building occupants to use smartphone, tablet, or wearable to enter controlled areas
• Fewer items to carry
• Remote, over-the-air credentialing
• Lost or forgotten cards no longer a problem
• Open doors from distance in long range applications
• Adds to perception of innovative environment
7
The Need for Greater Efficiency
Make physical access administration easier with digital, online processes
• Replace physical credential management with digital experience
• Over-the-air credentialing of remote workers and visitors
• Streamline operations with integration to PACS or Visitor system
• Sustainable process with reduced waste and lower carbon
footprint
8
The Need for Higher Security
Provide higher levels of authentication in physical access control
• Easily deprovision unauthorized devices
• Deactivate in PACS system
• Revoke credential over-the-air
• Missing mobile devices are reported almost immediately
• Applications can be protected with biometric and/or passcode
• Vulnerabilities can be addressed quickly through remote update
• Mobile devices are rarely forgotten, lost, or stolen
9
Infrastructure Considerations Infrastructure Considerations Infrastructure Considerations Infrastructure Considerations for Mobile Accessfor Mobile Accessfor Mobile Accessfor Mobile Access
10
Centralized
Remote
Credential Provisioning
11
Physical Access Control Traditional Architecture
Physical Access Control
12
Physical Access Control
Physical Access Control Traditional Architecture w/ Mobile
Over-the-Air Credential Management
13
Mobile AccessRemote Credential Provisioning
2) Credential transferred
into device over the air3) Device authenticates to
reader using Mobile App
4) Reader sends credential
data to panel
1) Administrator manages users and
credentials via cloud portal
14
Technology ConsiderationsTechnology ConsiderationsTechnology ConsiderationsTechnology Considerationsfor Mobile Accessfor Mobile Accessfor Mobile Accessfor Mobile Access
15
User Experience
Security
Application Breadth
Transaction Speed
Read Range
NFC vs. Bluetooth
16
NFC vs. Bluetooth
NFC
• Communication based on contactless smart card standards
• Android
• 424 kbit/s data rate
• Range up to 10cm
• Communication based on legacy Bluetooth standard
• Android and iOS
• 270 kbit/s data rate
• Range up to 100m17
Privacy Concerns
18
Mixed PopulationsMobile Devices & Legacy Credentials
19
The Future: The Future: The Future: The Future: Wearables & BeyondWearables & BeyondWearables & BeyondWearables & Beyond
20
• Nymi Band
• Continuous authentication technology
called HeartID
• Authenticate users via their
electrocardiogram (or ECG)
• Secure communication channel
• Simply tap band to access cloud
apps and doors
Tap to Open or Login for Wearables
21
Examples
• Single vs. Multi factor
• Exterior doors
• Interior doors
• High security doors
• Windows logon
• VPN
• Banking
Contextual Authentication
22
ConvergenceConvergenceConvergenceConvergence
One Credential
for secure access to cloud, data and the door
23
• User Experience
• Single Card for PACS, Windows Logon and Network Access
• Mobile smartphones
• Policy
• Network access only allowed after authentication at the door
• VPN connection only allowed after GPS verified in sync with travel plans
Convergence Examples
24
Corporate ID Landscape is Rapidly Evolving..
More devices More Apps More Identity
Data
25
Noun: criminal activities carried out by means of computers or the Internet
The US Government proposes to spend
$14 Billion in 2016 and
$19 Billion in 2017 fighting cybercrime
26
Am I Really Dealing With My Bank?
SMiShingPhishing
Dear HSBC Customer
Your account has been blocked
due to suspicious activity.
To restore access please Logon
here.
Copyright HSBC Bank 2015
All rights reserved.
Vishing
27
Noun: the state of being protected against the criminal or unauthorized use of
electronic data, or the measures taken to achieve this
Sounds simple,
but the activities required to be protected can be complex and costly
“Cryptography forms the basis for trust on line.” - Bruce Schneier
Fellow Berkman Center
Harvard University
28
Cybersecurity is the result of applying consistent, coherent and
connected identity and trust frameworks to the component
parts of any given ecosystem
If you solve the identity
problem based on
consistent trust, you
dramatically reduce
cyber risk
Cybersecurity
TrustIdentity
2929
Natural Identity Trusted Identity
Trusted identities combat fraud and protect against cybercrime
Create Trusted Identities
Digital
Certificates
� A digital certificate is issued to employees and customers to establish and
protect a trusted identity; that
� Allows that person to do the same things in the electronic world that they do
in the physical world
30
Mobile Banking App
Live Security Center
If you suspect fraud, please
contact our fraud team.
Press for Help
Establish User Confidence
Hello Mr Smith,
Please confirm your
transaction request for funds
transfer at ATM Las Vegas.
Device Binding
Digital
Certificate
Digital Cert Push BehaviouralLive Security Center
Hello Mr Smith,
Please sign your name using
your finger so we can verify
you.
31
Manage Your Risk Profile
32
Future Trends
33
Deliver Frictionless Authentication
Decision
Engine
Predictive Analytics
Transactional Analysis
Contextual
Analysis
Threat Detection
Behavioural Analysis
Multi-modal biometrics
Multi Factor
Authentication
(What We Do Today)
34
& Continuous Risk-Based Authentication
Multi-modal biometrics
Behavioural Analysis
Threat Detection
Predictive Analytics
Contextual
Analysis
Transactional Analysis
Decision
Engine
0
2
4
6
8
10
12
0 2 4 6 8
Confidence
Time Span
Step Up
Continuous Risk Assessment
Step Up
Auth
35
Trusted Services Dashboard
36
Empower Mobility with Trust and Confidence
Authentication Service
37
• See HID Global @ Booth #3901
• Adjacent to ASSA ABLOY booth (#3601 )
• Mobile Access on Android & Apple
• Wearables
• Biometrics
• Security Intelligence
Next Steps
38