se-4111 max berman, user authentication for mobile devices and access
DESCRIPTION
Presentation SE-4111, User Authentication for Mobile Devices and Access, by Max Berman at the AMD Developer Summit (APU13) November 11-13, 2013.TRANSCRIPT
![Page 1: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/1.jpg)
Developer Summit
November 2013
1
![Page 2: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/2.jpg)
Presenters
• Max Berman, EVP of Business Development
• Len Mizrah, Ph.D., President and CEO
2
![Page 3: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/3.jpg)
Who we are
Authernative is a leading provider of innovative user authentication solutions
3
![Page 4: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/4.jpg)
Foundation
4
26 Granted US & foreign Patents 14 Pending Patent Applications 6 Issued Trademarks
User Authentication(mobile & online)
Server(site)-to-UserAuthentication
TransactionAuthentication
Encryption Key Mgmt./ Mutual Authentication
U.S. NIST FIPS 140-2 & Canada CSE FIPS 140-2
NIST 800-63 Level 3 Assurance
GSA, Alliant, CIOSP3, FedRamp, GovWin
GTRA Security Awards
CERTIFIED & ACCREDITED
TECHNOLOGY
BACKED BY INTELLECTUAL PROPERTY
![Page 5: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/5.jpg)
Industry Quotes
5
• "Passwords are dead, our relationship with passwords are done at Google”, Heather Adkins, Google’s Information Security Executive (Sept, 2013)
• “Because a smartphone is the one device few people are without, it's seen as the perfect place to store credentials”. ‐ Antone Gonsalves, CSO (2013)
• “I think it's brilliant, we're finding that smartphone‐based authentication will be the type of authentication mode in the future” ‐ Trent Henry, analyst for Gartner (Aug, 2013)
![Page 6: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/6.jpg)
Mobility Brings New Challenges to Authentication
• Security
• Design for mobility/single device
• Cross platform
• TCO, deployment
6
![Page 7: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/7.jpg)
User Authentication Evolution
7
Inception 1990s/2000s 2008 2011
Google Android Pattern
Password / PIN /
Security Questions
Token/ Smart Card/ Biometric
Soft Token/SMS PIN
2007
Microsoft Windows 8 Pattern Login
Pattern Based Authentication
![Page 8: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/8.jpg)
Solution: Passline®
8
pattern‐based One‐Time PIN Authentication
PCTabletSmartphone
Authernative solves the mobile & cross platform authentication challenges with an easy to use and secure, pattern‐based one‐time PIN solution
![Page 9: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/9.jpg)
How Passline® Works
9
• The user creates a secret pattern within a grid.
• The pattern of cell positions are highlighted and numbered in the order they were selected.
• At login, the grid displays random digits that appear more than once
• The user is asked to enter certain digits displayed in the secret pattern.
• The question changes each time
![Page 10: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/10.jpg)
Passline®:
App/FileLock
Secure YourDevice
Unlock NFCMobile Wallet
E‐CommerceTransactions
OTP Challenge Soft‐token
DeviceManagement
Access e‐healthrecords
Cloud/NetworkAccess
Defense‐Net Operations
Secure Authentication to device and platform services
10
Gaming DRM/Content
ID Mgmt/SSO
![Page 11: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/11.jpg)
Comparison Matrix
Cost Low Med-High High
Security Highly Scalable Med-High Med-High, requires device
Hardware None Sensor, PCB, component Card + reader, tokenIntegration Easy Complex ComplexScalability Universal Hardware dependent Hardware dependentFailure Rate None Low-Med Low
Passline® Biometrics Tokens / Smart Card
11
![Page 12: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/12.jpg)
Value Proposition
12
Scalable Security
Easy Deployment
Low Cost
High combinatorial security In‐/Out‐of‐band, multi‐factor No failure rate FIPS 140‐2 certified crypto
Software algorithm Cross platforms/devices/OS Mass deployable Credential self‐service
No hardware No sensors No PCB/components Much lower cost thanbiometrics or token
![Page 13: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/13.jpg)
13
![Page 14: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/14.jpg)
2013 © Authernative, Inc. Proprietary & Confidential
![Page 15: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/15.jpg)
15
![Page 16: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/16.jpg)
16
![Page 17: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/17.jpg)
17
Facebook Login
![Page 18: SE-4111 Max Berman, User Authentication for Mobile Devices and Access](https://reader037.vdocuments.mx/reader037/viewer/2022110115/54c85eb74a7959d7758b4839/html5/thumbnails/18.jpg)
Key Take Aways
18
• Unique, innovative technology will work across x86, ARM cores, Windows, Android, Chrome, Trustzone ecosystems
• Takes advantage of the TEE crypto accelerators, RNG and secure storage capabilities. Combined hardware & software meets highest Government security requirements (FIPS 140‐2 Level 3 and NIST 800‐63 Level 4 assurance)
• Single technology serves both the consumer and enterprise (BYOD) markets. It scales from single device access to client‐server and mobile‐to‐cloud access
• Enables MDM, client‐to‐cloud, secure payments/NFC, ID Mgmt/vault, SSO, data protection/encryption, DRM/content anywhere and gaming
• Lowest cost, easiest implementation and most scalable level of security available today