natural id Markus Jakobsson SebastienTaveau The Case for Replacing Passwords with Biometr validity
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
natu
ral i
d
Markus Jakobsson
SebastienTaveau
The Case for Replacing Passwords with Biometrics
validity
Why? The Use Cases
PERSONAL CLOUD
WHERE IS THE WALLET? TWO SCHOOLS OF THOUGHT
• Remote Payment• Digital Wallet• Card Not Present• Alternative Payment Networks
• Proximity Payment• Mobile Wallet• Card Present• Classic Payment Networks
PERSONAL CLOUD
Megatrend No. 1:
Consumerization — You Ain’t Seen Nothing Yet
Megatrend No. 2:
Virtualization — Changing How the Game Is Played
Megatrend No. 3:
“App-ification” — From Applications to Apps
Megatrend No. 4:
The Ever-Available Self-Service Cloud
Megatrend No. 5:
The Mobility Shift — Wherever and Whenever You Want
Gartner: http://www.wired.com/cloudline/2012/03/personal-cloud-2014/
BYODBring Your Own Device
BEYOND INDIVIDUALS, CORPORATE IT MUST ADAPT
BYOD
BYODBring Your Own Device
BYODBring Your Own Device
THE PROBLEM: FRAUD AND UNAUTHORIZED ACCESS
Malware PhishingFriendly
Fraud
Access to secure areaIs limited
Without password to steal, Phishing is eliminated
My kids know my iPad PIN But can’t swipe my finger
validity
How? The tech options
Natural Authentication Computed Authentication
Two Methods: Who You Are & What You Know
Natural Authentication
Computed Authentication
Value proposition to mobile ecosystem
Device Authentication User Authentication
TEE SCENARIO 1
Normal World Secure World
Secure OSMONITOR
FPS
ApplicationProfile
VaultTrustlet
Trust Credential Engine
+ Security
TEE SCENARIO 2
Normal World Secure World
Secure OSMONITOR FPS
Application Trustlet
Secure Storage
ApplicationProfile
VaultTrustlet
TEE SCENARIO 3
Normal World Secure World
Secure OSMONITORFPS
Application Trustlet
Encrypted Vault Security
ApplicationProfile Trustlet
SECURITY IN A NUTSHELL
Malware PhishingFriendly
Fraud
Secure area has processor and storage.
Biometrics and credentials encrypted outside secure area.Restricted API to secure area.
Nothing to steal!
No typed credentials, except special cases –this limits exposure.
“You cannot give out What you do not know.”
My kids know my iPad PIN but can’t swipe my finger.Easy to create and remove
guest accounts.
Executive summary: a secure password manager with secure access.New device / failed authentication / coerced authentication – see paper.
THE NEW SECURITY AROUND PAYMENTS
WHO YOU ARE
WHERE YOU ARE
Related Documents
