Mobile Solutions and Market Trends
-
Upload
forgerock -
Category
Technology
-
view
590 -
download
2
description
Transcript of Mobile Solutions and Market Trends
2013 Open Stack Identity Summit - France
Transforming authentication
Thomas Bostrøm Jørgensen CEO Encap
! Encap – who we are and what we do
! Issues facing user authentication
! How is Encap adressing these issues
! Value proposition and Demo
! Authentication trends and drivers
! 5 years from now …
Agenda
! Encap is the leading Nordic software security company, founded in 2006, with offices in Oslo and Palo Alto
! Our security platform offers a wide range of innovative solutions for authentication and digital signatures based on standard protocols and interfaces
! Our patented authentication technology enables smart-phones and tablets to be used as transparent, banking-grade ID credentials
! Encap´s in-App client software enables a seamless and intuitive user-experiences, across all channels and devices
ENCAP
Security vs User Experience ! ”Everyone” is moving to 2FA
! Most 2FA solutions are based on one-time-passwords (OTPs)
! The problem with OTPs is:
! Poor user experience especially mobile
! Vulnerable to threats
! Costly to buy and manage
! Complex to implement and maintain
Current issues facing user authentication
How to fix the problem? • Get rid of PC-era authentication solutions
• Smartphones and tablets
• Levarge context information (device and user)
• Minimize user involvement (cognitive load)
• Same user experience across all channels and devices
• Use transaction risk to decide on method
• PS: Biometrics is not a silver bullet
Encap retail banking demo
Functions and features
Authentication Digital Signatures
Transaction context info
Mobile App security
User- and device risk parameters
Encap functionality and features
End-User Directory
ENCAP Mobile App
ENCAP API
Mobile Business App
Client Side
Risk Engine Policy Manager
Identity and Access Manager HTTPS
Push
User Behavior
Device Pro!le
Encap Risk Interface
Encap Auth and signing server
Business Application Web Business
application
Server side Encap protocol
Encap protocol
Legend
ENCAP AUTH SOFTWARE
3rd PARTY
CUSTOMER
ENCAP APP PROTECTION
Overall system architecture
Value to the bank or issuer Reduced cost & complexity ! No additional hardware & no variable cost per transaction
! Dramatically lower support costs
! Reduces integration & management costs
! Reduces the average TCO by up to 60% vs. OTP alternatives
Compelling experience = increased adoption ! Consistent experience across channels & devices
! A “one-factor” user experience
! A risk-based approach enables proportional security
Banking-grade security ! Banking-grade security based on software only
! Adopted by the highly advanced Nordic banking market
! Highly responsive to new threats & attacks
Authentication trends driven by … Mobile
! Smartphone and tablet penetration in the world’s top 19 digital markets will double from 35.5% in 2012 to an average of 71.7% in 2015
! This is fuelling the need for securing access to mobile services
! The smartphone has made the phone a highly personal device
User experience
! Compelling online & mobile user experiences will be at the heart of differentiation
! Customers are demanding a consistent and seamless experience across all channels
! Proportional security increase usability and lowers fraud
Authentication trends driven by … Increased threats
! Sophisticated, high-profile and lucrative attacks will increase ( e.g. Project Blitzkrieg)
! Social engineering is increasing
! High-value/high-risk services are moved to smartphones and tablets
Big data
! Institutions have a deluge of customer data
! Data will be used to make risk-based decisions on users and transactions
! 62% of banks believe that managing & analysing big data is important to their success
Five years from now… Multi-factor everywhere
! By 2018 multi-factor authentication will be everywhere
! The simple password will (almost) become extinct
! Robust biometrics will be implemented on smart-devices
Bye bye binary
! A ‘binary’ approach to authentication will no longer be mandated or appropriate
! Financial institutions will take a ‘risk-based’ approach to security and “step-up” to multi-factor when required
Harness the power of context data
! Massive amounts of context date on behaviour, location, device etc are available
! More data will be available about everyone