Intel Identity Protection Technology - VASCO · Enter hardware token generated One-Time Password...

1

Intel Identity Protection Technology Enabling improved userEnabling improved user--friendly strong authentication in VASCO's latest friendly strong authentication in VASCO's latest generation solutionsgeneration solutions

June 2013

Dirk Roziers

Market ManagerPC Client ServicesIntel Corporation

Copyright Copyright ©© 2013, Intel Corporation. All rights reserved.2013, Intel Corporation. All rights reserved.

2

Your questions coming into this session

1. What improved user-friendly authentication is this all about ?

2. What is it that Intel offers to support this ?

3. What is it that VASCO offers to support this ?

33

eBanking use case

4

Garanti example – existing login using hardware token generated OTP

5

Enter hardware token generated One-Time Password

for 2nd factor authentication


6


7

Garanti example – existing login using SMS generated OTP

8


9


10

Garanti example – NEWNEW : login on an IPT system

11

Garanti example – NEWNEW : login on an IPT system

1212

I see the benefits

so it’s most likely giving up some security

No, it’s not

1313

Enterprise VPN use case

14

VPN example – existing login by typing in a hardware token generated OTP

15

VPN example – NEWNEW : login by “copy - paste” of OTP

1683409616834096 copycopy

My VPN tokenMy VPN token -- XX

1616

I see the benefits

but it’s not really something new is it

well … it is

1717

B2B and B2C Websites

18

B2B / B2C example – traditional login with username and password only

19

B2B / B2C example – NEWNEW : login with Mydigipass.com OTP

20

B2B / B2C example – NEWNEW : login with Mydigipass.com OTP – phone or token needed

21

B2B / B2C example – NEWNEW : login with Mydigipass.com OTP – no phone / no token

2222

Same as before, I see the benefits

But aren’t you giving up some security here

Same answer: no, we’re not

23

1683409616834096 copycopy


My VPN tokenMy VPN token

0 9 7

4

3

1

8

2

6

5

Enter PINEnter PIN

Add more security – NEWNEW : PIN protect the automatic OTP release

2424

I get it

But it’s really nothing special

Not if you’re not a malware

25

Confirm $50,000 transfer to account # 9237-4602

What User Sees What Malware Sees


0 9 7

4

3

1

8

2

6

5

Enter PINEnter PIN


0 9 7

4

3

1

8

2

6

5

Enter PINEnter PIN

1683409616834096 copycopy


Here’s what malware, MitB, MitM sees

XX

26

Embedded in Webpage ….

27

This is what malware sees

28

Protected Transaction Display

View seen by a user View seen by malware

Bank generates an encrypted image with transaction details and sends it to the user’s PC

Encrypted bitmap; On‐screen randomly placed keypad

Remote PTD can run any size overlay and include text, logos, etc.

29





30

Hardware-based Security into the platform

Main CPU

Main OS

ME DLLWin OS

Win

App

s

Bro

wse

rs

Mal

war

e

ME

-bas

ed

App

s

chipset

Hardware based securityisolated from the host

“ME” Firmware +Security Hardware

Separate RAM/Crypto

31

Hardware-based Security into the platform

Separate Work Space Enables Strong Root of Trust for Security Services

Security and Manageability FirmwareImproved isolation from Host execution environment

Separate memory, Separate Crypto, …

Security building blocks:Protected Timers, Secure Key Storage, …

“ME” Firmware +Security Hardware

Separate RAM/Crypto

Main CPU

Main OS

ME DLLWin OS

Win

App

s

Bro

wse

rs

Mal

war

e

ME

-bas

ed

App

s

chipset

32

How It Works: Intel Components

Intel® Identity Protection Technology (IPT)

Security features built into the chipsetSecurity Service algorithm applet runs

in the firmware

Intel IPT generates OTP in isolated space (Intel ME) 698731

33

Intel® Identity Protection Technology roadmap

Mid 2013 on all Core™ systems and extending to Atom™ based phones and tablets in 2H 2013

To become ubiquitous in worldwide Intel platforms

Core™Desktops

Ultrabooks™

Atom ™ Tablets

Atom ™ Phones

2012 2013 2014

vPro™ Desktops & Laptops

Core™ Laptops

Core™ Tablets

Inst

all B

ase

Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporatiologo are trademarks or registered trademarks of Intel Corporation.n.*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..

34





35

Intel® Identity Protection Technology

AuthenticationServer

WebsiteConsumer - Enterprise

Token Record Storage

Provisioning&

Verification Services

Internet

In Premise or Cloud or MixedIn Premise or Cloud or Mixed

building blocksService solution

*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..

36

Intel® Identity Protection Technology integration into VASCO’s solutions

VASCO’s methods for 2FA

Website -- Application

37

Intel® Identity Protection Technology

Intel® Identity Protection Technology complements / extends the existing 2FA with:

Hardware basedUser friendly

strong authentication solution

*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..

38

Why is this relevant to you ?

Complements existing 2FA with :

Hardware basedUser friendly

strong authentication solution

Enhance brand value & reputation

Complements existing 2FA with

Your Customer’s Benefits

Easy to use

Protects against many types of attacks

Opt-in gives you freedom

39

LegalINFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

No system can provide absolute security under all conditions. Requires an Intel® Identity Protection Technology-enabled system, including a 2nd or 3rd gen Intel® Core™ processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com.

Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Copyright © 2013, Intel Corporation. All rights reserved.

Date post:	12-Jul-2018
Category:	Documents
Upload:	phungxuyen
View:	215 times
Download:	0 times

Intel Identity Protection Technology - VASCO · Enter hardware token generated One-Time Password...

Documents