Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | darcy-norman |
View: | 215 times |
Download: | 1 times |
natu
ral i
d
Markus Jakobsson
SebastienTaveau
The Case for Replacing Passwords with Biometrics
validity
PERSONAL CLOUD
WHERE IS THE WALLET? TWO SCHOOLS OF THOUGHT
• Remote Payment• Digital Wallet• Card Not Present• Alternative Payment Networks
• Proximity Payment• Mobile Wallet• Card Present• Classic Payment Networks
PERSONAL CLOUD
Megatrend No. 1:
Consumerization — You Ain’t Seen Nothing Yet
Megatrend No. 2:
Virtualization — Changing How the Game Is Played
Megatrend No. 3:
“App-ification” — From Applications to Apps
Megatrend No. 4:
The Ever-Available Self-Service Cloud
Megatrend No. 5:
The Mobility Shift — Wherever and Whenever You Want
Gartner: http://www.wired.com/cloudline/2012/03/personal-cloud-2014/
THE PROBLEM: FRAUD AND UNAUTHORIZED ACCESS
Malware PhishingFriendly
Fraud
Access to secure areaIs limited
Without password to steal, Phishing is eliminated
My kids know my iPad PIN But can’t swipe my finger
Natural Authentication
Computed Authentication
Value proposition to mobile ecosystem
Device Authentication User Authentication
TEE SCENARIO 1
Normal World Secure World
Secure OSMONITOR
FPS
ApplicationProfile
VaultTrustlet
Trust Credential Engine
+ Security
TEE SCENARIO 2
Normal World Secure World
Secure OSMONITOR FPS
Application Trustlet
Secure Storage
ApplicationProfile
VaultTrustlet
TEE SCENARIO 3
Normal World Secure World
Secure OSMONITORFPS
Application Trustlet
Encrypted Vault Security
ApplicationProfile Trustlet
SECURITY IN A NUTSHELL
Malware PhishingFriendly
Fraud
Secure area has processor and storage.
Biometrics and credentials encrypted outside secure area.Restricted API to secure area.
Nothing to steal!
No typed credentials, except special cases –this limits exposure.
“You cannot give out What you do not know.”
My kids know my iPad PIN but can’t swipe my finger.Easy to create and remove
guest accounts.
Executive summary: a secure password manager with secure access.New device / failed authentication / coerced authentication – see paper.