Download presentation
Presentation is loading. Please wait.
Published byLuke Simon Modified over 8 years ago
1
Steve Kirsch Founder & CTO stk@oneid.com Meet your new digital identity
2
Security today Endpoints: unrealistic Users care about convenience Data: straightforward AuthN/Z: hard and important 2
3
Identity remains badly broken; nobody has solved it Inconvenient: 100’s of usernames/passwords Insecure: Today’s security paradigms are fundamentally flawed leading to never ending breaches and forced password changes Will get worse as EMV rolls out Unsustainable # of pwd # of breaches 3 My 300+ usernames and passwords
4
Two largest causes of never ending security breaches 1. Use of shared secrets (for >50 years): Passwords Credit card numbers, CVV OTP including RSA SecurID Voltage Identity Based Encryption (IBE) KBA Misc: “Safety images”/Passmark, biometrics 2. Centralized storage of shared secrets creates centralized risk 4
5
Number of consumer websites allowing login w/o a shared secret 0 5 We are still nowhere 30 years after the invention of public key crypto!
6
User authentication: Today Shared secrets 6 Enterprise Apps External Websites Desktop, Mobile Apps Offline (QR or NFC ID) Steve I have >300 different usernames and passwords! This is unsustainable
7
Digital identity done right: no shared secrets 7 Convince your device URU Steve Websites Enterprise Apps Desktop, Mobile Apps Offline (QR or NFC ID) Your device digitally asserts your ID to everyone else using PK (with your express approval)
8
8 DEMO
9
OneID Login Signature Flow 9 1 2 3 ✓ Signature A 4 ✓ 5 ✓ Signature B ✓ ✓ ✓ Signature C ✓ ✓ ✓ 6 Website Verifies Signatures After verification, user is logged in
10
Pairing technology 10 End to end secure transfer of crypto secrets between devices
11
End-to-end secure credit card transactions w/o PCI risk 11 User OneID payment gateway Issuer (OneID compatible) “INVOICE: Pay JC Penney $32.42” “INVOICE: Pay JC Penney $32.42” Using “Steve’s Personal VISA card” -- a438ef310 3439afe20 … Send signed invoice to participating Issuer as credit or debit ; else verify signature, lookup card and send “old fashioned way” as credit card Verifies signature against public keys of user
12
Benefits ConsumersMerchants Reduce user frustration Eliminate need for uname/password No more lost pwd Eliminate manual form fill, CAPTCHA Increase security Can even use public terminals w/o risk Attacks (phish, malware, MITM, …) and identity theft difficult Credit cards number isn’t given out Increase privacy RP can’t see repo and vice-versa No PII on user device Put user in control Identity can’t be asserted w/o user participation Higher sales Since easy to login and register w/o typeing Better security Public keys on file aren’t a security risk AuthN/Z no longer relies on shared secrets Lower costs Reduce lost password support costs Reduced PCI liability No need to handle credit cards Reduced charge backs Burden is on the consumer 12
13
Integrated touch points OneID allows a unified customer experience across multiple touch points: On-line In-store Mobile Over the phone 13
14
Mobile app authN/Z 14 Log into OneID app => all other apps logged in
15
OneID in-store Tap to Identify Confirm on Phone 15 Pay Starbucks $9.45?
16
Over the phone authN/Z 1. Punch in 3 digit number on phone 2. Confirm on mobile 16 Confirm your identity OR
17
In-person AuthN Tap static NFC tag at hotel check-in disk Confirm on mobile 17 OK to release contact info? Confirm your identity
18
Mobile pay “Identify” to merchant E.g., tap phone to static NFC tag at register Confirm on phone 18 OK to pay? $15.24
19
OneID capabilities Authentication Filling out forms Secure credit card transactions Authorization Information sharing including updates Proving digital claims (age>x, student, …) Repository of non-forgeable “digital proof” (software RTU, music licenses, physical good receipts, proof of purchase) On-line In-person Over the phone
20
Key features Easy to use Convenient Secure against most all attacks: physical, phishing, malware Private User-centric/User in control No shared secrets with cloud repository Portable “Have it your way” security vs. convenience: Device, Site, Transaction (+type). Max {user,RP} 20
21
Two-Factor Auth: More secure & convenient than SecurID 21 Insecure In-band (vulnerable to MITM) Vulnerable shared secret Can’t see what you are approving Inconvenient Another device to carry Hard to use Wastes time Everyone hates them Terrible GUI/UX vs OneID mobile phone app Recipient: Sasha Orloff Amount: $5,000 USD Bank: CitiBank Outgoing Wire Transfer “Blank check”
22
OneID is unique Username: OPTIONAL Password: OPTIONAL Even I do not define a password, you cannot break into my account It has to be that way since we know passwords are too easily divulged through social engineering, phishing, key logging, and guessing 22
23
Very difficult to attack 23 ADCDDev1Dev 2 PwdPINTotal Phishxx2 Malwarexxx3 Physical (one device) xx2 Physical (all devices) xxxx4 Need 6 secrets to win
24
$1M if you can log in as me! 24 I’ll even give you my username, password, and PIN to make it easier
25
About OneID Founded: May 2011 18 employees CEO: Alex Doll, former COO PGP San Jose, CA and Austin, TX $7M in funding 25
26
“I believe OneID will be one of the most significant platforms to be built in the next 10 years” Jonathan Heiliger former VP Operations Facebook 26
27
Simple & Secure Digital Identity
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.