Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steve Kirsch Founder & CTO Meet your new digital identity.

Published byLuke Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "Steve Kirsch Founder & CTO Meet your new digital identity."— Presentation transcript:

1 Steve Kirsch Founder & CTO stk@oneid.com Meet your new digital identity

2 Security today  Endpoints: unrealistic  Users care about convenience  Data: straightforward  AuthN/Z: hard and important 2

3 Identity remains badly broken; nobody has solved it  Inconvenient: 100’s of usernames/passwords  Insecure: Today’s security paradigms are fundamentally flawed leading to never ending breaches and forced password changes  Will get worse as EMV rolls out  Unsustainable  # of pwd  # of breaches 3 My 300+ usernames and passwords

4 Two largest causes of never ending security breaches 1. Use of shared secrets (for >50 years):  Passwords  Credit card numbers, CVV  OTP including RSA SecurID  Voltage Identity Based Encryption (IBE)  KBA  Misc: “Safety images”/Passmark, biometrics 2. Centralized storage of shared secrets creates centralized risk 4

5 Number of consumer websites allowing login w/o a shared secret 0 5 We are still nowhere 30 years after the invention of public key crypto!

6 User authentication: Today Shared secrets 6 Enterprise Apps External Websites Desktop, Mobile Apps Offline (QR or NFC ID) Steve I have >300 different usernames and passwords! This is unsustainable

7 Digital identity done right: no shared secrets 7 Convince your device URU Steve Websites Enterprise Apps Desktop, Mobile Apps Offline (QR or NFC ID) Your device digitally asserts your ID to everyone else using PK (with your express approval)

8 8 DEMO

9 OneID Login Signature Flow 9 1 2 3 ✓ Signature A 4 ✓ 5 ✓ Signature B ✓ ✓ ✓ Signature C ✓ ✓ ✓ 6 Website Verifies Signatures After verification, user is logged in

10 Pairing technology 10 End to end secure transfer of crypto secrets between devices

11 End-to-end secure credit card transactions w/o PCI risk 11 User OneID payment gateway Issuer (OneID compatible) “INVOICE: Pay JC Penney $32.42” “INVOICE: Pay JC Penney $32.42” Using “Steve’s Personal VISA card” -- a438ef310 3439afe20 … Send signed invoice to participating Issuer as credit or debit ; else verify signature, lookup card and send “old fashioned way” as credit card Verifies signature against public keys of user

12 Benefits ConsumersMerchants  Reduce user frustration  Eliminate need for uname/password  No more lost pwd  Eliminate manual form fill, CAPTCHA  Increase security  Can even use public terminals w/o risk  Attacks (phish, malware, MITM, …) and identity theft difficult  Credit cards number isn’t given out  Increase privacy  RP can’t see repo and vice-versa  No PII on user device  Put user in control  Identity can’t be asserted w/o user participation  Higher sales  Since easy to login and register w/o typeing  Better security  Public keys on file aren’t a security risk  AuthN/Z no longer relies on shared secrets  Lower costs  Reduce lost password support costs  Reduced PCI liability  No need to handle credit cards  Reduced charge backs  Burden is on the consumer 12

13 Integrated touch points  OneID allows a unified customer experience across multiple touch points:  On-line  In-store  Mobile  Over the phone 13

14 Mobile app authN/Z 14  Log into OneID app => all other apps logged in

15 OneID in-store Tap to Identify Confirm on Phone 15 Pay Starbucks $9.45?

16 Over the phone authN/Z 1. Punch in 3 digit number on phone 2. Confirm on mobile 16 Confirm your identity OR

17 In-person AuthN  Tap static NFC tag at hotel check-in disk  Confirm on mobile 17 OK to release contact info? Confirm your identity

18 Mobile pay  “Identify” to merchant  E.g., tap phone to static NFC tag at register  Confirm on phone 18 OK to pay? $15.24

19 OneID capabilities  Authentication  Filling out forms  Secure credit card transactions  Authorization  Information sharing including updates  Proving digital claims (age>x, student, …)  Repository of non-forgeable “digital proof” (software RTU, music licenses, physical good receipts, proof of purchase) On-line In-person Over the phone

20 Key features  Easy to use  Convenient  Secure against most all attacks: physical, phishing, malware  Private  User-centric/User in control  No shared secrets with cloud repository  Portable  “Have it your way” security vs. convenience:  Device, Site, Transaction (+type). Max {user,RP} 20

21 Two-Factor Auth: More secure & convenient than SecurID 21 Insecure In-band (vulnerable to MITM) Vulnerable shared secret Can’t see what you are approving Inconvenient Another device to carry Hard to use Wastes time Everyone hates them Terrible GUI/UX vs OneID mobile phone app Recipient: Sasha Orloff Amount: $5,000 USD Bank: CitiBank Outgoing Wire Transfer “Blank check”

22 OneID is unique  Username: OPTIONAL  Password: OPTIONAL  Even I do not define a password, you cannot break into my account  It has to be that way since we know passwords are too easily divulged through social engineering, phishing, key logging, and guessing 22

23 Very difficult to attack 23 ADCDDev1Dev 2 PwdPINTotal Phishxx2 Malwarexxx3 Physical (one device) xx2 Physical (all devices) xxxx4 Need 6 secrets to win

24 $1M if you can log in as me! 24 I’ll even give you my username, password, and PIN to make it easier

25 About OneID  Founded: May 2011  18 employees  CEO: Alex Doll, former COO PGP  San Jose, CA and Austin, TX  $7M in funding 25

26  “I believe OneID will be one of the most significant platforms to be built in the next 10 years”  Jonathan Heiliger former VP Operations Facebook 26

27 Simple & Secure Digital Identity

Download ppt "Steve Kirsch Founder & CTO Meet your new digital identity."

Similar presentations

Weighing the Risks and Benefits of Online Financial Transactions

Weighing the Risks and Benefits of Online Financial Transactions
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Identity, Payments, and Bitcoin: Big Changes Ahead Steve Kirsch CEO, OneID March 3, 2014.

Identity, Payments, and Bitcoin: Big Changes Ahead Steve Kirsch CEO, OneID March 3, 2014.
CP3397 ECommerce.

CP3397 ECommerce.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.

Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Frictionless Commerce

Frictionless Commerce
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
© 2010, University of KentPrimeLife Vienna, 10 Sept 20101 CardSpace in the Cloud David Chadwick, George Inman University of Kent.

© 2010, University of KentPrimeLife Vienna, 10 Sept CardSpace in the Cloud David Chadwick, George Inman University of Kent.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

Similar presentations

Ads by Google