Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modern User and Device Authentication  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong.

Published byKristina Chambers Modified over 8 years ago

Similar presentations

Presentation on theme: "Modern User and Device Authentication  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong."— Presentation transcript:

1

2 Modern User and Device Authentication

3  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong User identity on BYOD devices: with Virtual Smart Card

4 Consumer Reports survey 2013  9.8 million adult Facebook users had their account used by an unauthorized person; had their reputation harmed; or were harassed, threatened, or defrauded Deloitte Study 2013  In a recent study of six million actual user passwords, the 10,000 most common passwords would have accessed 98.1 percent of accounts Cybercrime costing UK billions, 2013  63% of small businesses were attacked by an unauthorized outsider in the last year, up from 41% in the previous year.  For large organizations, the comparable figures stood at 78% and 73% Passwords are not sufficient to keep users safe

5

6

7  Ease users’ struggle to enter credentials on touch devices  Built-in Windows experiences  Introduce a new “touch” fingerprint sensors  Light up a few engaging scenarios

8  User loved the simplicity  seen as a fix to the password problem  Replacement for many passwords and ideal for touch devices  Quicker to perform than typing a password and more user- friendly  Understood gesture as verifying identity before impactful activity  Unlike UAC, user knows the result of confirming  Gesture is so simple and well understood that it is not seen as intrusive to experience

9 Windows Biometrics Engine Adapter Storage Adapter (inbox but can be replaced by 3 rd party if needed) Sensor Adapter (inbox but can be replaced by 3 rd party if needed) Windows Biometric Device Interface (WBDI) Driver Sensor OS component 3 rd party application 3 rd party driver and companion components

10

11

12  Confirming purchase, profile change, in-app experiences  Helps control and personalize device experience  Highly desired as a means to control high-value transactions, e.g. purchases  Can benefit “cloaking” apps, access to an app, release credentials…

13 CredUI Broker LocalSystem Request Verification Check Availability OS components Apps

14

15

16

17 EKAIK

18 User with TPM capable device EKPubs and EkCert obtained out of band Here my RSA (pub), signed by AIK Also, my AIK(pub), signed by EK And here is my EK(pub) Validate EK && generate challenge Validate secret Here is a secret, Encrypted to your EK(pub), Can you tell me a secret? Here is your decrypted secret which proves I own EK(priv) Certificate issued for RSA key Certificate Authority EK AIK RSA

19 RADIUS + VPN Certificate Authority TPM Attested Certificate Non-Attested Certificate Request and Get Certificate

20

21

22

23 Mail App package WWAHost Select client auth cert LiveComm Use the selected cert for SSL Mail server

24 RAS Select certificate VPN app Use the selected certificate over SSL VPN server

25 var certNamespace = Windows.Security.Cryptography.Certificates; var selectedCert; var query = new certNamespace.CertificateQuery(); query.friendlyName = “clientAuthCert”; certNamespace.CertificateStores.findAllAsync(query).done(f unction (certs) { if (certs.size > 0) { for (var i = 0; i < certs.size; i++) { if (certs[i].isStronglyProtected) { selectedCert = certs[i]; break; } });

26 Certificates: Simple Certificate Enrollment Protocol (SCEP)

27 Familiar

28 Modern

29

30

31

32

33

34

35

36

Download ppt "Modern User and Device Authentication  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Vpn-info.com.

Vpn-info.com.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.

© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey

Similar presentations

Ads by Google