1
Intel Identity Protection Technology Enabling improved userEnabling improved user--friendly strong authentication in VASCO's latest friendly strong authentication in VASCO's latest generation solutionsgeneration solutions
June 2013
Dirk Roziers
Market ManagerPC Client ServicesIntel Corporation
Copyright Copyright ©© 2013, Intel Corporation. All rights reserved.2013, Intel Corporation. All rights reserved.
2
Your questions coming into this session
1. What improved user-friendly authentication is this all about ?
2. What is it that Intel offers to support this ?
3. What is it that VASCO offers to support this ?
5
Enter hardware token generated One-Time Password
for 2nd factor authentication
Garanti example – existing login using hardware token generated OTP
15
VPN example – NEWNEW : login by “copy - paste” of OTP
1683409616834096 copycopy
My VPN tokenMy VPN token -- XX
2222
Same as before, I see the benefits
But aren’t you giving up some security here
Same answer: no, we’re not
23
1683409616834096 copycopy
My VPN tokenMy VPN token -- XX
My VPN tokenMy VPN token
0 9 7
4
3
1
8
2
6
5
Enter PINEnter PIN
Add more security – NEWNEW : PIN protect the automatic OTP release
25
Confirm $50,000 transfer to account # 9237-4602
What User Sees What Malware Sees
My VPN tokenMy VPN token
0 9 7
4
3
1
8
2
6
5
Enter PINEnter PIN
My VPN tokenMy VPN token
0 9 7
4
3
1
8
2
6
5
Enter PINEnter PIN
1683409616834096 copycopy
My VPN tokenMy VPN token -- XX
Here’s what malware, MitB, MitM sees
XX
28
Protected Transaction Display
View seen by a user View seen by malware
Bank generates an encrypted image with transaction details and sends it to the user’s PC
Encrypted bitmap; On‐screen randomly placed keypad
Remote PTD can run any size overlay and include text, logos, etc.
29
Your questions coming into this session
1. What improved user-friendly authentication is this all about ?
2. What is it that Intel offers to support this ?
3. What is it that VASCO offers to support this ?
30
Hardware-based Security into the platform
Main CPU
Main OS
ME DLLWin OS
Win
App
s
Bro
wse
rs
Mal
war
e
ME
-bas
ed
App
s
chipset
Hardware based securityisolated from the host
“ME” Firmware +Security Hardware
Separate RAM/Crypto
31
Hardware-based Security into the platform
Separate Work Space Enables Strong Root of Trust for Security Services
Security and Manageability FirmwareImproved isolation from Host execution environment
Separate memory, Separate Crypto, …
Security building blocks:Protected Timers, Secure Key Storage, …
“ME” Firmware +Security Hardware
Separate RAM/Crypto
Main CPU
Main OS
ME DLLWin OS
Win
App
s
Bro
wse
rs
Mal
war
e
ME
-bas
ed
App
s
chipset
32
How It Works: Intel Components
Intel® Identity Protection Technology (IPT)
Security features built into the chipsetSecurity Service algorithm applet runs
in the firmware
Intel IPT generates OTP in isolated space (Intel ME) 698731
33
Intel® Identity Protection Technology roadmap
Mid 2013 on all Core™ systems and extending to Atom™ based phones and tablets in 2H 2013
To become ubiquitous in worldwide Intel platforms
Core™Desktops
Ultrabooks™
Atom ™ Tablets
Atom ™ Phones
2012 2013 2014
vPro™ Desktops & Laptops
Core™ Laptops
Core™ Tablets
Inst
all B
ase
Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporatiologo are trademarks or registered trademarks of Intel Corporation.n.*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..
34
Your questions coming into this session
1. What improved user-friendly authentication is this all about ?
2. What is it that Intel offers to support this ?
3. What is it that VASCO offers to support this ?
35
Intel® Identity Protection Technology
AuthenticationServer
WebsiteConsumer - Enterprise
Token Record Storage
Provisioning&
Verification Services
Internet
In Premise or Cloud or MixedIn Premise or Cloud or Mixed
building blocksService solution
*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..
36
Intel® Identity Protection Technology integration into VASCO’s solutions
VASCO’s methods for 2FA
Website -- Application
37
Intel® Identity Protection Technology
Intel® Identity Protection Technology complements / extends the existing 2FA with:
Hardware basedUser friendly
strong authentication solution
*Other names and brands may be claimed as the property of others*Other names and brands may be claimed as the property of others..
38
Why is this relevant to you ?
Complements existing 2FA with :
Hardware basedUser friendly
strong authentication solution
Enhance brand value & reputation
Complements existing 2FA with
Your Customer’s Benefits
Easy to use
Protects against many types of attacks
Opt-in gives you freedom
39
LegalINFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.
The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.
No system can provide absolute security under all conditions. Requires an Intel® Identity Protection Technology-enabled system, including a 2nd or 3rd gen Intel® Core™ processor enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com.
Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
*Other names and brands may be claimed as the property of others.
Copyright © 2013, Intel Corporation. All rights reserved.