Upload
veridium
View
39
Download
6
Embed Size (px)
Citation preview
© 2017 Veridium IP Ltd. All rights reserved
Eliminating Passwords withBiometrics for Identity Access
Management
Attendees have been muted
You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session
Before We Begin
© 2017 Veridium IP Ltd. All rights reserved
John SpencerChief Product Officer
• Industry expert with over 30 years of experience
• Former CTO at Citrix in Northern Europe
• Instrumental in delivering commercially successful and award winning products
Before We Begin
© 2017 Veridium IP Ltd. All rights reserved
• The Password is Dead
• Biometrics as Password Replacement
• Veridium Overview
• Biometric Storage Considerations
• VeridiumAD
• Q&A
AGENDA
© 2017 Veridium IP Ltd. All rights reserved
© 2017 Veridium IP Ltd. All rights reserved
Weak and compromised passwords continue to be a major attack point for hackers.
The costs are high.
© 2017 Veridium IP Ltd. All rights reserved
Passwords only authorize access, while
authentication is the process of verifying the
claim that identity makes.
Identity is the “claim” you make to access information, but making that claim with a password doesn’t prove who
you are.
Only biometrics – your face, your voice, your fingerprints – prove you are who you say
you are.
Proving Identity
© 2017 Veridium IP Ltd. All rights reserved
Reduce data breaches and fraudulent transactions.
Replace what you know – passwords and PINs – with what you are – biometrics.
With our technology, you can replace passwords altogether, or deploy biometrics as
a second factor to strengthen legacy systems.
© 2017 Veridium IP Ltd. All rights reserved
An end-to-end, biometrics-based authentication solution for the Enterprise.
© 2017 Veridium IP Ltd. All rights reserved
We provide all the components necessary for a complete, end-to-end biometric
authentication solution that is flexible, secure, and enterprise ready.
Products Overview
WEB
MOB
VPN
CX
AD
App Connectors
Enroll & Authenticate
Authorize & Access© 2017 Veridium IP Ltd. All rights reserved
• Launch Authenticator Application
• Enter server details & username/password
• Capture Biometrics – 4 Fingers/Face on Mobile Device
• SMS Notification/Email/Push with activation PIN
• Activate Authenticator with PIN
• Biometric template registered with server and separated
• Biometrics is now exclusively used for authentication
© 2017 Veridium IP Ltd. All rights reserved
Enrollment – Identity Must Be Proved
• Mobile Applications
• WEB Applications – Use QR Code/Push
• ‘In’ Application – Push
• VPN Appliances – Push
• RADIUS – Push
• Citrix StoreFront and Netscaler – QR/Push
• Active Directory – QR/Push
© 2017 Veridium IP Ltd. All rights reserved
Application Authentication
• Attempt logon to application/service (username)
• Either scan QR code on device or push notification sent
• Validate Biometrics – 4 Fingers/Face
• Biometrics verified on VeridiumID server or local device
• Secure Token sent to service to authorize user
• User is securely authenticated into application/service
© 2017 Veridium IP Ltd. All rights reserved
Application Authentication
Securing biometric data is paramount. A breach of your system would expose a full set of biometric user data.
Biometric data is for life, it cannot be reset.
© 2017 Veridium IP Ltd. All rights reserved
Biometric Storage
Our Distributed Data Model is a multi-part process that covers the encryption and storage of the biometric vector. First, the captured biometric is encrypted with Visual Cryptography. This allows
us to encrypt the vector randomly into two separate pieces. Then, one is stored on the mobile device and the other on the VeridiumID server for maximum security.
© 2017 Veridium IP Ltd. All rights reserved
Distributed Data
© 2017 Veridium IP Ltd. All rights reserved
• Is significantly more reliable than other mobile solutions
• Increases complexity of data collected, enhancing security
• Does not require additional hardware above 5MP camera + flash
4 Fingers TouchlessID:
© 2017 Veridium IP Ltd. All rights reserved
• False rejection rate (FRR) is as low as 1.4% which means 98% success rate, regardless of external conditions. 4 Fingers requires no external hardware.
• We just require a 5MP camera and LED flash.
• 4 Fingers is one of the most secure biometrics available.
• More secure than Face and TouchID and Voice
4 Fingers is reliable in any environment
4 Fingers captured print 4 Fingers processed print Traditional Fingerprint Scanner
Minutiae vector
The contactless and contact prints are of comparable quality.The minutia match.
Print Quality
© 2017 Veridium IP Ltd. All rights reserved
Verify the identity claimed by any user, keeping your enterprise data safer and more secure.
Use biometric authentication on desktops (including VDI) and laptops using 4F, Touch or Facial eliminate Active Directory passwords entirely
VeridiumAD also supports offline scenarios.© 2017 Veridium IP Ltd. All rights reserved
1. Replace passwords, use Biometrics as primary or secondary authentication.
2. To log on, user selects their Active Directory account and clicks “Login.”
3. Use authenticates with face recognition from desktop camera or using Mobile device as the authenticator
4. Once verified, user is logged on and can access their Windows applications and data.
© 2017 Veridium IP Ltd. All rights reserved
Active Directory
Enrollment Proxy Registration AuthorityVeridiumID
Domain Controllers Certificate Services
© 2017 Veridium IP Ltd. All rights reserved
AD Architecture
SAML IdP
Authenticate Once
SSO to SAML Enabled Services© 2017 Veridium IP Ltd. All rights reserved
SAML
For more information contact: [email protected]
Phone: +1 877.301.0299 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium
QUESTIONS?
© 2017 Veridium IP Ltd. All rights reserved