Upload
ca-technologies
View
2.680
Download
1
Embed Size (px)
DESCRIPTION
Mobility changes everything. Mobile devices can be used for everything from authenticating people to websites and eCommerce transactions through mobile in-store payments. They are a user’s identity, their payment device and can even replace their wallets. Learn about new authentication techniques as well as new mobile capabilities for contactless payments that will make this a reality. For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm
Citation preview
ca Securecenter
My Phone is Me;Hot Topics in Authentication
R ‘Doc’ Vaidhyanathan
SCX10S #CAWorld
CA TechnologiesVP, Product Management
2 © 2014 CA. ALL RIGHTS RESERVED.
Abstract
R ‘Doc’ Vaidhyanathan
CA Technologies
VP Product Management
Payment Security
Mobility changes everything. Mobile devices can be
used for everything from authenticating people to
websites and eCommerce transactions through mobile
in-store payments. They are a user’s identity, their
payment device, and can even replace their
wallets. Learn about new authentication techniques as
well as new mobile capabilities for contactless
payments that will make this a reality.
3 © 2014 CA. ALL RIGHTS RESERVED.
Authentication – Traditional Ideas
Something that you KNOW
Something that you
HAVE
Something that you
ARE
4 © 2014 CA. ALL RIGHTS RESERVED.
The Mobile Device
Brings together something that you HAVE and something that you ARE
Is your mobile separate from you?
5 © 2014 CA. ALL RIGHTS RESERVED.
Something about mobile devices
Everyone has one.
Everyone has their own.
Everyone (almost) has just one (may change from time to time, but one current).
And, it is not shared!
6 © 2014 CA. ALL RIGHTS RESERVED.
Mobile Devices and Authentication
Authenticate WITH
Authenticate TO
Authenticate THROUGH
7 © 2014 CA. ALL RIGHTS RESERVED.
Authentication Schemes
Lifelong
Thumbprint
Drivers License
Years
Work badge
Credit/Debit Card
Days
Hotel room key
Boarding Pass
8 © 2014 CA. ALL RIGHTS RESERVED.
Authentication Components
Credential
Provisioning & Lifecycle
Management
Usage on-demand
Validation, reconciliation and fallback
9 © 2014 CA. ALL RIGHTS RESERVED.
Mobile Device for Authentication – Significant benefits
Provisioning Integration Through Apps Same device used through lifecycle
Multi-mode Usability Visual – something user can view and enter
Interactive – direct interface at POI
Automatic – backend without user interaction
Retention of usage history User audit possible
10 © 2014 CA. ALL RIGHTS RESERVED.
Mobility Trends
A BILLION CONSUMERS WITH SMARTPHONES BY 20161
USER LOCATION AVAILABLE FOR AUTHENTICATION
MOBILE AUTHENTICATION AND SECURITY WILL BECOME HUMAN-FACTOR FRIENDLY2
1) ‘Forrester Research Mobile Adoption Forecast, 2012 to 2017 (US); February 28, 2011, “Mobile App Internet Recasts The Software And Services Landscape”, 2) Forrester Top 15 Trends S&R Pros Should Watch: 2014” 1) ‘Forrester Research Mobile Adoption Forecast, 2012 to 2017 (US); February 28, 2011, “Mobile App Internet Recasts The Software And Services Landscape”, 2) Forrester Top 15 Trends S&R Pros Should Watch: 2014”
11 © 2014 CA. ALL RIGHTS RESERVED.
New Enterprise Applications
PROXIMITY AUTHENTICATION VIA MOBILE
BIOMETRICS,MOBILE, WEARABLES
REPLACE “PLASTIC” BADGES TO OPEN DOORS
PROVIDE TAP AND PAY TO CUSTOMERS
12 © 2014 CA. ALL RIGHTS RESERVED.
Mobile Wallet – The Promised World?
Simply ‘tap’ or wave mobile device over reader.
Insert ‘chip’ card and enter PIN.
Swipe ‘mag-stripe’ through reader.
Well-established infrastructure Current, default setup
Adopted in Europe Being rolled out in Asia, U.S.
Burgeoning mobile devices Potential for value added services
Susceptible to card cloning Expensive infrastructure Evolving standards, options
13 © 2014 CA. ALL RIGHTS RESERVED.
Mobile EcoSystems
NFC Controller
Secure Element
What’s next?
Initial rollouts with card data stored in secure element, all apps that access NFC controller
managed by the carriers
Landscape is still evolving for Blackberry, Windows and older Android based
mobile devices
Apple Pay on iPhone 6 and iPhone 6 Plus. Secure
Element controlled by Apple
Android 4.4 (Kit Kat) based mobile sets allow other
apps (including Host Card Emulation – HCE) to access
NFC Controller
14 © 2014 CA. ALL RIGHTS RESERVED.
Using Mobile as the Payment “Card” Core Sub-Systems
Personalize and set individual card details.
Verify user and device prior to provisioning.
Support card life cycle.
— lost/new phone
— card renewal
— profile changes
1. Provisioning Rapid and easy ‘tap’ to pay
experience.
Enable/disable ‘card’ if required.
Exceptions — error messages for troubleshooting
Alternate options
2. Making Payments
3. Back-end infrastructure to authorize the new payment method/messages
15 © 2014 CA. ALL RIGHTS RESERVED.
CA Solution - Overview
CA Mobile Wallet Server
NFC Controller
Issuer App
Software Vault Library
Card Issuer System
Setup / ProvisioningKey Exchange
Provisioning &Lifecycle Management
PurchaseEMV Standard
ISO MessagesAuthorization
Tokenization & De-tokenization
(optional)Card Network
+ Acquirer
CA Mobile Wallet Screen Shots
17 © 2014 CA. ALL RIGHTS RESERVED.
Provisioning – Start
Click to scan card.
18 © 2014 CA. ALL RIGHTS RESERVED.
Provisioning – Complete
19 © 2014 CA. ALL RIGHTS RESERVED.
In-Store Purchase (“Tap-and-Pay”)
20 © 2014 CA. ALL RIGHTS RESERVED.
Online Payment (“Scan-and-Pay”)
21 © 2014 CA. ALL RIGHTS RESERVED.
For More Information
To learn more about Security,
please visit:
http://bit.ly/10WHYDm
Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;
ensure it links to correct pageSecurity
22 © 2014 CA. ALL RIGHTS RESERVED.
For Informational Purposes Only
© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Terms of this Presentation