Upload
fujitsu-global
View
275
Download
4
Embed Size (px)
Citation preview
0 Copyright 2016 FUJITSU
Fujitsu Forum 2016
#FujitsuForum
1 Copyright 2016 FUJITSU
Security in the Palm of your Hands
Thomas Bengs
Director & Head of PalmSecureTM EMEIA
Fujitsu Technology Solutions
2 Copyright 2016 FUJITSU
About Identity…
Each creature is unique and it has its own individual identity
It starts from that our parents give us our identity at our birth
Our first identity document is the certificate of birth
Later on we get our 1st passport and national id card
But we also get other and we also collect other identity instruments during our live:
• Driver License, insurance cards, debit cards, credit cards, loyalty cards, email accounts, PC accounts, bank accounts, online shopping accounts, e-government accounts, travel accounts, memberships, etc. etc. etc.
3 Copyright 2016 FUJITSU
Identity abuse – Identity theft…
It is not possible to steal somebody's individual identity, but it is possible to abuse it…
Online shopping, Online bets, Online auctions, Online banking
Name abusing in blogs
Creating fake profiles in social networks
Pretense of fraud facts
Fake president attacks
Payment diversions
Social identity attacking
4 Copyright 2016 FUJITSU
The Reality is…
49,2%
19,2%
15,8%
9,9%
5,9%
3,5% 3,3%
3,7% Government / SocialSec. Fraud
Other Fraud
Credit Card Fraud
Phone & UtilitiesFraud
Bank Fraud
Loan Fraud
How Victims identity is misused in 2015 USA 0
500.000
1.000.000
1.500.000
2.000.000
2.500.000
3.000.000
3.500.000
2012 2013 2014 2015
Fraud Complaints
Other ConsumerComplaints
Identity TheftComplaints
Total
Identity Theft & Fraud Complaints 2012 -2015 in USA
Source: Federal Trade Commission, Consumer Sentinel Network, 2016
15 Billion US$ stolen from 13,1 Million US citizens
112 Billion US$ have been stolen by Identity Thieves the last 6 years
Identity Theft increased by more than 47% from 2014
As US credit cards became more protected the ID theft focus moved to new account fraud
Many ID thefts have been caused by personal information collected by ID thieves in the internet
5 Copyright 2016 FUJITSU
How to protect my ID?
Our passports, national ID cards using biometric features
However, we daily use desktops, tablets, mobiles to get into the internet to perform operations and actions requiring our ID
We are using Pins, Tokens, Smartcards, Passwords, Images to secure our user name which stands for our ID
We try to make it more safe by using multiple factors, but…
6 Copyright 2016 FUJITSU
…is that really safe enough?
Large corporations reported a cyber
breach in the past year
93 %
Small businesses reported a cyber breach
in the past year
87 %
The time it takes for 60% of security vulnerabilities
to be identified
9 Months
Source - Mandiant
It is not anymore a question of „if“, but more a question of „when“ it will happen
7 Copyright 2016 FUJITSU
We need to establish a strong IAM
Business
Access Management Identity Management
User Roles / Groups Resources
Technology
Membership Access Right
Identity Access Management is not just a product – it is a SOLUTION
IAM starts with identification but it includes then also the way of communication forward & backward to/from the resources to work
with
• Business: - Defining the the IAM processes like
access rights, protection levels,
protected areas, building up a
meta directory
• Technology: - Interfacing the different applications
and platforms to interact together
• Enterprise Access Management:
- Defining access roles / groups
- Defining authentication processing
- Defining identitity management
- Defining external access management
8 Copyright 2016 FUJITSU
A real world IAM example with Fujitsu PalmSecure
Your best choice to build up an IAM solution
9 Copyright 2016 FUJITSU
Why Biometrics is the right choice for IAM
Risk of Fraud Ownership Knowledge Biometrics
To be transferred Yes Yes No
To be stolen Yes Yes No
To be forgotten Yes Yes No
To be copied Yes Yes No
To be lost Yes Yes No
To be altered Yes Yes No
Keys Password VeinTokens Pin Iris
Smart Cards "Selfie" FingerprintFaceVoice
Key stroke
Known methods
Possible authentication methods Precision of Biometrics
Biometrics clearly is the superior method for processes requiring authentication
10 Copyright 2016 FUJITSU
How PalmSecure works
Hand positioned over sensor
Sensor focuses & detects live hand
Hand scanned with infrared light
Hand veins recorded
Secure biometric template stored
Biometric template converted individual key assigned & 2nd
AES encryption
Transmitted to PC
1st AES coding
11 Copyright 2016 FUJITSU
PalmSecure at a glance
Very hygienic because contact-free
Easy and intuitive operation
High level of privacy because hidden under the skin
Palm veins are complex >5 million reference points
Palm has thicker veins than fingers – easier to identify
Palm veins are not sensitive to external factors
Hidden under the skin
Unique (even in the case of twins)
Traits do not change for entire lifetime
Live hand detection: only used if blood circulation detected
1 Highest level of security & performance
Extremely precise
Accepted everywhere 2 3
12 Copyright 2016 FUJITSU
PalmSecure Portfolio Overview
OEMs & SIs Desktop Application Platform Software
• PS Sensor
• PS SDK
• PS U-Guide
• PS Embedded ARM Board
• PS PC Mouse
• PS Sensor Guide Kit
• PS Desktop Sensor
• PS USB Stick (planned)
• PS ID MATCH
• PS ID MOBILE
• PS ID ACCESS / T&A
• PS Ultra Secure Thin Client
• PS Truedentity
for client / server / web service
• PS Biolock for client / server
• PS Ultra Secure Thin Client
Linux/ Citrix /VMware
• Workplace Protect Client
• PS Secure Printing
• mPollux
State of the Art Biometrics for
• Industry
• Automotive
• Social Security
Secured Log in / SSO for:
• LEs & SMEs
• Banks & Insurances
• Gov. & Public Sector
High Level Security for:
• Gov. & Public Sector
• Retail & Banks
• Critical Infrastructures
Solutions which fits:
• Log in / SSO / Web services
• Mobile / Payment Security
• Cloud Security
13 Copyright 2016 FUJITSU
Client Computing Devices with PalmSecure Option
LIFEBOOK U904 Ultrabook PalmSecure™
CELSIUS H760 Workstation PalmSecure™
LIFEBOOK U745 Notebook PalmSecure™
LIFEBOOK S936 Notebook PalmSecure™
ESPRIMO Q956 Desktop PalmSecure™
STYLISTIC Q736 Tablet PalmSecure™
Super-thin and light 14-inch business Ultrabook™ at 19 mm and 1.55 kg – optional unique anti-glare touch display
Variety of interfaces – VGA and DisplayPort
2nd Fujitsu Ultrabook™ that supports patented PalmSecure technology, optional port replicator
World's first notebook with integrated PalmSecure
Only .61 inches thick and weights just above 3 lbs
Ultra-sharp frameless 14-inch WQHD + IGZO display -Touchscreen option
Workstation performance for mobile use, extremely secure with PalmSecure
15.6-inch workstation with comprehensive set of ISV certifications combines top performance with numerous connectivity options
True Workstation Performance On-the-Go Intel® Core™ i5, i7 and Xeon processors Professional NVIDIA® Quadro® graphic cards with up to 660 CUDA cores
Best screen real estate on 13.3-inch anti-glare display
Best-in-class connectivity including NFC & PalmSecure option
Boosted efficiency with optional accessories, common cradle
Comfortable viewing experience with clear-cut WQHD IGZO or FHD 13.3-inch display with optional touch
Ultimate security supported by patented PalmSecure
Unlimited computing with 24 hours battery runtime and unique-in-its-class modular bay concept
Up to 6th Gen Intel®
Core™ i7 vPro™ processors
Flexible bay – select security or storage devices, such as SC reader, PalmSecure or optical drives
Lowest power consumption
Zero Noise PC – whisper quiet operation in the office
Integrated VESA mount
14 Copyright 2016 FUJITSU
Components
■ Sensors with palm rest (SDK for integration needed)
■ Available sensors:
■ M1E (for OEM‘s)
■ MP1 (SL Sensor)
■ MP2 (inside Notebooks)
■ M5 (successor of M1E, Launch in Q2/2017)
15 Copyright 2016 FUJITSU
PalmSecure Generationen
2004 2006 2008 2012
LxBxHmm 80x80x35 35x35x27 27x27x11 20x20x6
Erste Generation mit Fujitsu Unique API
M1/M1E mit Bio API
MP1 SL Type Desktop
MP2 Notebook Type
16 Copyright 2016 FUJITSU
NEU! -PalmSecure Serie M5 – PalmSecure F pro
Arithmetic logical
unit
Memory
CMOS Sensor USB I/F
CPU
Encrypting Function
Aufbau M5 Sensor
• Die CPU hat u.a. eine Verschlüsselungsfunktion
• Auf Programme und Daten des Memory‘s wird über die Verschlüsselungsfunktion zugegriffen
• Der Schlüssel ist für jeden Sensor unterschiedlich
Verfügbar in März 2017
17 Copyright 2016 FUJITSU
*1 : Default is normal power mode. Can be switched by setting.
*2 : Specification of 1 to 10,000 is only supported by I33-format mode on Enterprise Edition.
*3 : Authentication Library V30 and later is supported.
Items PalmSecure Sensor/V2
M5 sensor
External dimensions 35×35×27(mm) 29×29×13(mm)
Types Bare Standard Mouse
Bare Standard Mouse
Guide Stand Guide (flipflop) Mouse Guide U Guide
Standard Guide Mouse Guide U Guide
Material of Sensor’s Surface
Glass Glass
Capturing range
Enrollment : 40~60mm Verification : 35~70mm
Enrollment : 40~60mm Verification : 35~70mm
Host interface USB2.0 USB2.0 USB3.0
Power supply mode - Normal power mode *1 High power mode(USB3.0 only)
Lighting tolerance Enrollment : 2,000lux Verification: 3,000lux
Enrollment : TBD Verification: Normal power mode : 5,000lux High power mode : 80,000lux
Usage environment 0~60℃ To be decided within the range of -40~85℃.
Items PalmSecure Sensor/V2
M5 sensor
Sensor Security - Encrypting the data on the memory of sensor. Genuine check function
Functions/ Features
1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture
1 to 1 verification 1 to N identification (10,000) *2 I33-format mode I-format mode With/without guide mode Continuous Capture
Compatibility - M1E templates supported *3
Authentication accuracy
■I33-format (Capture 2 time) FRR : 0.01% FAR : 0.00001% ■I-format (Capture 1 time) FRR : 0.01% FAR : 0.00008%
Same as M1E (Except for the compatibility authentication between M5 sensor and M1E sensor
Template size (byte)
I33-format : Maxinum15,000 I-format : Maximum 3,072
I33-format : Maximum 15,000 +For new function(TBD) I-format : Maximum 3,072
Processing time
Capture(1 time) : 850ms Verification : 150ms
TBD
PalmSecure M1E Vergleich zu PalmSecure M5
18 Copyright 2016 FUJITSU
ID-Match platform
■ Programmable
■ Supports multi-factor authentication
■ Network interface
■ New I/O module (Relais, Wiegand protocol)
Physical Access Control Applications
Financial Transaction Applications
POS / Retail Applications
Multi Card Applications
Social Security Applications
19 Copyright 2016 FUJITSU
Portfolio element
■ Secure access ■ Access control, authorized access only ■ Variety of application areas and usage
scenarios
Application area
■ Data center ■ Facilities and large building complexes ■ Turnstiles (e.g. public transportation,
Casinos) ■ Locker (e.g. Banks) ■ Stadium protection
More information
■ Fujitsu Terminal PSN900 standalone or centrally managed
■ Fujitsu platform ID-Match with I/O plugin ■ Further solutions in cooperation with OEM
partners
Access control
20 Copyright 2016 FUJITSU
Time & attendance
Portfolio element
■ Secure recording and monitoring of the presence of authorized personnel
■ Automation of processes, e.g. accounting and social security
■ Possible SAP integration
Application area
■ Manufacturing plants (industry) ■ Food industry ■ Pharmaceutical industry
More information
■ Actual solutions in cooperation with OEM partners
21 Copyright 2016 FUJITSU
Fujitsu Workplace Protect
Software Workplace Protect
■ User Authentication for Microsoft Windows using ■ PalmSecure ■ SmartCard ■ Fingerprint ■ RFID card ■ Face recognition
■ Pre-boot Authentication based on PalmSecure, fingerprint or SmartCard to be presented at BIOS level
■ Multifactor Authentication (MFA) ■ Template-On-Card for fingerprint and palm-vein ■ Additional secret (e.g. personal password in addition to
biometric data) ■ Configurable Single-Sign-On to Microsoft Windows ■ Password Safe, stores your secret login details needed to logon to
protected websites ■ Encrypted Container, a virtual disk encryption to protect important
user data
PA
LM S
EC
UR
E
22 Copyright 2016 FUJITSU
Realtime bioLock™ for SAP
Software bioLock™
■ Control and monitoring of SAP applications based on customer-defined checkpoints with renewed authentication
■ The only SAP certified biometric security solution ■ Granular security configurable on screen or field level ■ Maximum security level for SAP applications and transactions
Secure SAP transactions
PA
LM S
EC
UR
E
■ Fraud prevention
■ Protection of data against unauthorized reading / export
■ Controls and authorizes financial transactions
■ SAP transaction monitoring and logging
■ Granular secured processes, e.g.
■ Financial transactions ■ Personal data ■ Customer data ■ ...
23 Copyright 2016 FUJITSU
Authentication platform truedentity
Portfolio element
■ Secure access with electronic identities ■ Central authentication service for distributed
organizations ■ 2-factor authentication (Biometrics and ID-
card / user name)
Application area
■ Authentication of Windows Clients in AD environment
■ Authentication of Web-applications (supports Kiosk devices)
■ Authentication based on embedded devices (ID-Match)
More information
■ Actual solution in cooperation with OEM partner OpenLimit
■ Cloud based solution (private or public Cloud)
24 Copyright 2016 FUJITSU
The UltraSecure IAM solution for an Enterprise…
Secured Access Log In / SSO Time Attendance Secured DMS Consuming
Single software platform Supporting Linux, eLux,
Vmware, Citrix, MS IOT MS Embedded
Secured file transfer
Central administration Central data base like
MS AD, or SQL Virtualization
25 Copyright 2016 FUJITSU
Where we will go next…
Biometric Security demanding Areas
Enterprise Mobile Payment Financial Transactions Healthcare
DatacenterEntertainment /
Recreation / EventsAutomotive Logistics Government / Industry
Video Surveillance Mobile Apps IDaaS/Cloud Physical Access Control
Time Attendance Log in / SSO Web Services Perimeter
Biometric Solution Portfolio Elements - Single Platform
Biometric Modality Hardware Platform
PalmSecure FingerprintFace Recognition / Iris
RecognitionVoice Recognition
26 Copyright 2016 FUJITSU
And please – do not forget…
27 Copyright 2016 FUJITSU