• No results found

Adaptive Authentication Integration Options. John Murray Manager, RSA Systems Engineering

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Adaptive Authentication Integration Options. John Murray Manager, RSA Systems Engineering"

Copied!
24
0
0

Loading.... (view fulltext now)

Download now ( 24 Page )

Full text

(1)

Adaptive Authentication Integration Options

(2)

#RSAsummit

What is RSA Adaptive Authentication?

Comprehensive authentication

and fraud detection platform

Powered by Risk-Based

Authentication technology

Measures risk associated with a

user’s login and post-login

activities

Determines level of

authentication required based on

risk, policies, and customer

(3)

#RSAsummit

The Risk Engine

Gathers Facts

Build Profiles, Generates

Predictors, & Learns

Assesses Risk

Internet Protocol (IP)

Information

Proprietary Device

Fingerprints

User Behavior

RSA eFraudNetwork

RSA

Risk Engine

Scoring

Results

(4)

#RSAsummit

(5)

#RSAsummit

On Premise

J2EE Java Based Application

installed and maintained within

a customer’s own datacenter.

Flexible Platform Support

Including:

OS: Windows Server, Red Hat Enterprise

Linux, Solaris and AIX

Application Servers: WebSphere, Web

Logic, JBoss, Tomcat

(6)

#RSAsummit

Hosted

AA fully hosted in the cloud by

RSA.

Integration handled via SOAP

calls over HTTPS.

Access to back office tools

granted via online web portals.

New re-architected 12.0 platform

to be released Q4 2014, running

on an elastic cloud provider.

(7)

#RSAsummit

Integration Method

(8)

#RSAsummit

Direct Integration

Standard code (SOAP) based

integration following

Request-Response model between

Application and AA Server

Customer integrate into their own

applications by developing against

the AA WSDL

Standard methods include:

Analyze, Notify, Query, Challenge,

UpdateUser, CreateUser,

Authenticate

(9)

#RSAsummit

SOAP Request Example

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Body>

<ws:analyze>

<ws:genericActionTypes>SessionSignIn</ws:genericActionTypes>

<ns1:httpAcceptChars>ISO-8859-1,utf-8;q=0.7,*;q=0.3</ns1:httpAcceptChars>

<ns1:httpAcceptLanguage>en-US,en;q=0.8</ns1:httpAcceptLanguage>

<ns1:httpReferrer>http://rsademos.com:8080/demobank/index</ns1:httpReferrer>

<ns1:ipAddress>158.24.172.5</ns1:ipAddress>

<ns1:userAgent>Mozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/537.17 (KHTML, like

Gecko) Chrome/24.0.1312.57 Safari/537.17</ns1:userAgent>

<ws:userName>jmurray</ws:userName>

<ws:userStatus>VERIFIED</ws:userStatus>

<ws:userType>PERSISTENT</ws:userType>

<ws:apiType>DIRECT_SOAP_API</ws:apiType>

<ws:requestType>ANALYZE</ws:requestType>

<ws:version>7.0</ws:version>

<ws:callerCredential>Password</ws:callerCredential>

<ws:callerId>Caller</ws:callerId>

</ws:analyze>

</soapenv:Body>

</soapenv:Envelope>

(10)

#RSAsummit

Credential

store

Customer

browser

Web

servers

App servers

App

database

Firewall

DMZ

Firewall

TRUSTED ZONE

AA SaaS – Direct Integration Architecture

RSA Adaptive

Authentication

(SaaS)

INTERNET

(11)

#RSAsummit

Credential

store

Customer

browser

Web

servers

App servers

RSA Adaptive

Authentication

App

database

RSA AA

database

Firewall

Firewall

DMZ

TRUSTED ZONE

AA – Direct Integration

AA On Prem – Direct Integration Architecture

INTERNET

(12)

#RSAsummit

Adapter

Pre-built integrations with popular

enterprise portals

No software development

required

Full customizable pages handle

entire workflow and interaction

with AA Server including:

Enrollment

Forensics Collection

Challenging

Blocking

Current RSA Adapters

RSA Access Manager*

Tivoli Access Manager

CA SiteMinder

Juniper SSL VPN

Cisco SSL VPN

Citrix NetScaler

Microsoft UAG

(13)

#RSAsummit

(14)

#RSAsummit

(15)

#RSAsummit

Mobile Browser - Data Collection

Data collected via JavaScript:

Browser characteristics: Browser type,

version, language, etc.

Device forensics: Time zone, Screen

resolution.

Geolocation: Latitude, Longitude, Accuracy,

Additional Information:

• User Agent String

• IP Address

• Cookie

• FSO

WAP sites:

• WAP header sent as the HTTP header

(16)

#RSAsummit

Mobile Apps – Data Collection

Data elements collected and sent to AA using either Mobile SDK

or a native API

Location information collection

Mobile device identification data

Device model

multitasking

Device

supported

Device Name

Device System

Name

Device System

Version

Language

Wi-Fi Mac

Address

Wi-Fi Networks

data: Station

Name

Wi-Fi Networks

data: BBSID

Wi-Fi Networks

data: Signal

Strength

Wi-Fi Networks

data: Channel

Wi-Fi Networks

data: SSID

Cell Tower ID

Location area

code

Screen size

address book

Number of

entries

RSA Application

(17)

#RSAsummit

What To Protect

(18)

#RSAsummit

Transaction Monitoring

Allows AA Risk Analysis and Actions to be applied to Post

Login Events

Has the ability to monitor both:

Profile Changes – Changes to the user’s password, address,

e-mail, security question, phone numbers, etc.

Funds or Financial Transfers – Add Payee, Add Beneficiaries,

Request Credit Increase, Request Checks, etc.

Events will utilize additional information as part of risk

model. E.g. Payment:

(19)

#RSAsummit

AA Full Event Type List

CREATE USER

DEPOSIT

EDIT PAYEE

ENROLL

FAILED CHANGE PASSWORD

ATTEMPT

FAILED LOGIN

AUTHENTICATION

FAILED OLB ENROLLED

ATTEMPT

OLB ENROLL

OPEN NEW ACCOUNT

OPTIONS TRADE

PAYMENT

READ SECURE MESSAGE

ACTIVATE CARD

ADD PAYEE

CHANGE ADDRESS

CHANGE ALERT SETTINGS

CHANGE AUTH DATA

CHANGE EMAIL

CHANGE LIFE QUESTIONS

CHANGE LOGIN ID

CHANGE PASSWORD

CHANGE PHONE

CHANGE STATEMENT

SETTINGS

CHANGE STU

CLIENT DEFINED

REQUEST CHECK_COPY

REQUEST CHECKS

REQUEST CREDIT

REQUEST NEW CARD

REQUEST NEW PIN

REQUEST STATEMENT COPY

SEND SECURE MESSAGE

SESSION SIGNIN

STOCK TRADE

UPDATE USER

USER DETAILS

VIEW CHECK

VIEW STATEMENT

(20)

#RSAsummit

More Fraud Stopped and Fewer Customers Challenged

Transaction Monitoring

Increase in fraud detected when adding

transaction level protection

Increase in fraud detected from Device

ID to Device ID & eFraudNetwork

(21)

#RSAsummit

Challenge Methods

(22)

#RSAsummit

An additional factor or procedure that validates a user’s identity,

out-of-the-box options include:

“Step-up” Authentication

•Secret questions that have been selected & answered by end user during

enrollment

Challenge

Questions

•One time passcode sent to the end user via phone call, SMS text message or

email.

•Transaction details, such as transfer amount, can be included

Out-of-Band

Authentication

•Dynamic questions that are unique to the end user, and generated from publically

& commercially available data in real-time

•Provided by LexisNexis Identity Verification service (available in US & UK)

Dynamic

Knowledge-Based Authentication

(KBA)

•Allows organizations to use “in-house” or third party method through a RSA

Professional Services engagement

Multi-credential

Framework

(23)

#RSAsummit

RSA Out-of-Band Authentication

RSA Generated OTP

Delivery Method

Channel Delivery

One Time

Password

RSA

Delivery

Phone

Mobile

Landline

SMS

Customer

Delivery

Email

Phone

Mobile

Landline

SMS

(24)

References

Download now ( PDF - 24 Page - 1.21 MB )

Related documents

EIM264 Flexible Governance Govern Your Own Objects in SAP Master Data Governance

Change Request Step 0 Submit Change Request Step 1 Initial Approve Change Request Step 2 Process: Enhance Data Part 1 Change Request Step 3 Process: Enhance Data

Measurement of the top quark mass in the all-jets final state at √s=13TeV and combination with the lepton+jets channel

Lebedev Physical Institute, Moscow, Russia 41: Also at California Institute of Technology, Pasadena, USA 42: Also at Budker Institute of Nuclear Physics, Novosibirsk, Russia 43: Also

BUSINESS BULLETIN No. 162/2011 Monday 19 December 2011

Supported by: Kevin Stewart, James Dornan, Hugh Henry, Kenneth Gibson, Gil Paterson, Annabelle Ewing, Richard Lyle, Margaret Burgess, Dennis Robertson, John Finnie, Roderick

SCOTTISH LIBERAL DEMOCRATS SPRING CONFERENCE

restoration of student grants. Conference welcomes the role of Liberal Democrat MSPs in abolishing the graduate endowment and ensuring that the legal duty on the government to

The Making of a Cultural Icon: The Electric Guitar

Innovation of the electric guitar is especially noticeable with the Gibson Les Paul and the Fender Stratocaster described above, however, another innovative design can

Exploring Brazilian Immigrant Mothers’ Beliefs, Attitudes, and Practices Related to Their Preschool-Age Children’s Sleep and Bedtime Routines: A Qualitative Study Conducted in the United States

Qualitative research methods provide an opportunity to gain an in-depth understanding of Brazilian immigrant mothers’ beliefs, attitudes, and practices related to sleep and

GENERAL INFORMATION FORM_01

Purchase Preference to Micro and Small Enterprises (MSEs) for Supply of Goods / Services will be given as per &#34;Public Procurement Policy for Micro &amp; Small Enterprises