Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

1

Intel Identity Protection Technology

Enabling improved user

Enabling improved user- -friendly strong authentication in VASCO's latest friendly strong authentication in VASCO's latest

generation solutions

generation solutions

June 2013

Dirk Roziers

Market Manager

PC Client Services

Intel Corporation

Copyright

Copyright ©©2013, Intel Corporation. All rights reserved.2013, Intel Corporation. All rights reserved.

2

Your questions coming into this session

1. What improved user-friendly authentication is this all

about ?

2. What is it that Intel offers to support this ?

3. What is it that VASCO offers to support this ?

3 3

eBanking use case

4

Garanti example – existing login using hardware

token generated OTP

5

Enter hardware token generated

One-Time Password

for

2

factor authentication

Garanti example – existing login using hardware

token generated OTP

6

Garanti example – existing login using hardware

token generated OTP

7

Garanti example – existing login using SMS

generated OTP

8

Garanti example – existing login using SMS

generated OTP

9

Garanti example – existing login using SMS

generated OTP

10

Garanti example – NEW NEW : login on an IPT system

11

Garanti example – NEW NEW : login on an IPT system

12 12

I see the benefits

so it’s most likely giving up some security

No, it’s not

13 13

Enterprise VPN use case

14

VPN example – existing login by typing in a

hardware token generated OTP

15

VPN example – NEW NEW : login by “copy - paste” of

OTP

16834096

16834096 ^{copy copy}

My VPN token

My VPN token - - ^{X X}

16 16

I see the benefits

but it’s not really something new is it

well … it is

17 17

B2B and B2C Websites

18

B2B / B2C example – traditional login with

username and password only

19

B2B / B2C example – NEW NEW : login with

Mydigipass.com OTP

20

B2B / B2C example – NEW NEW : login with

Mydigipass.com OTP – phone or token needed

21

B2B / B2C example – NEW NEW : login with

Mydigipass.com OTP – no phone / no token

22 22

Same as before, I see the benefits

But aren’t you giving up some security here

Same answer: no, we’re not

23

16834096

16834096 ^{copy copy}

My VPN token

My VPN token - - ^{X X}

My VPN token

My VPN token

0 9 7

4

3

1

8

2

6

5

Enter PIN

Enter PIN

Add more security – NEW NEW : PIN protect the

automatic OTP release

24 24

I get it

But it’s really nothing special

Not if you’re not a malware

25

Confirm $50,000 transfer

to account # 9237-4602

What User Sees What Malware Sees

My VPN token

My VPN token

0 9 7

4

3

1

8

2

6

5

Enter PIN

Enter PIN

My VPN token

My VPN token

0 9 7

4

3

1

8

2

6

5

Enter PIN

Enter PIN

16834096

16834096 ^{copy copy}

My VPN token

My VPN token - - ^{X X}

Here’s what malware, MitB, MitM sees

X X

26

Embedded in Webpage ….

27

This is what malware sees

28

Protected Transaction Display

View seen by a user View seen by malware

Bank generates an encrypted image with transaction details and sends it to the user’s PC

Encrypted bitmap; On‐screen randomly 

placed keypad

Remote PTD can run any size overlay 

and include text, logos, etc.

29

Your questions coming into this session

1. What improved user-friendly authentication is this all

about ?

2. What is it that Intel offers to support this ?

3. What is it that VASCO offers to support this ?

30

Hardware-based Security into the platform

Main CPU

Main OS

ME DLL

Win OS

Win App s Bro w sers Malware ME-based App s

chipset

Hardware based security

isolated from the host

“ME” Firmware +

Security Hardware

Separate RAM/Crypto

31

Hardware-based Security into the platform

Separate Work Space Enables Strong Root of Trust for Security Services

ƒ Security and Manageability Firmware

ƒ Improved isolation from Host execution environment

ƒ Separate memory, Separate Crypto, …

ƒ Security building blocks:

ƒ Protected Timers, Secure Key Storage, …

“ME” Firmware +

Security Hardware

Separate RAM/Crypto

Main CPU

Main OS

ME DLL

Win OS

Win App s Bro w sers Malware ME-based App s

chipset

32

How It Works: Intel Components

Intel ^® Identity Protection Technology (IPT)

ƒSecurity features built into the chipset

ƒSecurity Service algorithm applet runs

in the firmware

Intel IPT

generates OTP

in isolated space

(Intel ME) ₆₉₈₇₃₁

33

Intel® Identity Protection Technology

roadmap

ƒ Mid 2013 on all Core™ systems and extending to Atom™ based phones and

tablets in 2H 2013

ƒ To become ubiquitous in worldwide Intel platforms

Core™

Desktops

Ultrabooks™

Atom ™ Tablets

Atom ™ Phones

2012 2013 2014

vPro™ Desktops &

Laptops

Core™ Laptops

Core™ Tablets

Install Base

Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel

Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporatiologo are trademarks or registered trademarks of Intel Corporation.n.

*Other names and brands may be claimed as the property of others

*Other names and brands may be claimed as the property of others..

34

Your questions coming into this session

1. What improved user-friendly authentication is this all

about ?

2. What is it that Intel offers to support this ?

3. What is it that VASCO offers to support this ?

35

Intel® Identity Protection Technology

Authentication

Server

Website

Consumer - Enterprise

Token Record Storage

Provisioning

&

Verification

Services

Internet

In Premise or

Cloud or Mixed

In Premise or

Cloud or Mixed

building blocks

Service solution

*Other names and brands may be claimed as the property of others

*Other names and brands may be claimed as the property of others..

36

Intel® Identity Protection Technology

integration into VASCO’s solutions

VASCO’s methods for 2FA

Website -- Application

37

Intel® Identity Protection Technology

Intel® Identity Protection Technology

complements / extends

the existing 2FA with:

ƒ Hardware based

ƒ User friendly

strong authentication solution

*Other names and brands may be claimed as the property of others

*Other names and brands may be claimed as the property of others..

38

Why is this relevant to you ?

ƒ Complements existing 2FA

with :

ƒ Hardware based

ƒ User friendly

strong authentication solution

ƒ Enhance brand value &

reputation

ƒ Complements existing 2FA

with

Your Customer’s Benefits

ƒ Easy to use

ƒ Protects against many types

of attacks

ƒ Opt-in gives you freedom

39

Legal

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR

IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY

WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

No system can provide absolute security under all conditions. Requires an Intel® Identity Protection Technology-enabled system, including a 2nd or 3rd gen Intel® Core™ processor enabled chipset, firmware and software, and participating website.

Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages.

For more information, visit http://ipt.intel.com.

Intel, Intel Core, Ultrabook, Insider, vPro, Atom and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

*Other names and brands may be claimed as the property of others.

Copyright © 2013, Intel Corporation. All rights reserved.