Upload File

multiple credentials-in-the-enterprise

5

Click here to load reader

Upload: hai-nguyen

Post on 17-May-2015

110 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Multiple credentials-in-the-enterprise

V0.13, Anders Rundgren, WebPKI.org 2008

Two-factor Authentication in the Enterprise

It is sometimes claimed that a single enterprise credential can cover all authentication needs of an employee. This has in practice shown to be fairly theoretical for reasons like technical limitations in the infrastructure outside of the enterprise (a smart card typically doesn’t work in public terminals) to privacy reasons (merchants do not really need your company or government ID, they rather need a verified binding to the purchasing organization or simply a valid payment).

Currently two-factor authentication schemes like OTP, PKI, and more recently Microsoft’s CardSpace® are handled by completely disparate issuing, distribution, and usage processes making it difficult for organizations deploying multiple credentials addressing the situation described above.

This presentation outlines a “united” enterprise multi-credential vision in part based on a work-in-progress called KeyGen2.

Page 2: Multiple credentials-in-the-enterprise

V0.13, Anders Rundgren, WebPKI.org 2008

Select Card XSelect Card X

Enhanced TLS or Kerberos client usingPKI for authentication to the Acme intranet

Information Card using PKI forauthenticating to the Acme IdP

Direct Mode Federated Mode

One GUI Paradigm* - Multiple Credentials and Scenarios

John Doe

ID

03450184*) Client-side PKI in TLS can be regarded as managed cards runningin self-issued mode Purchasing Card

John Doe

Page 3: Multiple credentials-in-the-enterprise

V0.13, Anders Rundgren, WebPKI.org 2008

One Time Password

SmartPhone with OTP application support,“emulating” OTP token devices

Direct Mode

Ubiquitous Enterprise Web Access - An OTP “Killer Application”

0453245

John Doe

Standard “PC” (Windows, Linux, Mac)without any additional authenticationmiddleware or hardware

Although not shown, OTP token selection can be performed usingan Information Card GUI as well

Page 4: Multiple credentials-in-the-enterprise

V0.13, Anders Rundgren, WebPKI.org 2008

One Provisioning Step* (using KeyGen2) - Multiple Credentials

The ability for an entity to issue and manage all user credentials “in parallel” makes it realistic offering multiple credentials, each optimized for a set of use-cases. To further reduce help-desk support and increase user-convenience, all credentials from a specific issuer would typically be protected by a single user-defined PIN.

*) From user’s point of view it appears to be a single step while the protocol itself performs 6 to 8 different passes, including asymmetric key-pair generation in the client.

OTP (One Time Password) “seed”

The card logotype was added for supportingan Information Card compatible OTP selection GUI

Managed Information Card(s)You may need multiple cards, where each cardis adapted for a particular federation network

PKI (primarily used for desktop and intranet login)New usage: powering enterprise Information CardsPotential usage: internal signature operations

The card logotype was added for supportingan Information Card compatible PKI selection GUI

Client System

John Doe

ID

03450184

Referencing

John Doe

Single package

Purchasing Card

John Doe

Page 5: Multiple credentials-in-the-enterprise

V0.13, Anders Rundgren, WebPKI.org 2008

And in What Should We Keep All these Credentials?

http://middleware.internet2.edu/idtrust/2008/slides/03-pekka-roaming-identity.pptMaybe these guys are on to something?


"Pain is temporary, pride is forever". Multiple Perspectives Conference Military Credentials on Campus Helping Students in Need

Acquire End-User Credentials...•Credentials,onpage34 •TroubleshootingAuthentication,onpage36 Overview ofAcquire End-User Credentials Server AuthenticationScheme SupportedNetworkProtocol

Nextdoor's Credentials

Guidance Credentials

Managing Email Within Multiple Lines of Business Within the Enterprise

Youth:Ink credentials

Digital Credentials for Micro-Credentials

Request for Proposal Information Technology Credentials ... · PDF fileRequest for Proposal Information Technology Credentials Training ... Information Technology Credentials Training

Nourish credentials

Cooperative Packet Recovery in Enterprise WLANs - UIUCsynrg.csl.illinois.edu/papers/Epicenter_final_camera.pdf · Cooperative Packet Recovery in Enterprise WLANs ... bines multiple

Ad+ Credentials

FY 2010 Contracts. CH-53M Most common problems Description of Services Credentials Third Party Billing Wording Payment amount Multiple Contracts Information

Remote Services - Philips · 2020. 9. 25. · two-factor authentication via a timed one-time password and Philips Enterprise Single sign-on. Philips Enterprise credentials follow

BlackBerry Enterprise Server Resource Kit - 5.0 ... · Authentication credentials ... Storing an encrypted set of authentication credentials in the Windows registry ... Extracting

Blockchain: What Partners Need to Know - Winning is Everythingwinning-is-everything.com/assets/files/Blockchain_What_Partners_Ne… · Same credentials with multiple systems, still

The digital enterprise infrastructure · regulatory authorities, partner laboratories and industry technology leaders, helps all stakeholders receive the compliance credentials they

Large Enterprise with Multiple Locations Source: Avaya

Extended Enterprise Design Guide for non-fabric and …Enterprise networks, devices, hosts, and services. Frequently, enterprise networks spread across multiple bu ildings and multiple

Aisect credentials

Lean Data Management - Winshuttle · Process control • Credentials & Licenses • Centralized configuration Collaboration ... • Replaced manual consolidation of data from multiple

Credentials line 1 Credentials line 2 Credentials line 3 Credentials line 4 Credentials line 5 Delete this text and insert presenters name here

Alignment of Multiple Enterprise Programs - CoreNet … · Alignment of Multiple Enterprise Programs Dan Boutross SVP, Global Workplace Planning Exec , Bank of America CoreNet Global

Windows Azure Enterprise Role ARole B Role C (multiple VM’s) Windows Azure Enterprise Dev machines Databases Relay

Oct09 Credentials

Laser Enterprise: Lessons Learned - Swissphotonics...Today Laser Enterprise multiple is round 1 – Laser Enterprise would be 50M$ worth in 2008 – P/E Rather used for established

MEASURING ENTERPRISE SYSTEMS SUCCESS: THE IMPORTANCE …eprints.qut.edu.au/4732/01/SederaGableChan2004ECIS.pdf · MEASURING ENTERPRISE SYSTEMS SUCCESS: THE IMPORTANCE OF A MULTIPLE

Proforma Credentials

Apple for Enterprise...Unbeatable Credentials 01 04 05 02 06 03 Apple for Enterprise Call your PCM Mobility Expert today to learn more. 1-800-700-1000 | PCM.com DS100110REVA122012

VA Enterprise Design Patterns: 5. Enterprise Mobility 5.2 ... · • Enable Always-On Virtual Private Network (VPN): A Veteran currently enters credentials as many as three times

North55 Credentials

How Hackable is Your Smart Enterprise?...and destroying critical equipment Obtaining user credentials Extracting Wi-Fi credentials to carry ... intercept data, escalate privilege and

Teaching Credentials 1 teaching-credentials/) TEACHING

Large Enterprise with Multiple Locations

Agency Credentials

Applying Credits to Multiple Credentials · to senior credentials (such as, where a student uses credits in a diploma to block transfer into a degree) was outside the scope of this