risk-appropriate authentication – a vision of tomorrow

Per Hägerö

CTO

risk-appropriate authentication?

1

2

3

What are your options?

4

KBA: Lexical

KBA: Graphical

Token: OTP

Token: PKI

Token: OOB

Biometrics: Biological

Biometrics: Behavioral

Something only you know (hopefully) Something you hold

Something your are

Risk levels (NIST SP 800-63-1)

5

Minimal

High

Medium

Low

Risk levels (NIST SP 800-63-1)

6

Minimal

High

Medium

Low

Lexi

cal

OTP

PK

I

OO

B

is it that easy?

7

NO! 8

There are a number of needs and constraints you need to consider  Who are you authenticating?  Where are they?  What will they use it for?  What end-points are they using?  Are there any regulations?  What is the available budget?  What is the risk?  Others?

9

all set?

10

not yet…

11

consider the aspect of identity proofing

12

≤ 100 %

13

14

IDE

NTI

TY P

RO

OFI

NG

AUTHENTICATION

15

IDE

NTI

TY P

RO

OFI

NG

AUTHENTICATION

16

IDE

NTI

TY P

RO

OFI

NG

AUTHENTICATION

IDENTITY ASSURANCE

17

Assurance

Ease-of-use Adjacent needs

TCO

Considerations

18

19

trends

20

ease of use

21

less is more

22

user centric

23

authenticate once

24

layered approach

PRESENTATION TITLE

25

Whats up at Nexus Labs?