Upload File

usher functionality

15
The Usher Identity Platform A description of MicroStrategy’s mobile identity solution

Upload: mark-fazackerley

Post on 24-May-2015

595 views

Category:

Technology


3 download

Report

Tags:

TRANSCRIPT

Page 1: Usher functionality

The Usher Identity Platform

A description of MicroStrategy’s mobile identity solution

Page 2: Usher functionality

2

Usher System Overview .........................................................................................................3

Usher Mobile .........................................................................................................................6 Peer-to-Peer Validation.......................................................................................................................................... 7

In person validation .................................................................................................................................................... 7 Over the phone validation ........................................................................................................................................ 7 Group identity validation ......................................................................................................................................... 7 Local proximity broadcast ....................................................................................................................................... 7

Cyber Security and Systems Access .................................................................................................................. 8 Sign on to workstations ............................................................................................................................................ 8 Access web applications ............................................................................................................................................ 8 Usher for web single sign-on ................................................................................................................................... 8 Single sign-on — mobile apps ................................................................................................................................ 8

Physical Access .......................................................................................................................................................... 9 Digital key ring — tap to open .............................................................................................................................. 9 Usher Stamp — scan to open ................................................................................................................................. 9 Bluetooth sensor (iOS only) ..................................................................................................................................... 9 Key sharing ..................................................................................................................................................................... 9

Biometric Services ................................................................................................................................................. 10 Biometrics to register a new device .................................................................................................................. 10 Biometrics to sign on to Usher Mobile.............................................................................................................. 10 On-demand biometrics for systems access or physical access .............................................................. 10 Biometrics based on risk factors ......................................................................................................................... 10

Directory Services ................................................................................................................................................. 11 All-user list .................................................................................................................................................................... 11 Save to favorites ......................................................................................................................................................... 11 Search .............................................................................................................................................................................. 11 Direct communication ............................................................................................................................................. 11 Temporary team badges......................................................................................................................................... 11

Geolocation Services ............................................................................................................................................ 12 Search based on proximity .................................................................................................................................... 12 Search based on location ........................................................................................................................................ 12 Map view ........................................................................................................................................................................ 12 Punch in / punch out ................................................................................................................................................ 12

Usher Intelligence ................................................................................................................ 13 Map of most recent activity ................................................................................................................................... 13 Time view ....................................................................................................................................................................... 13 Direct communication with users ...................................................................................................................... 14 Cyber security, risk-factor analysis, entry analysis, and biometric usage analysis ..................... 14

Usher Manager .................................................................................................................... 15 Provision and revoke badges and keys ............................................................................................................ 15 Set additional security levels ................................................................................................................................ 15

Page 3: Usher functionality

3

Usher System Overview Usher mobile identity replaces traditional forms of identity Usher is a “mobile identity platform” designed to provide biometric-caliber security for every business process and system access across an enterprise. Usher replaces traditional forms of identity like ID cards, passwords, and keys with a single mobile badge on a user’s smartphone. The Usher app can then be used to electronically validate any person’s identity without plastic ID cards, log in to applications without passwords, open entryways without keys, and execute transactions without signatures or credit cards.

Usher can deliver identities to everything in the enterprise Usher can communicate identities to a wide range of devices and systems within the enterprise including other Usher mobile devices, computers, systems, and doorways. It does so using four different signaling modes:

1. Usher Codes—human-readable time codes of 4 to 8 digits that expire every 30 seconds.

2. Usher Stamps—machine-readable QR codes for scanning.

3. Bluetooth Signals—Bluetooth low energy (BLE) signals that can transmit and detect Usher users in close proximity using very low power consumption.

4. Sight Codes—complex geometric animated fractal images that allow people to identify a valid badge at a glance.

REPLACE TRADITIONAL IDs USHER MOBILE IDENTITY EVERY BUSINESS PROCESS OR SYSTEM

Page 4: Usher functionality

4

Usher mobile identity is more secure The Usher mobile badge is biometrically linked to the user using voice and facial recognition, and it is cryptographically tied to the user’s phone. This prevents the identity from being used by any other person or from any device other than the ones on which it is registered. Unlike traditional forms of identity, Usher identities cannot be lost, counterfeited, or stolen. Usher never presents identity information directly from a smartphone, but rather uses encrypted back-end channels, so identity information cannot be intercepted or copied in transit. Usher is also dynamically linked to existing ID repositories, so identities are always up-to-date.

Usher offers three factors of authentication:

1. Something you are: biometric voice or facial recognition ensures that only one person can access an Usher badge.

2. Something you have: PKI certificates tied to each phone ensure that only personally verified smartphones can send and request a user's Usher identity.

3. Something you know: a phone and/or Usher passcode ensure that only the user who owns the phone can use Usher on that phone.

Usher mobile identity is easier to manage Because Usher badges are digital, they can be instantly issued, revoked, and updated. Administrators have global real-time visibility into every identity interaction, including the time, location, and the systems or doorways being accessed. Usher can automatically adjust the level of authentication required of the user based on behavioral or environmental factors and the resource being accessed. Usher is more convenient for users Users can never lose or forget their mobile identity badge. In the event of a lost or damaged phone, Usher badges can be instantly reconstituted on another smartphone. Usher users also get the added benefit of only ever needing one device for all identity interactions—as long as they have a smartphone, they can log in to systems, open entryways, and identify themselves.

EXISTING ID REPOSITORIES

Page 5: Usher functionality

5

Usher is fast to implement Usher is a cloud based offering hosted in MicroStrategy’s high-security data centers, so it is fast to implement—no hardware, no network, no software to deploy. Alternatively, it can also be offered as on-premises software in the enterprise’s data centers. Usher adheres to standards such as SAML, OpenID, and OAuth to accelerate integration with web-based applications and single sign-on systems. Usher provides a complete enterprise system for identity Usher includes four primary components to deliver the most industrial strength identity and authentication platform on the market:

1. Usher Mobile is an intuitive smartphone app. It contains the user’s mobile ID badge and associated credentials, and verifies the user through voice or face recognition and a passcode. Once Usher verifies the user, he can validate himself to people, systems, and entryways with his mobile phone. Usher Mobile also has directory and geolocation features that allow users to search for co-workers based on credentials or location, and then to communicate with them directly through apps on the phone. 2. Usher Intelligence is the platform’s analytical engine. It collects all Usher Mobile activity across an enterprise, then uses MicroStrategy’s best-in-class analytics platform to display this data in powerful map or list visualizations. Managers can use Usher Intelligence to analyze, filter, sort, and locate Usher Mobile users, or see the trail of activity of one user through a specified time range. 3. Usher Manager is the control center for the entire platform. Administrators can create and provision Usher Mobile badges, send them to users, and revoke them on-demand. They can also set additional security levels for systems or entryways—for example, they can limit where a user has to be to gain access to a particular doorway, or when they can access a high-security system. 4. Usher Vault is the core of the Usher platform. It is a high-performance, highly scalable, highly secure server system that synchronizes identities with enterprise IDM systems of record, and presents those identities to requesting users, systems, and entryways.

Page 6: Usher functionality

6

Usher Mobile Usher Mobile is the native app that runs on Apple and Android smartphones. It has an easy to use interface comprised of a badge that can swipe left-right and up-down to four function panels. The Usher badge

The badge is the center of the Usher user experience. Badges are uniquely branded for a given enterprise and present publicly viewable information like name, title, and a photo.

Bluetooth discovery panel

The Bluetooth discovery panel detects other Usher Mobile users within a configurable range. The panel displays the name, photo, and title of those nearby users.

Key panel

The key panel lets users tap to unlock doors, elevators, and gateways. Virtually any entryway that is controlled by a Physical Access Control System can be opened by Usher keys. Users can arrange their favorite keys into a personal key ring.

Sight code panel

Sight codes are animated, colorful, time-limited fractal images that are impossible to counterfeit and provide instant visual indication that people are members of the same group or have the same credential. They are perfect for fast visual identification of a group of people.

Validation panel

The validation panel includes a built-in QR code scanner and a keypad. This panel lets users capture Usher Codes and Stamps, allowing them to verify identities, unlock doors, and log in to applications.

Page 7: Usher functionality

7

Peer-to-Peer Validation Prior to Usher, personal identity validation was limited to two imperfect systems. The low-cost, low-security system that uses laminated pictures on official-looking cards, which are easily forged, stolen or counterfeited. And the high-cost, higher-security solution that provides electronic validation using dedicated biometric readers or smartcards with card readers or sensors. With Usher, every person with a smartphone can validate any other person’s identity with biometric and electronic accuracy. Usher offers the ubiquity of cards with the security of dedicated readers.

In person validation Any user can validate the identity of another user by typing the time-limited Usher Code or scanning the Usher Stamp of the other individual into the validation panel of their own phone. Almost instantly, the other person’s badge and publicly visible credentials will display on their phone.

Over the phone validation A user can offer his identity over the phone by simply telling the recipient his current Usher Code. The user’s ID is sent to the recipient’s phone or computer through encrypted out-of-band channels directly from the Usher Vault. This is 100x more secure than using a mother’s maiden name or remembering a static PIN.

Group identity validation Every user who has the same badge type (i.e. who is part of the same organization or team) will display identical sight codes, which are animated fractal images that change every few minutes. This allows for quick visual validation of large groups of people, or quick visual identification of specific users in a crowd.

Local proximity broadcast Using the new low energy Bluetooth 4 (or BLE), Usher users can broadcast their IDs to others in close proximity. Only owners of the same organizational badge will be able to view the broadcasted IDs. Using Bluetooth broadcasting, attendance can be taken quickly within large groups of people, or a security guard can rapidly see who is passing through a turnstile or checkpoint without making each person remove his phone from his pocket.

Page 8: Usher functionality

8

Cyber Security and Systems Access Usher lets users log in to workstations, systems, or mobile applications with just their smartphones. This makes passwords—which are inherently insecure because they can be cracked, phished, guessed, intercepted, shared, or stolen in minutes—obsolete.

Sign on to workstations Usher Mobile users can use their phones to automatically log on to and off of computers using Bluetooth. Simply placing one’s phone close to the computer unlocks it and taking the phone away automatically locks it. Or, using Usher Stamps, users can simply scan the QR code presented on the sign on screen.

Access web applications Usher enables people to log in to web applications by scanning the Usher Code presented on the log in screen. Usher automatically submits the user’s identity from the Usher Vault to the application via secure PKI links.

Usher for web single sign-on Usher can integrate with existing single sign-on systems to provide them with a multi-factor biometric authentication front end.

Single sign-on — mobile apps Usher-compatible mobile apps automatically acquire user credentials from Usher to sign people on to their mobile apps without using passwords. As long as a user has previously validated himself to Usher, that person will be automatically signed on to his mobile apps when he launches them.

Page 9: Usher functionality

9

Physical Access Usher keys cannot be lost, stolen, or counterfeited. They are biometrically bound to the person allowed to use them and tied cryptographically to the phone on which they reside. Usher keys are issued and revoked from the central Usher Manager console in real time. Usher bypasses legacy door readers and communicates directly with the Phsyical Access Control System (PACS), so enterprises require no new door reader hardware.

Digital key ring — tap to open Usher Mobile offers a digital key ring where people can tap on the entryway they want to open. Usher offers a list of all entryways a person has authorization to open and lets him organize his favorite keys on the key ring panel.

Usher Stamp — scan to open Another way to open doors is by simply scanning the Usher Stamp affixed to a door. An enterprise can place an Usher Stamp at each entryway. A user captures the Usher Stamp with his validation panel, and Usher communicates with the PACS to unlock the door to which the Usher Stamp is affixed.

Bluetooth sensor (iOS only) For hands-free door entry, Usher offers Bluetooth signaling that can automatically unlock the door without the user needing to remove the smartphone from a pocket or purse. Usher uses Bluetooth to transmit the user’s identity to the PACS, which unlocks the door if the user is authorized to enter.

Key sharing Authorized users can share keys via email or by offering a time-limited Usher Code. Usher logs all key sharing and removes keys automatically when they expire. For example, an administrator can grant a contractor temporary access to a building for only the week he will be working there.

Page 10: Usher functionality

10

Biometric Services Mobile hardware and software are finally sophisticated enough that everyone with a smartphone can have a powerful, state-of-the-art biometric reader and authenticator in their pockets. Usher has the ability to capture people’s voice and face print biometric data, and uses that ability both to enhance security in every identity action throughout an enterprise, and to make these identity actions more convenient for users.

Biometrics to register a new device Adding a device or replacing a device is as simple as scanning your face or speaking into a microphone. Once biometrically verified, the system will reconstitute your identity and privileges on the new phone.

Biometrics to sign on to Usher Mobile Administrators can set up Usher Mobile to require a biometric validation every time a person uses it. This is more secure and significantly simpler than typing in a username and “complex” password.

On-demand biometrics for systems access or physical access Administrators can set up Usher to require an on-demand biometric challenge whenever a person attempts to access highly secure systems or entryways. The person must complete the challenge on the spot in order to gain entry. This added layer of security comes at no cost compromise to the enterprise, as no investment in additional biometric verification hardware is needed.

Biometrics based on risk factors Administrators can set risk factors that will trigger biometric challenges. For example, if it is after hours, if a user is not within a certain radius of the building he is attempting to access, or if the user has tried to log in to a system hundreds of times in a minute, Usher will force that user to validate himself biometrically.

Page 11: Usher functionality

11

Directory Services Usher provides users with the ability to search for and contact all members of their organization, straight from their Usher Mobile app.

All-user list Users can scroll through a list of all other Usher Mobile users who belong to their same network and have their same badge type. When they click on another user, they will see that user’s online status, credentials, title, organization, and contact information.

Save to favorites Users can add other users to their favorites with one tap. The favorites list is quickly accessible and scrollable.

Search Users can search for others based on name, organization, team, location, and credentials. Credentials can include things like certifications, rank, or discipline. This lets any person instantly find others who, for example, are within two miles and are CPR and HAZMAT certified.

Direct communication Users can contact others directly from Usher Mobile, which is automatically linked to the phone’s communication apps. Users can call, text, video call, email, or use push-to-talk.

Temporary team badges Managers can create badges for newly formed, temporary teams. The badges are sent to each team member, and can be set to expire after a certain amount of time. Team members can see all other members of the temporary team, and can communicate with each of them or with all of them at once. This allows for rapid deployment of teams to tackle emerging situations, and for coordination across all team members.

Page 12: Usher functionality

12

Geolocation Services Usher Mobile can be programed to geolocate a user on a periodic basis—for example, every 5,10, or 15 minutes. This geolocation information is captured and can be displayed in near-real time to other users on Usher Mobile or to administrators on Usher Intelligence.

Search based on proximity Users can search for other users who are near them by setting a radius in the search feature of Directory Services.

Search based on location Users can also search for other users who are at a specific designated location. For example, users in Brooklyn can search for all users in Manhattan.

Map view Users can be viewed on a map. This lets a user see where other members of the enterprise are clustered or where certain credential holders are concentrated.

Punch in / punch out Usher Mobile can allow users to “punch in” and “punch out” during the day. Punching in turns on a user’s periodic geolocation tagging, thus allowing other users to find him based on his location. Punching out turns the tagging off.

Page 13: Usher functionality

13

Usher Intelligence Built on the industry-leading MicroStrategy Analytics Platform, Usher Intelligence captures, analyzes, then displays visualizations of all Usher activity, providing both global visibility of users and an audit trail for governance, risk management, and cyber security oversight. It also provides proactive alerts when abnormal activity is detected or when thresholds are exceeded, and delivers a full spectrum of analytic capabilities, from simple time analysis to sophisticated correlations and data mining.

Map of most recent activity See all users displayed on a map. Filter based on credential or location. Click on a user or group of users to see their contact information and their most recent activities. Or, view all users in a list for easier sorting and filtering.

Time view Drill down to see the trail of activity for an individual through a specified time range, including the individual’s periodic location as registered via Geolocation Services.

Page 14: Usher functionality

14

Direct communication with users Contact users from a directory, or contact users straight from the map or list visualizations. Contact using phone, text, email, video calling, or push-to-talk.

Cyber security, risk-factor analysis, entry analysis, and biometric usage analysis Beyond just capturing and displaying identity activity and user locations, Usher Intelligence works behind the scenes to analyze all activity across the Usher platform, and it can alert administrators when something is out of the ordinary. For example, it will register if a user is trying to log in to a system from two locations at the same time, and can trigger a biometric challenge for that user. It also lets administrators analyze system and entryway activity—for example, they can optimize resources by analyzing peak times and peak volumes of usage for any Usher-powered door or application.

Page 15: Usher functionality

15

Usher Manager Usher Manager is the powerful administrative control console that allows enterprises to manage Usher badges and keys, as well as access to Usher-enabled systems.

Provision and revoke badges and keys Administrators can create badges, customize their look, and send them to individuals or the entire enterprise. They can create keys and designate sharing privileges. They can also revoke badges or keys instantly. Unlike plastic cards, there is no need to worry about continued fraudulent use of an Usher Mobile badge after it has been revoked, and there is no time-consuming and costly process to distribute and revoke the physical IDs.

Set additional security levels Four powerful controls boost security for high-risk assets:

1. Geo-fence—set restrictions on system or entryway access based on a user’s location. For example, allow users to log in to a system only when they are at headquarters.

2. Time-fence—control when users can access systems and entryways. For example, create special keys that only work during business hours.

3. Bio-fence—set up high-security doors and systems to be only accessible after an on-demand biometric check, or set risk factors that would trigger a biometric challenge.

4. Multi authorization fence—require specific systems and doors to be only accessible if two or more parties submit requests simultaneously.


Usher Greeter Brochure

Introducing David Usher

Using Usher at MicroStrategy FAQ · PDF fileUsing Usher at MicroStrategy FAQ We appreciate your support in using Usher at MicroStrategy. Usher is not perfect yet, but it is rapidly

The Usher Challenge – New $10 Million Goal - …ivr.uiowa.edu/sites/default/files/pictures/Usher...The Usher Challenge – New $10 Million Goal Kimberling Usher Research Laboratory

THE USHER … · THE USHER . Created Date: 3/20/2020 1:37:55 PM

Treatments of the Future for Usher ... - usher-syndrome.org

Debussy, Usher

Usher overview.2014.02 hi

Ian Usher - freelance retouching, visuals and artwork 4 years in …ianusher-graphicdesign.co.uk/Resources/Ian Usher... · 2018-10-03 · Ian Usher - freelance retouching, visuals

Eucharistic Ministry Guidelinessacredhearteureka.org/wp-content/uploads/2017/09/Handbook-Usher... · Usher/Greeter Guidelines Page 4 of 14 USHER/GREETER CONTACT INFORMATION Director

William usher food presentation

Usher Hall Guide 2010

We Usher portofolio

Moses Lewis Usher - az184419.vo.msecnd.net

QUESTIONS? ASK ANY USHER QUESTIONS? ASK ANY USHER

CONFESSIONS OF A MOVIE USHER

Black History Project "Usher"

Nueva Presentación Mstr Usher v14

MMFA & Usher Family Broadcast

Anglais usher cynthia

Usher Waltz

Usher - Burn

NEW Usher Hall Brochure

51721418 Zakat and Usher

USHER - dl.masterclassiran.comdl.masterclassiran.com/workbook/USHER WORKBOOK - … · 2 Usher Raymond was born in 1978 and raised in the Southern United States. A devoted singer at

THE GENTLEMAN USHER (1606)

The Trumpeter · Usher David & Cindy Allen Acolyte Parker Iberg June 30 Greeter Margie Crumley Usher Rick & Lori Hullinger Acolyte Ava Pettinger USHER / GREETER / ACOLYTE SCHEDULE

Motor Yacht Usher brochure

Differentiation presentation for usher

Usher - My Boo

LionShare & USHER

Usher in-clean-India

Usher Handbook

Usher Pre-Conference DBI USHER NETWORK WORKSHOP …usher.deafblindinternational.org/wp-content/... · Welcome to the Deafblind International Usher Network Pre-Conference. Welcome

GEC 2014 - Adam Usher