usher overview.2014.02 hi
DESCRIPTION
TRANSCRIPT
Hairlines / Dividers Arrows
100%
80%
50%
Shapes and Hairlines
Text
Overview of the
Usher Mobile Identity Platform
Hairlines / Dividers Arrows
100%
80%
50%
Shapes and Hairlines
Text
2
Traditional Forms of Identity are Failing
Physical Badges and Cards Usernames and Passwords
Lost | Stolen | Counterfeited | Falsified |
Misused
Cracked | Intercepted | Phished | Guessed |
Keylogged
The inherent weaknesses of physical IDs and passwords is primarily to blame for the $250B lost to fraud
and the $110B lost to cybercrime each year.
76% of data breaches are caused by exploited passwords
28M stolen passports and national ID documents in circulation in 2011
3
Mobile Identity is the Solution
Usher replaces traditional forms of identity with mobile identity, thereby eliminating identity-related fraud
and cybercrime. It compounds four big ideas to deliver a comprehensive, industrial-strength identity
solution for businesses, universities, and governments.
1 2 3 4
Dematerialize physical IDs into mobile software.
Link each mobile ID to its owner using biometrics.
Extend the use of mobile ID to applications, entryways, and transactions.
Deliver identity as an enterprise-class utility.
4
Mobile Identity Big Idea 1: Dematerialize Traditional IDs
Dematerialize physical forms of identity into a consolidated mobile identity.
Mobile Identity Traditional Identity
• Impossible to verify
• Can be lost, stolen, and counterfeited
• Static and never up to date
• Electronically verifiable
• Never lost or stolen
• Always accurate and up to date
5
Mobile Identity Big Idea 2: Link Mobile ID
Link the mobile identity to the person biometrically, to the phone cryptographically, and to ID systems
dynamically through out-of-band channels. These links make the mobile identity always accurate and
impossible to counterfeit or steal.
Dynamic Link
The mobile identity is always up-to-date
and valid
Cryptographic Link
Only designated phone(s) can use the
mobile identity
Biometric Link
Only the owner can use the mobile
identity
6
Cyber Security Log in to
applications
Mobile Identity Big Idea 3: Extend Biometric Mobile ID
Personal ID
Physical Access
Transactions
Extend mobile identity to every application and business process. Enterprises will transform how they
validate identities, access systems and entryways, and authorize transactions.
Verify anyone’s identity
Unlock entryways
Authorize transactions
Type Usher code
Scan Usher stamp
Transmit Usher signal
7
Mobile Identity Big Idea 4: Deploy Identity as a Utility
Usher can inject unparalleled speed, simplicity, safety and security into all your business processes. Its
four components work in parallel to provide enterprises with an industrial-strength identity ecosystem.
Usher Mobile
The mobile app that
replaces physical
forms of
identification.
Usher Intelligence
The application that
analyzes identity
activity across the
enterprise.
Usher Manager
The administrative
control center for
managing the entire
Usher system.
Usher Vault
The secure server
that provides out-of-
band ID flow and
encryption.
8
Usher Mobile
Usher Mobile is an elegant and powerful mobile app that lets users validate credentials, access
applications and entryways, and authorize transactions using five identification panels.
Key panel
Site code panel
Validation panel
Bluetooth panel
Usher Badge
Log in to Applications
Validate Identities
Unlock Entryways
Authorize Transactions
9
Usher Mobile: Validate Identities
An industrial-strength security checkpoint in every user’s pocket
Verify identity in person Verify identity over the phone
Validate group affiliation Broadcast identity to anyone near you
10
• As simple as scanning a QR Code or approaching a computer with a smartphone
• No passwords to be managed, reset, or stolen
• Usher sends the user’s identity to the system via out-of-band, PKI secured channels
Usher Mobile: Log in to Applications
Usher strengthens cyber security by replacing passwords with biometric mobile identity.
Log in to web applications without passwords
Automatically lock and unlock workstations using Bluetooth
Strengthen SSO systems
and implement mobile app SSO
11
Scan an
Usher Stamp
Tap an
Usher Key
Automatically unlock
doors with Bluetooth
Usher Mobile: Unlock Entryways
Secure every entryway with biometrics while offering greater convenience and manageability than physical
keys.
Send temporary
keys to others
12
Usher Mobile: Authorize Transactions
Authorize transactions without payment cards and security questions. Usher provides additional factors of
authentication or on-demand biometric validation for additional security.
Authorize Transactions
Over the Phone
Make Payments
In Stores
Make Payments Online
13
Usher Intelligence
Usher Intelligence provides complete visibility of all identity actions across an enterprise in near real-time,
allowing for better management, cyber security, and auditability.
Capture Analyze Control
Identity Actions
Name | Action | Location | Resource | Time
Periodic Location Tracking
Name | Time | Location
Individuals | Groups Cyber security | Resource management
14
Usher Intelligence: Capture Activity Across an Enterprise
All identity activity is captured and stored in the Usher Intelligence database, including the type of
activity, time of activity, user location, and user credentials. All activity is available for analysis.
Map View List View
See enterprise-level activity on a map. Select an individual for more details.
15
Usher Intelligence: Analyze Individual Activity
Drill down to see the trail of activity for an individual throughout the day. Automatically capture a user's
location periodically or only when he uses his Usher badge.
16
Usher Intelligence: Analyze Group Activity
Filter to monitor and analyze specific groups of people, such as everyone in a certain location,
everyone with a specific skill set, or anyone currently online.
Select a group by
selecting its location
Select a group by
filtering on any credential
Firefighters | Status: Online | Hazmat Certified Police | Status: Online | Closest to the accident
17
Usher Intelligence: Control Systems and Resources
Analyze the volume and timing of access requests for entryways or applications and set up proactive
alerts when abnormal activity is detected.
Detect abnormal activities such as irregular usage patterns, after hours
access, outlier activity, or users who seem to be in two places at once.
Cyber Security Resource Management
18
Generate branded badges and keys for
individuals, groups, or the entire enterprise.
Remotely distribute and revoke badges
and keys, instantly.
Set the frequency with which users must
biometrically revalidate themselves.
Share temporary keys with visitors to
manage guest access.
Create, configure, and manage Usher mobile identities and control the entire Usher ecosystem.
Usher Manager
19
Set powerful access controls and layer them in any combination for heightened security.
Usher Manager: Multi-Fencing
Limit the times at which
users and groups can
access systems or
entryways.
Time-fencing Dual authorization fencing
Require specific systems and
doors to be only accessible if
two or more people submit
simultaneous requests.
Geo-fencing
Restrict access to a
system or entryway
based on a user’s
location.
Bio-fencing
Set high-security
systems and doors to be
accessible only after a
biometric check.
Within 500
feet of HQ
Mon. – Fri.,
9:00 AM to
5:30 PM
Voice print required
on-demand Two VP-level or
above must authorize
at same time.
20
Usher Vault: The Core of the Usher Architecture
The Usher Vault is a high-performance, highly scalable, highly secure server system that synchronizes
identities with enterprise IDM systems of record and presents those identities to Usher clients.
Provides IDs to Usher Clients
Securely relays IDs to mobile devices,
applications, and entryways upon request using
encrypted connections.
Controls ID flow
Provides out-of-band communication pathway for
IDs, and enforces geo-fence, time-fence, and
biometric revalidation controls.
Synchronizes IDs with repositories
Connects to existing ID repositories using pre-
built connectors or customizable connectors,
guaranteeing the validity and accuracy of all IDs.
21
Usher Vault: Out-of-band Communication
Usher's architecture provides a unique flow of identities between clients. The Usher Vault serves identities
to requesting clients through encrypted out-of-band channels.
Generate personal code.
Every time an Usher ID is
opened, Usher Mobile
generates a time-limited
personal code.
Offer personal code.
To present an ID to another Usher
client, the user offers his personal
code to the client via an Usher
Code (time-limited PIN), Usher
Stamp (time-limited QR code), or
Usher Signal (Bluetooth).
Capture and submit code.
The receiving Usher client
captures the user’s personal
code and submits it to the Usher
Vault.
Receive ID.
The Usher Vault returns the
user’s ID to the receiving Usher
client over an encrypted link.
1 2 3 4
22
Phone pass codes ensure
that only the owner of the
phone can use it.
Something You Know
PKI certificates ensure that
only a phone registered to a
user can ever authorize the
Usher Vault to present his ID.
Something You Have
Voice print and face print
ensure that only the owner of
the mobile identity can use it.
Something You Are
Usher provides a multi-factor authentication system to ensure that an Usher mobile identity cannot be
compromised or stolen.
Usher Platform: Three-Factor Authentication
23
Usher Platform: Phone Security
Five layers of security protect identities if a phone is lost or stolen.
Layer 4
Biometrics
Layer 1
Phone pass codes
Layer 2
Finding or wiping
the Phone
Layer 3
Deactivating Usher
Layer 5
Encryption
24