1. 2013 Open Stack Identity Summit - France
Transforming authentication
Thomas Bostrøm Jørgensen
CEO Encap
2. Agenda
! Encap – who we are and what we do
! Issues facing user authentication
! How is Encap adressing these issues
! Value proposition and Demo
! Authentication trends and drivers
! 5 years from now …
3. ENCAP
! Encap is the leading Nordic software security company,
founded in 2006, with offices in Oslo and Palo Alto
! Our security platform offers a wide range of innovative
solutions for authentication and digital signatures based
on standard protocols and interfaces
! Our patented authentication technology enables smartphones and tablets to be used as transparent, bankinggrade ID credentials
! Encap´s in-App client software enables a seamless and
intuitive user-experiences, across all channels and
devices
4. Current issues facing user authentication
Security vs User Experience
! ”Everyone” is moving to 2FA
! Most 2FA solutions are based on one-time-passwords (OTPs)
! The problem with OTPs is:
! Poor user experience especially mobile
! Vulnerable to threats
! Costly to buy and manage
! Complex to implement and maintain
5. How to fix the problem?
• Get rid of PC-era authentication solutions
• Smartphones and tablets
• Levarge context information (device and user)
• Minimize user involvement (cognitive load)
• Same user experience across all channels and devices
• Use transaction risk to decide on method
• PS: Biometrics is not a silver bullet
7. Encap functionality and features
Functions and
features
Authentication
Digital
Signatures
Transaction
context info
User- and
device risk
parameters
Mobile App
security
8. Overall system architecture
Legend
ENCAP AUTH SOFTWARE
Encap protocol
ENCAP APP PROTECTION
User
Behavior
3rd PARTY
CUSTOMER
Client Side
ENCAP
Mobile App
Server side
Encap protocol
Push
Encap Risk
Interface
Risk Engine
Policy Manager
Mobile Business
App
ENCAP API
HTTPS
Web Business
application
Device
Profile
Encap Auth and
signing server
Identity and Access Manager
Business Application
End-User
Directory
9. Value to the bank or issuer
Reduced cost & complexity
!
No additional hardware & no variable cost per transaction
!
Dramatically lower support costs
!
Reduces integration & management costs
!
Reduces the average TCO by up to 60% vs. OTP alternatives
Compelling experience = increased adoption
!
Consistent experience across channels & devices
!
A “one-factor” user experience
!
A risk-based approach enables proportional security
Banking-grade security
!
Banking-grade security based on software only
!
Adopted by the highly advanced Nordic banking market
!
Highly responsive to new threats & attacks
10. Authentication trends driven by …
Mobile
! Smartphone and tablet penetration in the world’s top 19 digital markets will double
from 35.5% in 2012 to an average of 71.7% in 2015
! This is fuelling the need for securing access to mobile services
! The smartphone has made the phone a highly personal device
User experience
! Compelling online & mobile user experiences will be at the heart of differentiation
! Customers are demanding a consistent and seamless experience across all channels
! Proportional security increase usability and lowers fraud
11. Authentication trends driven by …
Increased threats
! Sophisticated, high-profile and lucrative attacks will increase ( e.g. Project Blitzkrieg)
! Social engineering is increasing
! High-value/high-risk services are moved to smartphones and tablets
Big data
! Institutions have a deluge of customer data
! Data will be used to make risk-based decisions on users and transactions
! 62% of banks believe that managing & analysing big data is important to their success
12. Five years from now…
Multi-factor everywhere
! By 2018 multi-factor authentication will be everywhere
! The simple password will (almost) become extinct
! Robust biometrics will be implemented on smart-devices
Bye bye binary
! A ‘binary’ approach to authentication will no longer be mandated or appropriate
! Financial institutions will take a ‘risk-based’ approach to security and “step-up” to multi-factor when
required
Harness the power of context data
! Massive amounts of context date on behaviour, location, device etc are available
! More data will be available about everyone