my phone is me: hot topics in authentication

ca Securecenter

My Phone is Me;Hot Topics in Authentication

R ‘Doc’ Vaidhyanathan

SCX10S #CAWorld

CA TechnologiesVP, Product Management

2 © 2014 CA. ALL RIGHTS RESERVED.

Abstract

R ‘Doc’ Vaidhyanathan

CA Technologies

VP Product Management

Payment Security

Mobility changes everything. Mobile devices can be

used for everything from authenticating people to

websites and eCommerce transactions through mobile

in-store payments. They are a user’s identity, their

payment device, and can even replace their

wallets. Learn about new authentication techniques as

well as new mobile capabilities for contactless

payments that will make this a reality.


Authentication – Traditional Ideas

Something that you KNOW

Something that you

HAVE

Something that you

ARE


The Mobile Device

Brings together something that you HAVE and something that you ARE

Is your mobile separate from you?


Something about mobile devices

Everyone has one.

Everyone has their own.

Everyone (almost) has just one (may change from time to time, but one current).

And, it is not shared!


Mobile Devices and Authentication

Authenticate WITH

Authenticate TO

Authenticate THROUGH


Authentication Schemes

Lifelong

Thumbprint

Drivers License

Years

Work badge

Credit/Debit Card

Days

Hotel room key

Boarding Pass


Authentication Components

Credential

Provisioning & Lifecycle

Management

Usage on-demand

Validation, reconciliation and fallback


Mobile Device for Authentication – Significant benefits

Provisioning Integration Through Apps Same device used through lifecycle

Multi-mode Usability Visual – something user can view and enter

Interactive – direct interface at POI

Automatic – backend without user interaction

Retention of usage history User audit possible


Mobility Trends

A BILLION CONSUMERS WITH SMARTPHONES BY 20161

USER LOCATION AVAILABLE FOR AUTHENTICATION

MOBILE AUTHENTICATION AND SECURITY WILL BECOME HUMAN-FACTOR FRIENDLY2

1) ‘Forrester Research Mobile Adoption Forecast, 2012 to 2017 (US); February 28, 2011, “Mobile App Internet Recasts The Software And Services Landscape”, 2) Forrester Top 15 Trends S&R Pros Should Watch: 2014” 1) ‘Forrester Research Mobile Adoption Forecast, 2012 to 2017 (US); February 28, 2011, “Mobile App Internet Recasts The Software And Services Landscape”, 2) Forrester Top 15 Trends S&R Pros Should Watch: 2014”


New Enterprise Applications

PROXIMITY AUTHENTICATION VIA MOBILE

BIOMETRICS,MOBILE, WEARABLES

REPLACE “PLASTIC” BADGES TO OPEN DOORS

PROVIDE TAP AND PAY TO CUSTOMERS


Mobile Wallet – The Promised World?

Simply ‘tap’ or wave mobile device over reader.

Insert ‘chip’ card and enter PIN.

Swipe ‘mag-stripe’ through reader.

Well-established infrastructure Current, default setup

Adopted in Europe Being rolled out in Asia, U.S.

Burgeoning mobile devices Potential for value added services

Susceptible to card cloning Expensive infrastructure Evolving standards, options


Mobile EcoSystems

NFC Controller

Secure Element

What’s next?

Initial rollouts with card data stored in secure element, all apps that access NFC controller

managed by the carriers

Landscape is still evolving for Blackberry, Windows and older Android based

mobile devices

Apple Pay on iPhone 6 and iPhone 6 Plus. Secure

Element controlled by Apple

Android 4.4 (Kit Kat) based mobile sets allow other

apps (including Host Card Emulation – HCE) to access

NFC Controller


Using Mobile as the Payment “Card” Core Sub-Systems

Personalize and set individual card details.

Verify user and device prior to provisioning.

Support card life cycle.

— lost/new phone

— card renewal

— profile changes

1. Provisioning Rapid and easy ‘tap’ to pay

experience.

Enable/disable ‘card’ if required.

Exceptions — error messages for troubleshooting

Alternate options

2. Making Payments

3. Back-end infrastructure to authorize the new payment method/messages


CA Solution - Overview

CA Mobile Wallet Server

NFC Controller

Issuer App

Software Vault Library

Card Issuer System

Setup / ProvisioningKey Exchange

Provisioning &Lifecycle Management

PurchaseEMV Standard

ISO MessagesAuthorization

Tokenization & De-tokenization

(optional)Card Network

+ Acquirer

CA Mobile Wallet Screen Shots


Provisioning – Start

Click to scan card.


Provisioning – Complete


In-Store Purchase (“Tap-and-Pay”)


Online Payment (“Scan-and-Pay”)


For More Information

To learn more about Security,

please visit:

http://bit.ly/10WHYDm

Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;

ensure it links to correct pageSecurity






For Informational Purposes Only

© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.

Terms of this Presentation

my phone is me: hot topics in authentication

Technology