Trusted Computing and

NSTIC

Andrew TarboxDirector Federal Business

Wave Systems CorpNovember 14, 2012

So what’s the Problem with the Internet

TrustWave Systems Corp © 2012 November 14, 2012

2

People are really bad solution for

security

User Names Passwords

Don’t Work Well

A New Identity Paradigm for NSTIC and You

The Shift Network based on Connections toNetwork based on Identity

A little history from the cellular industryC

loni

ng In

cide

nts

Time

Introduction of Device ID in cellular

US Analog to Digital conversion

A tamper resistant store for ID

Trusted Computing – Hardware Solution – Already Deployed

• Hardware Based Security– The Best and Brightest – Computers, Software, Silicon– Software has Proven Ineffective

• Based on Open Industry Standards– Non-proprietary Solution

• Core to Microsoft Security– Logo compliance – Business Version since Vista– Expanding to Tables and Phones in Win 8

• 600 Million Computers – Today– Already Deployed

• Why don’t I know about it - Stealth

Imagine Only Your Computer Can Log In To Your Accounts

Trusted Platform Module (TPM)

The Device Is a Powerful and Secure Attribute

Hardening Access – A Hardware Root of Trust

You Should Have Only Known Devices On Your Network

VPN and Wireless Access to Your Network Is a Vulnerability

NSA demonstrated several years ago, using software purchased on the internet, it is very easy to steal the key for VPN or Wireless access and now recommends they be hardened by storage in hardware like the TPM

Attribute Providers Deliver the Identity Proof

Device Identity & Machine Health

Personal Identity

Trust in an NTSIC World

Attribute Providers Relying PartiesAttribute ProviderNetwork

11

Another Twist to Consider

Hello

Hello Hello

HelloAll data is encrypted in transit

Corporate Use Case … When You Sign the NDA

Wave Systems Corp © 2012 November 14, 2012

12

Encrypted Encrypted

Alpha Corp Omega Corp

Putting It All Together Delivers Value and Most all Trust

• Authentication of a Trusted & Healthy Device– A proven paradigm

• Authentication of a Users – Password to Log into Device – only once

• Electronic Signature – Saving money and time

• Encrypted Data and Text– Safe in transmission, safe when stored in the cloud– Unlocked only by authorized user(s) or groups of users– Log of who unlocked the file or text and when

NSTIC is the Catalyst Moving the Industry to Higher Security and Usability

NSTIC

14

ESIGNSYSTEMS – 13 years of passionate delivery of electronic signature and delivery systems The Most Mortgage Transactions in the Industry In-House and Hosted Solutions Professional Services for ESIGN and UETA Compliance

Andrew W. Tarboxatarbox@wave.com

Office: 703-448-0980Falls Church, VA

Come See Us for Solutions

Kelly Purcellkpurcell@esignsystems.com

Office: (602) 840-1199Paradise Valley, AZ