(Strong) Authentication Trends
Facebook X LinkedIn

(Strong) Authentication Trends

Combined Session
Thursday, May 17, 2018 11:00—12:00
Location: CHIEMSEE

The future of Strong Authentication

So far, most applications still rely on passwords, but there is a growing need for strong authentication to protect against identity theft. As of January 13th, 2018, the Second Payment Services Directive (PSD2) requires every payment service provider to implement strong customer authentication (SCA) based on two or more elements which are categorised as knowledge, possession and inherence and shall result in the generation of an authentication code (PSD2, Article 4).

In the area of two-factor authentication, mobile TAN (mTAN) is facing growing opposition and will eventually lose its predominant position to a plethora of Challenge-and-Response Apps. But actually, we are facing a more fundamental architectural shift: Passwords (including mobile TAN) will be replaced not by just another mechanism but by a 3-tier architecture model. In this presentation, we will look at current standards, trends and initiatives for each of these tiers using the NIST Digital Identity Guidelines (SP 800-63-3) as a conceptual base:

We will start with the user’s authenticator implemented on a mobile device according to a standard such as FIDO or the W3C Web Authentication API. We will investigate various approaches how an authenticator may be isolated from the OS (and its vulnerabilities) and how a user may activate her private key based on a PIN, biometrics, or wearables. Related to biometrics, the NIST SOFA-B initiative may be of special relevance.

Second, we will look at the functionality of an Identity Provider (IdP) and the SAML and OpenID Connect federation protocols used to integrate with Relying Parties. We will also address the SwissID initiative where major Swiss banks and public sector companies cooperate to provide a Digital Identity for Switzerland.

We will conclude with some strategic advice to Identity Providers and Service Providers on how to migrate to the future 3-tier model of strong authentication.

Key Takeaways:

The future of Strong Authentication
Presentation deck
The future of Strong Authentication
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Thomas Kessler
Thomas Kessler
Temet AG
Thomas Kessler is founding partner of TEMET AG (www.temet.ch), a privately owned information and IT security consultancy located in Zurich, Switzerland. Ever since finishing his studies in physics...
Jens Sonnentrücker
Jens Sonnentrücker
Swisscom
Jens Sonnentrücker is responsible for Identity Access Management at Swisscom AG in the Security Architecture division. Swisscom is the leading telecommunications company and one of...

Balancing User Experience and Cybersecurity in Healthcare: FIDO based Strong Consumer Authentication

Faced with mounting threats associated with consumer healthcare fraud, Aetna embarked on a journey to transform consumer authentication built upon FIDO standards and risk-based consumer authentication. During this talk we will discuss:

Balancing User Experience and Cybersecurity in Healthcare: FIDO based Strong Consumer Authentication
Presentation deck
Balancing User Experience and Cybersecurity in Healthcare: FIDO based Strong Consumer Authentication
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Brian Heemsoth
Brian Heemsoth
Aetna
Brian Heemsoth is the Senior Director of Information Security, within Aetna’s Global Security organization. In this role, Brian leads Aetna’s 24x7 Security Operations Center, as well as...
Subscribe for updates
Please provide your email address