IBM Presentation Template Full Version

whoasunInternet και Εφαρμογές Web

7 Αυγ 2012 (πριν από 5 χρόνια και 2 μήνες)

607 εμφανίσεις

©
2012
IBM Corporation & SecurIT

Mobile Software Token Services

©
2012
IBM Corporation & SecurIT

INSTALLATION & REGISTRATION

SecurIT

TrustBuilder
®

2

©
2012
IBM Corporation & SecurIT

3

Step 1: installing
DigiPass

on Mobile Device


TrustBuilder provides a web page from
where the user can initiate the
registration process



This page can be tailored to meet
customer requirements



User starts by installing the DigiPass for
Mobile application


User self
-
registration for DigiPass for
Mobile

MyBank

©
2012
IBM Corporation & SecurIT

Step 1: installing
DigiPass

on Mobile Device

4



The user selects INSTALL to begin the
installation



The default DigiPass for Mobile
application is FREE



A customer can build his own branded
version of the DigiPass for Mobile
application


By clicking the installation link, the user
is directed to the Application Store

©
2012
IBM Corporation & SecurIT

Step 1: installing
DigiPass

on Mobile Device


During registration one or more Virtual
DigiPasses are created within this
container



As such a user could use the same
DigiPass application to access multiple,
independent web sites


By default the DigiPass for Mobile
application is installed as an empty
container of
DigiPasses

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider


User selects “Register with “
MyBank
” to
create a Virtual DigiPass for services
provided by SecurIT (Service Provider
in this example)



A customer would provide an option that
allows the user to register for its own
services


A Virtual DigiPass gets created by
registering for a particular target service

MyBank

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider


This is controlled by a configuration file
which is called a DigiPass profile



By default this profile is retrieved from
the TrustBuilder server



The profile can be tailored to meet the
requirements of the customer


Like hardware DigiPasses, Virtual
DigiPasses come in several flavours

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

8


In most cases however it will result in the
creation of a single Virtual DigiPass



The user should select the Virtual
DigiPass he wants to register


A DigiPass profile could result in the
creation of one or more Virtual
DigiPasses

MyBank

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

9


To avoid mistakes, the user is asked to
confirm his selection



User selects YES to confirm this is the
Virtual DigiPass he wants to register



If the user would make a mistake, he will
be able to manage his Virtual
DigiPasses at a later stage

MyBank

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

10


This could be done by an out
-
of
-
band
communication (mail, SMS, letter)



If a user already has a TAM account, this
step can be avoided



By default, user should provide his TAM
user ID. Here we assume this is “john”


For automatic enrolment the user has to
provide his identity

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

11


In this scenario we assume the user
already has a TAM ID, so this should be
his TAM password (or other credential)



TrustBuilder Server provides SSO with
TAM, so the Identifier and Activation
Password can be avoided



User selects a Local Password to protect
the secret DigiPass data on his mobile
device


The user now proves his identity by
typing his Activation Password.
T
his
could also be an out
-
of
-
band
communication (mail, SMS, letter)

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

12


At this stage the user is ready for Mobile
authentication


By selecting “Back” to user will get
access to the DigiPass container,
containing the Virtual DigiPass that was
registered


Apart from access to OTP generation,
he’s also ready for transaction signing

©
2012
IBM Corporation & SecurIT

Step 2: Register with Service Provider

13


The container contains the Virtual
DigiPass the user as just registered



By selecting “+” the user is able to add
additional Virtual DigiPasses



The “Edit” button allows the user to
manage and delete existing Virtual
DigiPasses



The next slides show how to use
DigiPass for Mobile for authentication


This page shows the
DigiPass

container

MyBank

©
2012
IBM Corporation & SecurIT

USING MOBILE TOKENS

SecurIT

TrustBuilder
®

14

©
2012
IBM Corporation & SecurIT


WebSEAL re
-
directs the user to TrustBuilder (configured as
EAI application)



TrustBuilder presents the above page



This page can be tailored to meet the customer’s requirements


The user browses to a web page protected by TAM

MyBank

MyBank

©
2012
IBM Corporation & SecurIT

16


On the Mobile device the user selects the Virtual
DigiPass he just registered


User provides his login ID. Note that this is the
TAM user ID which he used to register the Virtual
DigiPass

MyBank

MyBank

©
2012
IBM Corporation & SecurIT


As the user is trying to authenticate to TAM he
selects the option to generate a OTP

MyBank

©
2012
IBM Corporation & SecurIT

18


User is prompted to provide his local password to
unlock the DigiPass secret on the mobile device



Note that this password is not going over the line.
It is a local password which is NOT known by any
external service, apart from the user and his
device

MyBank

©
2012
IBM Corporation & SecurIT

19


The user types the OTP displayed by the DigiPass
for Mobile application in the OTP login form



User selects “Authenticate”


The DigiPass for Mobile application generates an
OTP. The time bar shows how long this OTP is still
valid

MyBank

©
2012
IBM Corporation & SecurIT

20


User is now authenticated successfully to TAM



Notice that the time bar has progressed

MyBank

©
2012
IBM Corporation & SecurIT

What happened behind the scene ?

21

IOS

Android

Symbian

Windows M

Java

Browser

TAM

WebSEAL

TAM

LDAP

Application

TrustBuilder

(WebSphere)

EAI

TAM

Policy Server

Existing
credential
check & OTP
registration

Access OTP
Data for
Authentication

OTP validation
application
embedded

TrustBuilder DigiPass Mobile for TAM



Interact with Mobile Token App for Registration


Authenticate user with TAM UN/PW


Register
Virtual
Digipass

and link to User in
TAMeb


Validate OTP A
uthentication

from there on.

Self
-
service migration:

NO Admin intervention

©
2012
IBM Corporation & SecurIT

SecurIT

info@securit.biz

www.securit.biz

22