Shapes and Hairlines - Usher Mobile Identity Platform Deliver biometric-caliber security across the enterprise
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Shapes and Hairlines
Hairlines / Dividers Arrows
100%
80%
Text
50%
Usher Mobile Identity Platform
Deliver biometric-caliber security across the enterprise
2
Traditional Forms of Identity are Failing
The inherent weaknesses of physical IDs and passwords are primarily to blame for the $250B lost to fraud
and the $110B lost to cybercrime each year.
Physical Badges and Cards Usernames and Passwords
Lost | Stolen | Counterfeited | Falsified | Cracked | Intercepted | Phished | Guessed |
Misused Keylogged
28M stolen passports and national ID 76% of data breaches are
documents in circulation in 2011 caused by exploited passwords
3
Mobile Identity is the Solution
Usher replaces traditional forms of identity with biometrically-secured mobile identity, thereby eliminating
identity-related fraud and cybercrime. It compounds four big ideas to deliver a comprehensive, industrial-
strength identity solution for businesses, universities, and governments.
1 Dematerialize physical IDs into mobile software.
2 Link each mobile ID to its owner using biometrics.
3 Extend the use of mobile ID to applications, entryways, and transactions.
4 Deliver identity as an enterprise-class utility.
4
Mobile Identity Big Idea 1: Dematerialize Traditional IDs
Dematerialize physical forms of identity into a consolidated mobile identity.
Traditional Identity Mobile Identity
• Impossible to verify • Electronically verifiable
• Can be lost, stolen, and counterfeited • Never lost or stolen
• Static and never up to date • Always accurate and up to date
5
Mobile Identity Big Idea 2: Link Mobile ID
Link the mobile identity to the person biometrically, to the phone cryptographically, and to ID systems
dynamically through out-of-band channels. These links make the mobile identity always accurate and
impossible to counterfeit or steal.
Biometric Link Cryptographic Link
Only the owner can Only designated
use the mobile phone(s) can use the
identity mobile identity
Dynamic Link
The mobile identity
is always up-to-date
and valid
6
Mobile Identity Big Idea 3: Extend Biometric Mobile ID
Extend the biometrically-secured mobile identity to every application and business process. Enterprises
will transform how they validate identities, access systems and entryways, and authorize transactions.
Personal ID
Verify anyone’s
identity
Type Usher code
Cyber Security
Log in to
Scan Usher stamp applications
Physical Access
Transmit Usher signal Unlock
entryways
Transactions
Authorize
transactions
7
Mobile Identity Big Idea 4: Deploy Identity as a Utility
Usher is the most comprehensive mobile identity platform in the world. Its four components work in
parallel to provide enterprises with an industrial-strength identity ecosystem.
Usher Usher Usher Usher
Mobile Intelligence Manager Vault
The mobile app that The application that The administrative The secure server
replaces physical analyzes identity control center for that provides out-of-
forms of activity across the managing the entire band ID flow and
identification. enterprise. Usher system. encryption.
8
Usher Mobile
Usher Mobile is an elegant and powerful mobile app that lets users validate credentials, access
applications and entryways, and authorize transactions using five identification panels.
Validate Identities
Key panel
Bluetooth panel
Log in to Applications
Unlock Entryways
Site code panel
Usher Badge
Authorize Transactions
Validation panel
9
Usher Mobile: Validate Identities
An industrial-strength security checkpoint in every user’s pocket
Verify identity in person Verify identity over the phone
Validate group affiliation Broadcast identity to anyone near you
10Usher Mobile: Log in to Applications
Usher strengthens cyber security by replacing passwords with biometric mobile identity.
Log in to web applications Automatically lock and unlock Strengthen SSO systems
without passwords workstations using Bluetooth and implement mobile app SSO
• As simple as scanning a QR Code or approaching a computer with a smartphone
• No passwords to be managed, reset, or stolen
• Usher sends the user’s identity to the system via out-of-band, PKI secured channels
11Usher Mobile: Unlock Entryways
Secure every entryway with biometrics while offering greater convenience and manageability
than physical keys.
Tap an Scan an Automatically unlock Send temporary
Usher Key Usher Stamp doors with Bluetooth keys to others
12Usher Mobile: Authorize Transactions
Authorize transactions without payment cards and security questions. Usher provides additional factors of
authentication or on-demand biometric validation for additional security.
Make Payments Make Payments Authorize Transactions
In Stores Online Over the Phone
13Usher Intelligence
Usher Intelligence provides complete visibility of all identity actions across an enterprise in near real-
time, allowing for better management, cyber security, and auditability.
Capture Analyze Control
Identity Actions
Name | Action | Location | Resource | Time Cyber security | Resource
Individuals | Groups
management
Periodic Location Tracking
Name | Time | Location
14Usher Intelligence: Capture Activity Across an Enterprise
All identity activity is captured and stored in the Usher Intelligence database, including the
type of activity, time of activity, user location, and user credentials. All activity is available for
analysis.
Map View List View
See enterprise-level activity on a Select an individual for more
map. details.
15Usher Intelligence: Analyze Individual Activity
Drill down to see the trail of activity for an individual throughout the day. Automatically capture a
user's location periodically or only when he uses his Usher badge.
16Usher Intelligence: Analyze Group Activity
Filter to monitor and analyze specific groups of people, such as everyone in a certain
location, everyone with a specific skill set, or anyone currently online.
Select a group by Select a group by
filtering on any credential lassoing its location
Firefighters | Status: Online | Hazmat Police | Status: Online | Closest to the
Certified accident
17Usher Intelligence: Control Systems and Resources
Analyze the volume and timing of access requests for entryways or applications
and set up proactive alerts when abnormal activity is detected.
Cyber Security Resource Management
Detect abnormal activities such as irregular usage patterns, after hours
access, outlier activity, or users who seem to be in two places at once.
18Usher Manager
Create, configure, and manage Usher mobile identities and control the entire Usher ecosystem.
Generate branded badges and keys for
individuals, groups, or the entire enterprise.
Set the frequency with which users must
biometrically revalidate themselves.
Share temporary keys with visitors to
manage guest access.
Remotely distribute and revoke badges
and keys, instantly.
19Usher Manager: Multi-Fencing
Set powerful access controls and layer them in any combination for heightened security.
Geo-fencing Time-fencing Bio-fencing Dual authorization fencing
Restrict access to a Limit the times at which Set high-security Require specific systems and
system or entryway users and groups can systems and doors to be doors to be only accessible if
based on a user’s access systems or accessible only after a two or more people submit
location. entryways. biometric check. simultaneous requests.
Mon. – Fri., Voice print required
9:00 AM to on-demand
Within 500 5:30 PM Two VP-level or
feet of HQ above must authorize
at same time.
20Usher Vault: The Core of the Usher Architecture
The Usher Vault is a high-performance, highly scalable, highly secure server system that synchronizes
identities with enterprise IDM systems of record and presents those identities to Usher clients.
Provides IDs to Usher Clients
Securely relays IDs to mobile devices,
applications, and entryways upon request using
encrypted connections.
Controls ID flow
Provides out-of-band communication pathway for
IDs, and enforces geo-fence, time-fence, and
biometric revalidation controls.
Synchronizes IDs with repositories
Connects to existing ID repositories using pre-
built connectors or customizable connectors,
guaranteeing the validity and accuracy of all IDs.
21Usher Vault: Out-of-band Communication
Usher's architecture provides a unique flow of identities between clients. The Usher Vault serves identities
to requesting clients through encrypted out-of-band channels.
1 Generate personal code.
Every time an Usher ID is
2 Offer personal code.
To present an ID to another Usher
3 Capture and submit code.
The receiving Usher client
4 Receive ID.
The Usher Vault returns the
opened, Usher Mobile client, the user offers his personal captures the user’s personal user’s ID to the receiving Usher
generates a time-limited code to the client via an Usher code and submits it to the Usher client over an encrypted link.
personal code. Code (time-limited PIN), Usher Vault.
Stamp (time-limited QR code), or
Usher Signal (Bluetooth).
22Usher Platform: Three-Factor Authentication
Usher provides a multi-factor authentication system to ensure that an Usher mobile identity cannot be
compromised or stolen.
Something Something Something
You Know You Have You Are
Phone pass codes PKI certificates ensure that Voice print and face print
ensure that only the only a phone registered to a ensure that only the owner of
owner of the phone can user can ever authorize the the mobile identity can use it.
use it. Usher Vault to present his ID.
23Usher Platform: Phone Security
Five layers of security protect identities if a phone is lost or stolen.
Layer 1 Layer 2 Layer 3 Layer 4 Layer 5
Phone pass codes Finding or wiping Deactivating Usher Biometrics Encryption
the Phone
24You can also read
