5. What are your options?
Something only you know (hopefully) Something you hold
KBA: Lexical Token: OTP
KBA: Graphical Token: PKI
Something your are Token: OOB
Biometrics: Biological
Biometrics: Behavioral
4
11. There are a number of needs and
constraints you need to consider
Who are you authenticating?
Where are they?
What will they use it for?
What end-points are they using?
Are there any regulations?
What is the available budget?
What is the risk?
Others?
10
25. Customer Case:
Verylarge bank (> 1 million )
Requirement for a versatile authentication platform
Other requirements:
– Web Service Management
– Integrated Virtual Directory
•
24
26. eBanking Framework
Management
OATH Cards Platform
OTP Software Policy Adaptive Access Authentication
Token Enforcement Point Manager Manager
Virtual Directory
Web Token
User User User
DB DB DB
25
30. Risk-Appropriate Authentication is when
an authentication method that best fits the
use case is used, a method that is just right,
not too little or too much, at the right TCO
and that can use adaptive access controls
to determine risk and confidence levels
29