Speaker: Frederik Mennes (Vasco, UK)
Frederik Mennes heads the Security Competence Center of VASCO Data Security, a leading vendor of strong authentication products, especially towards financial institutions. He is also a contributor to the Initiative for Open Authentication (OATH), and a M.Sc. project supervisor on Royal Holloway’s Distance Learning M.Sc. programme. He holds an MBA from Vlerick Business School (Belgium), an M.Sc. in Information Security (Royal Holloway, University of London) and an M.Sc. in Computer Science Engineering (KU Leuven, Belgium).
Title: Leveraging Trustworthy Computing Mechanisms to Enhance DIGIPASS Strong Authentication Technology
Historically, users of sensitive online applications, such as Internet banking, often used a dedicated hardware token to authenticate themselves towards those applications. Nowadays people increasingly use their own smart phone, tablet or other mobile device to authenticate themselves, so that they do not have to carry a dedicated token anymore. However mobile devices are open, general-purpose platforms and therefore using these devices introduces certain security risks when compared to dedicated hardware tokens. The availability of trustworthy computing technology on mobile devices provides a promising path as it allows combining user-convenience with security.
The presentation starts with a motivation of the need for strong authentication on the Internet, especially in the context of Internet banking. Subsequently we discuss the basic principles of strong authentication in general, and VASCO’s DIGIPASS strong authentication technology in particular. Next we provide an overview of Trusted Execution Engine (TEE) technology, and in particular Intel’s Identity Protection Technology (IPT). Finally we discuss how TEE technology can be combined with DIGIPASS strong authentication technology, and give some practical demoes.