To view the recording of this webinar please use below URL:
http://wso2.com/library/webinars/2016/09/securing-saas-apps-with-multi-factor-authentication-with-mepin-and-wso2-identity-server/
MePIN, a white label strong authentication platform that provides banking grade security for online identities and payments, uses technology built on industry proven public key infrastructure (PKI). Each MePIN app or device has its own protected private key and security certificate that is used to identify and authenticate the user as well as to digitally sign transactions. MePIN is pre-integrated with WSO2 Identity Server, which has a connector plugin to connect and manage multiple identities across application, regardless of the standards they’re based on. WSO2 Identity Server supports popular standardized services exposed via external identity providers that provision users in their systems.
This webinar is targeted at consumer-oriented service providers and anyone interested in (strong) user authentication and transaction authorization. During this session we will
Introduce and give an overview of MePIN
Examine how to authenticate your users with MePIN
Explore the latest regulatory changes
Discuss use cases of MePIN
Conduct a question and answer session
2024: Domino Containers - The Next Step. News from the Domino Container commu...
WSO2 Guest Webinar: Securing SaaS Apps with Multi-factor Authentication with MePIN and WSO2 Identity Server
1. Securing SaaS Apps with Multi-Factor Auth
with MePIN and WSO2 Identity Server
info@meontrust.com
2. - a strong authentication company
n MePIN / Meontrust Inc; founded 4/2010
n Venture funded from Finland, US & HK
n R&D locations; Helsinki & Oulu, Finland
n MasterCard Start Path company
n Customers and partners globally
3. Passwords are not
enough anymore
World is going mobile
but require omnichannel experience
Legacy is
slow, clumsy
& expensive
Why mobile Multi-Factor Authentication?
5. Strong authentication on any channel
Auth
APIIdentity and Access
Management
Authenticate and
authorize with a
digital signature
MePIN server
PKI
Access anywhere
6. Flexible solution, for multiple use cases ...
n Multi-factor authentication and/or secure passwordless
login
n Dynamic, Service Provider set auth policy - tap, PIN, fingerprint or
face
n Patented linking to a service or passwordless login with an Access
Code
n Secure online transaction authorization
n Subscriptions, orders, invoices, expenses, anything …
n Provides digital signatures and non-repudiation of transactions
7. Multi-factor authentication with
n Works on any channel and device
n Login on PC, tablet, mobile, TV, etc, etc
n 3 optional modes / authentication methods:
n 2FA mode; username + password + authorization
n Reactive mode; username + PIN/FP authorization
n Active mode; username + active authorization
8. authentication: 2FA mode
n Login with username + password
n Usernames and passwords managed
by Identity Server
n Authorize with a MePIN enabled
app
n Authorization can be a simple tap,
PIN, fingerprint or face recognition
+
9. authentication: Reactive mode
n Login with username only
n Authorize a login request with a
PIN, fingerprint or face
recognition on a MePIN enabled
app
+ or
10. authentication: Active mode
n Login with username only
n The service shows an Access Code,
valid for 60 seconds
n Authorize the login by scanning
the code with the MePIN enabled
app or entering it manually
+ or
11. Digitally signing transactions
n Request users to authorize
transactions
n Authorization policy can be set per
transaction (a tap, PIN, fingerprint or
face recognition)
n Every authorized transaction is
digitally signed by the user's private
key
12. n Remote revoke, lock or unlock the app
n Self service or from management
n Re-enrollment after lost or changed device
n Self service or from management
n Optional multi-device support
n User can confirm with any one of her devices
n Trusted messaging inbox for user messaging
n Authenticated interactions (in-app browser)
Device lifecycle and other major features
13. Extendable biometrics support
n Pick and choose your biometrics
n Fingerprints
n Face recognition
n Eye verification
n Anything the future holds …
n Biometric info stored only
locally in users´ devices
14. Flexible deployment and integration options
MePIN library
Customer's
mobile app
Customer
branded ID app
MePIN SDK
or
ClientServer
On-premise Mixed
(hosted PKI)
Fully hosted
or or
or
15. Complete future proof authentication platform
Mobile PKI
+
biometrics
FIDO
U2F/UAF
Mobile &
HW TOTP
SMS
OTP
Paper
OTP
High security
+ high usability
Legacy users
+ fallback options
21. o 5th Generation Product
o Current version 5.2.0 (Sept 2016)
o Why did we build it?
o Federated identity and entitlement is a key part of any distributed architecture
o Internal security threats, Partnerships
o Mergers, De-mergers
o APIs, Cloud systems
o SSO is important but need to federate and bridge across SSOs
o Open Standards for Identity are changing the industry landscape
o Based on WSO2 Carbon platform, which provides support for
multi-tenancy, logging, clustering, and other common services