Mobile Authentication: Key Considerations for Developing Your Strategy

Here are my unedited notes from today’s talk by David Gormley who spoke on Mobile Authentication from the CA Siteminder perspective:

Mobile authentication
Infrastructure that supports similar platforms
General set of platforms
Session mgmt
Policy centralization
Audit

Mobile devices are iniquitous
Help with other logons

Out of band authentication via mobile device
Key VOB on phone
Strong authentication embedded in phone
Risk based authentication. Transparent
Build auhn/Sdk in the app
Adaptive or RISK based auth
User behavior
Device identification
Device based rules
Ca products
Siteminder
User/pass across the board
SSO
Web and mobile
Social sign on
Session mgmt
Coarse grained API authorization. Limit transaction to one million etc
Audit
CA arcotID One Time Password
Available now from App Store
Protected seed values
Locked to a device

CA RiskMinder
CA AuthMinder
Summary

Take a holistic view
Understand options
Use web knowledge
Security vs convenience
Lock credentials to devices
Use browser based apps when possible.