Mobile Authentication: Key Considerations for Developing Your Strategy

Here are my unedited notes from today’s talk by David Gormley who spoke on Mobile Authentication from the CA Siteminder perspective:

Mobile authentication
Infrastructure that supports similar platforms
General set of platforms
Session mgmt
Policy centralization

Mobile devices are iniquitous
Help with other logons

Out of band authentication via mobile device
Key VOB on phone
Strong authentication embedded in phone
Risk based authentication. Transparent
Build auhn/Sdk in the app
Adaptive or RISK based auth
User behavior
Device identification
Device based rules
Ca products
User/pass across the board
Web and mobile
Social sign on
Session mgmt
Coarse grained API authorization. Limit transaction to one million etc
CA arcotID One Time Password
Available now from App Store
Protected seed values
Locked to a device

CA RiskMinder
CA AuthMinder

Take a holistic view
Understand options
Use web knowledge
Security vs convenience
Lock credentials to devices
Use browser based apps when possible.


Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s