1 / 36

Securing Mobile and Social Interactions

Securing Mobile and Social Interactions. Forest Yin Senior Director, Product Management, Oracle Identity Management.

elvin
Download Presentation

Securing Mobile and Social Interactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Mobile and Social Interactions Forest YinSenior Director, Product Management, Oracle Identity Management

  2. This document is for informational purposes.  It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.  This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle.  This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle.   This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

  3. Graphic Section Divider

  4. TheNEW Digital Experience Cloud Mobile Social

  5. Incredible Opportunities • User experience and productivity • Anytime, anywhere access • Task-oriented interfaces • Opportunities to build engaging user experiences – competitive advantage • Social integration simplifies authentication and user-registration Mobile Social

  6. Mobile Market Trends Companies exposing more APIs and services on the Internet to support mobile applications 76% of Mobile Apps store passwords on the device – 10% in plain text companieswith mobileapps in 2014 90% 2/3 companies expect to deploy corporate app stores to control delivery of mobile applications

  7. Understanding the challenges • Corporate Infrastructure isn’t ready to handle Mobile Devices • Mobile developers focus on user experience, not security • Device security isn’t sufficient • No single sign-on • Social integration is a coding exercise • Lack of trust in social login • Disconnect between social login and local accounts Mobile Social • Limited visibility and control

  8. What’s needed is a solution that…. API Security • Bridges the gap between mobile devices and IAM control • Provides context-driven, risk-aware access management • Simplifies developer access to IAM • Supports BYOD • Quickly and securely exposes sensitive corporate resources • Provides visibility and control Device & Location Context Device Registration Secure Transactions Single Sign-on MOBILE ACCESSMANAGEMENT

  9. What’s needed is a solution that…. Step-up authentication • Turns social integration into an administrator action • Provides out-of-the-box support for leading social providers • Provides increased levels of assurance as user progresses to more secure services • Simplifies registration and single sign-on from multiple providers Simplified Registration OAUTH Tick-box configuration Federation SOCIAL LOGINSIMPLE & SECURE

  10. Oracle Access Management Mobile & Social Mobile Security Social Sign-On Standard Interfaces

  11. Configurable Access Management Service • Mobile Security Platform • Authentication and SSO • Strong authentication, device fingerprinting and risk-based access • Mobile SDK • Internet / Social Integration • REST/Cloud interfaces

  12. Mobile AuthenticationFlexible Options for Devices, Applications and Users

  13. Mobile Single Sign-on

  14. Mobile Security Architecture Mobile Interfaces Mobile Device IDM Infrastructure Features DMZ Authorization Authentication User Profile Access Management Device Fingerprinting & Tracking API Native App Device Registration OAM Service Oracle SDK Lost & Stolen Devices OES Service OAAM Service API GPS/WIFI Location Awareness Web App Platform Security Services (OPSS) Risk-based KBA & OTP API Transactional risk analysis OPSS Service White & Black Lists REST Directory Services Security App User Self Registration/Self Service API User Profile Services White Pages applications

  15. Client SDK or REST API options

  16. Example Login Flow – Native App with OAM Mobile and Social Server(Server) Security App (Mobile) 1 Request Access Token Client App(Mobile) • If valid token in local credential store, return token to App, else continue below. • Present login page • Accept username/password • Extracts device attributes and ID contexts • Makes authentication call with user/password, device attributes and device tokens • Validates device tokens • Registers Device/App if unregistered • Authenticates with OAM Server • Publishes ID context to OAM Server and OES for authorization decisions • Invokes OAAM for risk analysis • Responds User/Access Tokens 2 3 Oracle SDK 5 Use token to make calls to server application protected by OAM 4 • Stores User/Access Token • Returns token to Client App

  17. Detailed Mobile Visibility Real-time and historic device and user access attempts and risk scores Device characteristics analysis, including OS and SDK versions

  18. Complete Mobile Security • Requires interface and data flow control policies • RESTful interfaces are the standard method to access/update data from native applications • Securing these interface points is critical • Data-flow policies should be context-driven • Device location, device integrity, identity verification process

  19. API Security – Secure Mobile Access to Corporate Information • ExtendAccess Management to REST API’s • Context Aware • Authentication • Authorization • Fraud Detection • Security Tokens • Data Redaction • Audit SecureREST API’s Client Throttling Access Management { “JSON” } < XML > API Key Management OAUTH 2.0 Client & Server Native JSON & XMLProcessing ThreatProtection API Control & Governance API Management & Monitoring Transformation

  20. Context Aware Authorization Redact Sensitive Information Secure Transactions Context Aware Standards Based Full Audit Trail Enforce without changing the application

  21. Comprehensive Mobile Security Corporate Network Corporate DMZ Web Traffic Oracle Access Manager Webgate / OHS OAM Protected Resource Mobile and Social REST Traffic Oracle Entitlements Server Oracle API Gateway API / Web Services

  22. Summary Mobile Access Management • Mobile Application Access Security • Integrates native mobile apps, mobile web with corporate systems & information • Access management, authorizations, API security, and fraud detection • Device context based fine grained authorization • SDK Support for iOS & Android • Mobile Device Security Elements • Device security – jailbreak detection at login • Device lifecycle – white-list/blacklist/lost device management • Device fingerprinting

  23. Social Identity

  24. Social Sign-on Select Login Authorize

  25. Social IdentityOverview Add Social Identity Personalization and Federation Options to Mobile Applications, Websites, and resources protected by Oracle Access Manager and Oracle Entitlements Server Support standard protocols like OAUTH and OpenID Enable applications to consume Social Identities Enable customers to federate with social networking sites Easily add to existing OAM sites

  26. Oracle Mobile & Social Access ManagementModern, Innovative & Integrated Security/Business User Experience Dev Experience Mobile Single Sign-on Simple and Consistent Authentication Social Logon with Facebook, Google, Yahoo, LinkedIn, Twitter Access Data Anywhere Lower TCO Stronger Security Improved Compliance Device Fingerprinting Device Registration Device Blacklist/Whitelist Context-based AuthZ API Security & Monitoring Packaged Security Social Identity without programming Lifecycle independence between mobile apps and Identity infrastructure Secure REST API’s easily REST interface to LDAP directories Built on Oracle’s Trusted Security Platform

  27. Customer Case Studies

  28. Customer Case StudyOilfield services company Oilfield services company operates in dozens of countries and employs 50,000+ people worldwide. The company needs to securely deliver mobile applications and mobile single sign-on to its employees and contractors worldwide. • Challenges • Current mobile applications were ad hoc with limited considerations for security • Standardized on SOAP/SAML for internal access, but need REST externally • VPN connections are not scalable • Existing web access not well suited for native applications • Use cases • Mobile Single Sign-on needed • Sensitive applications need extra protection • Contractors and Employees both need access • Devices must be registered

  29. Customer Case StudyOilfield services company • Solution • Oracle Access Management Platform, leveraging the following components: • Oracle Access Manager (Web Access) • Oracle Mobile and Social Access Management (REST, Mobile SSO, Client SDKs) • Oracle Adaptive Access Management (Device Registration and Step-up Auth) • Oracle Enterprise Gateway (XML/REST Firewall, converts REST to SOAP/SAML) • Oracle Entitlements Server (Deliver different levels of access for different users) • Benefit • Consistent security from a trusted partner • Single Sign-on desktops clients/browser internally, and mobile/browser externally • Leverage Oracle Access Manager resources with web-based authentication redirects • REST authentication/access to SOAP/SAML resources via Oracle Enterprise Gateway

  30. Customer Case StudyAutomobile manufacturer This automaker wants to manage its customer relationship with their car from prospective buyer through ownership. A visitor to the automaker’s consumer site can choose their car and options, then log in with Facebook to remember their selections and share with their friends. After car purchase, the user can register their vehicle ID, and manage the car’s onboard automaker and third-party applications like Pandora, from the car, from their smartphone, or from their home computer. • Challenges • Proprietary on-board computer with mobile/GSM access • Need continuum of security from initial visit through car ownership • Need to integrate with application partners like Pandora, and Contract developers • Use cases • Mobile Single Sign-on needed • Third-party developers need to be able to develop applications without handling user credentials • Interfaces must be available for the onboard computer and any smartphone • Social Identity integration required

  31. Customer Case StudyAutomobile Manufacturer • Solution • Oracle Access Management Platform, leveraging the following components: • Oracle Access Manager (Web Access) • Oracle Mobile and Social Access Management (REST, Mobile SSO, Social Identity) • Oracle Adaptive Access Management (Device Registration and Step-up Auth) • Oracle Identity Federation (for Application Partners like Pandora) • Benefit • REST authentication/access for any platform, including proprietary platforms • Simple Social Identity integration • Ability to manage lifecycle from website visitor to registered car owner • Mobile Single Sign-on

  32. www.oracle.com/Identity www.facebook.com/OracleIDM www.twitter.com/OracleIDM blogs.oracle.com/OracleIDM

More Related