Shapes and Hairlines
Arrows
Hairlines / Dividers
100%
80%
Text 50%
Usher Mobile Identity Platform Deliver biometric-caliber security across the enterprise
2
Traditional Forms of Identity are Failing The inherent weaknesses of physical IDs and passwords are primarily to blame for the $250B lost to fraud and the $110B lost to cybercrime each year.
Physical Badges and Cards
Usernames and Passwords
Lost | Stolen | Counterfeited | Falsified | Misused
Cracked | Intercepted | Phished | Guessed | Keylogged
28M stolen passports and national ID documents in circulation in 2011
76% of data breaches are caused by exploited passwords
3
Mobile Identity is the Solution Usher replaces traditional forms of identity with biometrically-secured mobile identity, thereby eliminating identity-related fraud and cybercrime. It compounds four big ideas to deliver a comprehensive, industrialstrength identity solution for businesses, universities, and governments.
1 2 3 4
Dematerialize physical IDs into mobile software.
Link each mobile ID to its owner using biometrics.
Extend the use of mobile ID to applications, entryways, and transactions.
Deliver identity as an enterprise-class utility.
4
Mobile Identity Big Idea 1: Dematerialize Traditional IDs Dematerialize physical forms of identity into a consolidated mobile identity.
Mobile Identity
Traditional Identity
• Impossible to verify • Can be lost, stolen, and counterfeited • Static and never up to date
• Electronically verifiable • Never lost or stolen • Always accurate and up to date
5
Mobile Identity Big Idea 2: Link Mobile ID Link the mobile identity to the person biometrically, to the phone cryptographically, and to ID systems dynamically through out-of-band channels. These links make the mobile identity always accurate and impossible to counterfeit or steal.
Cryptographic Link Only designated phone(s) can use the mobile identity
Biometric Link Only the owner can use the mobile identity
Dynamic Link The mobile identity is always up-to-date and valid
6
Mobile Identity Big Idea 3: Extend Biometric Mobile ID Extend the biometrically-secured mobile identity to every application and business process. Enterprises will transform how they validate identities, access systems and entryways, and authorize transactions.
Personal ID
Verify anyone’s identity
Type Usher code
Cyber Security Scan Usher stamp
Physical Access
Transmit Usher signal
Transactions
7
Log in to applications
Unlock entryways
Authorize transactions
Mobile Identity Big Idea 4: Deploy Identity as a Utility Usher is the most comprehensive mobile identity platform in the world. Its four components work in parallel to provide enterprises with an industrial-strength identity ecosystem.
Usher Mobile
Usher Intelligence
Usher Manager
Usher Vault
The mobile app that replaces physical forms of identification.
The application that analyzes identity activity across the enterprise.
The administrative control center for managing the entire Usher system.
The secure server that provides out-ofband ID flow and encryption.
8
Usher Mobile Usher Mobile is an elegant and powerful mobile app that lets users validate credentials, access applications and entryways, and authorize transactions using five identification panels. Validate Identities
Key panel Bluetooth panel Log in to Applications
Site code panel
Unlock Entryways
Usher Badge Authorize Transactions
Validation panel 9
Usher Mobile: Validate Identities An industrial-strength security checkpoint in every user’s pocket
Verify identity in person
Verify identity over the phone
Validate group affiliation
Broadcast identity to anyone near you
10
Usher Mobile: Log in to Applications Usher strengthens cyber security by replacing passwords with biometric mobile identity.
Log in to web applications without passwords
Automatically lock and unlock workstations using Bluetooth
Strengthen SSO systems and implement mobile app SSO
• As simple as scanning a QR Code or approaching a computer with a smartphone • No passwords to be managed, reset, or stolen • Usher sends the user’s identity to the system via out-of-band, PKI secured channels
11
Usher Mobile: Unlock Entryways Secure every entryway with biometrics while offering greater convenience and manageability than physical keys. Tap an Usher Key
Scan an Usher Stamp
Automatically unlock doors with Bluetooth
12
Send temporary keys to others
Usher Mobile: Authorize Transactions Authorize transactions without payment cards and security questions. Usher provides additional factors of authentication or on-demand biometric validation for additional security.
Make Payments In Stores
Make Payments Online
13
Authorize Transactions Over the Phone
Usher Intelligence Usher Intelligence provides complete visibility of all identity actions across an enterprise in near realtime, allowing for better management, cyber security, and auditability.
Capture
Analyze
Control
Individuals | Groups
Cyber security | Resource management
Identity Actions Name | Action | Location | Resource | Time Periodic Location Tracking Name | Time | Location
14
Usher Intelligence: Capture Activity Across an Enterprise All identity activity is captured and stored in the Usher Intelligence database, including the type of activity, time of activity, user location, and user credentials. All activity is available for analysis. Map View
List View
See enterprise-level activity on a map.
Select an individual for more details.
15
Usher Intelligence: Analyze Individual Activity Drill down to see the trail of activity for an individual throughout the day. Automatically capture a user's location periodically or only when he uses his Usher badge.
16
Usher Intelligence: Analyze Group Activity Filter to monitor and analyze specific groups of people, such as everyone in a certain location, everyone with a specific skill set, or anyone currently online.
Select a group by filtering on any credential
Select a group by lassoing its location
Firefighters | Status: Online | Hazmat Certified
Police | Status: Online | Closest to the accident
17
Usher Intelligence: Control Systems and Resources Analyze the volume and timing of access requests for entryways or applications and set up proactive alerts when abnormal activity is detected. Cyber Security
Resource Management
Detect abnormal activities such as irregular usage patterns, after hours access, outlier activity, or users who seem to be in two places at once.
18
Usher Manager Create, configure, and manage Usher mobile identities and control the entire Usher ecosystem.
Generate branded badges and keys for individuals, groups, or the entire enterprise.
Set the frequency with which users must biometrically revalidate themselves.
Share temporary keys with visitors to manage guest access.
Remotely distribute and revoke badges and keys, instantly.
19
Usher Manager: Multi-Fencing Set powerful access controls and layer them in any combination for heightened security.
Geo-fencing
Time-fencing
Bio-fencing
Dual authorization fencing
Restrict access to a system or entryway based on a user’s location.
Limit the times at which users and groups can access systems or entryways.
Set high-security systems and doors to be accessible only after a biometric check.
Require specific systems and doors to be only accessible if two or more people submit simultaneous requests.
Within 500 feet of HQ
Mon. – Fri., 9:00 AM to 5:30 PM
Voice print required on-demand
20
Two VP-level or above must authorize at same time.
Usher Vault: The Core of the Usher Architecture The Usher Vault is a high-performance, highly scalable, highly secure server system that synchronizes identities with enterprise IDM systems of record and presents those identities to Usher clients.
Provides IDs to Usher Clients Securely relays IDs to mobile devices, applications, and entryways upon request using encrypted connections.
Controls ID flow Provides out-of-band communication pathway for IDs, and enforces geo-fence, time-fence, and biometric revalidation controls.
Synchronizes IDs with repositories Connects to existing ID repositories using prebuilt connectors or customizable connectors, guaranteeing the validity and accuracy of all IDs.
21
Usher Vault: Out-of-band Communication Usher's architecture provides a unique flow of identities between clients. The Usher Vault serves identities to requesting clients through encrypted out-of-band channels. personal code. 1 Generate 2 Every time an Usher ID is opened, Usher Mobile generates a time-limited personal code.
Offer personal code. To present an ID to another Usher client, the user offers his personal code to the client via an Usher Code (time-limited PIN), Usher Stamp (time-limited QR code), or Usher Signal (Bluetooth).
3
22
Capture and submit code. The receiving Usher client captures the user’s personal code and submits it to the Usher Vault.
ID. 4 Receive The Usher Vault returns the user’s ID to the receiving Usher client over an encrypted link.
Usher Platform: Three-Factor Authentication Usher provides a multi-factor authentication system to ensure that an Usher mobile identity cannot be compromised or stolen. Something You Know
Something You Have
Something You Are
Phone pass codes ensure that only the owner of the phone can use it.
PKI certificates ensure that only a phone registered to a user can ever authorize the Usher Vault to present his ID.
Voice print and face print ensure that only the owner of the mobile identity can use it.
23
Usher Platform: Phone Security Five layers of security protect identities if a phone is lost or stolen.
Layer 1 Phone pass codes
Layer 2 Finding or wiping the Phone
Layer 3 Deactivating Usher
24
Layer 4 Biometrics
Layer 5 Encryption