by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June and July 2016
rics, the security process should not end when an employee logs in. “The third piece is behavior analyt- ics,” said Mike Wyatt, leader of the identity access management practice at Deloitte Advisory. Agencies can use pattern analysis to look for atypical interactions, he said. If something unusual is detected, the system can require a higher level of authentication. For example, if an em- ployee suddenly accesses a database he’s never used before, he could be asked for additional identity confirma- tion — or an alert could be sent to his manager. ACCESS POINTS Another advantage of mobile-based authentication is that today’s smart- phones don’t require any specialized readers or other technology. Most modern phones, for example, come with several types of wireless connectivity. In addition to voice and data connections to cellular carriers, phones can also connect to local Wi- Fi networks, Bluetooth devices and touch-and-go near-field communica- tion (NFC) readers at point-of-sale ter- minals for mobile payments. Any one of those channels could also be used to authenticate an employee walking into a building. For example, in addition to trans- mitting identity confirmation, an app could use a cellular or Wi-Fi network to send location information that con- firms the employee’s GPS coordinates. And Bluetooth and NFC signals could be used to authenticate employees walking through particular doors or accessing individual desktop PCs, serv- ers or other equipment. Mobile authentication could also be used to allow employees to access websites. Today, that is usually done by sending a one-time password to a mobile device, but there are other options. For example, MorphoTrust, which makes 80 percent of the driver’s licenses in the United States, is in the process of launching an eID service that allows users to authenticate them- selves to any website by using a cre- dentialed app on their phones to scan a QR code shown on the screen. Web application developers could have their users download the app to do the phone-based authentication or include the eID technology in their own mobile apps. MorphoTrust officials are hoping to get enough traction with the sys- tem that the eID becomes a ubiqui- tous form of alternative authentica- tion, just as “sign in with Facebook” and “sign in with LinkedIn” have become. • “ The general trend that we see... is toward more passive, contextual authentication.” — PAUL MADSEN, PING IDENTITY SHUTTERSTOCK reported lost or stolen before confirming the user ’s identity. MorphoTrust’s eID system also uses driver’s licenses when authenticating users for the first time but without the benefit of an EMV chip. Mark DiFraia, senior director of market development at MorphoTrust USA, said the mobile app works by first having the user scan the bar code on his or her driver’s license. Then the user is asked to flip the license over so the app can see the front. Finally, the user takes a selfie. That picture is compared to the photo on the driver’s license before final approval is granted. Once the app has authenticated the driver’s licenses, whenever users want to log into a secure government website, they use their smartphones to scan a QR code shown on the computer screen rather than entering a username and password. The system is currently being tested by the North Carolina Department of Health and Human Services and Department of Transportation and by the departments of revenue in North Carolina and Georgia. The pilots are funded by the National Strategy for Trusted Identities in Cyberspace, a project of the National Institute of Standards and Technology. — M ARI A KOROLOV 0716gcn_030-033.indd 33 6/2/16 12:37 PM
August and September 2016