SlideShare a Scribd company logo

Mobile Payment Security with CA Rapid App Security

CA Technologies
CA Technologies

Mobile Payment Security with CA Rapid App Security For more information, please visit: http://ow.ly/gyOt50g5UOp

Technology
1 of 21
Download to read offline
Mobile Payment Security With CA Rapid App Security Rob Wilson DO1T37T DEVOPS: APIS & MICROSERVICES Advisor, Presales CA Technologies Services Architect CA Technologies Faiz Usmani
2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Challenges to Software Development in the Application Economy How do I create:  A native security experience that is convenient, frictionless, and makes it fast to add to new security modalities to apps  Secure enough to meet audits & compliance requirements  Provides “developer velocity”: maximum value without high costs to develop, operate, or support? Velocity Convenience Security
5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS What if You Could… Initiate Step-up Authentication when Risk is High Transparently Analyze Risk based on Contextual Data From a Single Solution? Securing the Device to Server Communications Authenticate Users via Wide Array of Credentials Connecting from Mobile Devices & Mobile Apps
6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Introducing CA Rapid App Security A comprehensive authentication platform for the application economy - mobile, web, IoT  Fraud prevention in real-time  Robust authentication methods inclusive of contextual authentication  Faster & convenient means to secure Apps  Strengthen consumer confidence and enhance brand value by creating a simplified native security experience Built on CA Mobile API Gateway and CA Advanced Authentication
7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Rapid App Security Component Capabilities  CA Mobile API Gateway – Provides support for OAuth, OpenID Connect, Mutual SSL, Touch ID, Cross-device sign-on  Strong Auth & Risk Auth Server (CA Advanced Authentication) – Provides management and validation of CA AuthID credential, and conducts risk analysis with step-up authentication initiation when needed  Universal SDK – Provides streamlined developer experience across MAG and Advance Authentication solution; single, unified SDK to simplify app security for the developer
8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS User Store Devices Applications Identity Processes Data Store CA Rapid App Security Solution DNA OTP PKI Install Device Certificate Risk Analysis Social Login Mobile SSO & Proximity Login Auth & Risk Server  Risk Engine  Rules & Policies  Strong Authentication Universal Mobile SDK Authentication Gateway Application Services
9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS User Store Devices Applications Identity Processes Data Store Additionally… Authentication and API Security Auth & Risk Server Universal Mobile SDK Authentication & API Gateway Application Services
10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Devices Applications Data Store Rapid App Security With CA Security Solutions Auth & Risk Server Universal Mobile SDK Authentication Gateway Application Services User Store CA Directory CA Identity ManagerPolicy ServerAccess Gateway Secure Proxy CA Single Sign-On  Risk Engine  Rules & Policies  Strong Authentication
11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS “Three-way Trust” Enables Greater Security USER APP DEVICE Uses App Runs on Uses device, has session CA Rapid App Security:  Identifies user, app, and device  Learns and tracks relationship between the three entities  Three-way trust relationship is registered & authenticated to enterprise gateway  Elevates authentication or prevents access when pattern deviates from norm
12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Universal SDK Simplifies the Developer Interaction loginWithAuthID() (User Id, AuthID Pin)
13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Universal SDK Provides Flexibility! Protected APISecurity Policy App Credentials Risk Evaluation Mutual TLS User Authentication Social Login Single Sign On One Time Password Multi User Biometric Authentication Certificate Pinning Proximity Login ? PKCE / RFC 7636 Let use case determine the security controls! Device Registration Software Development Kit Dynamic Device Configuration
14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS  Dynamic application client credentials  Mutual SSL with unique device certificates – PKI x509  Certificate pinning – PKV  Cryptographic camouflage – AuthID  Tokenized credentials and access tokens – OAuth 2.0 and OpenID Connect (certified)  Delegated authentication – Social Media, OAuth/OIDC OP, SAML, etc.  Multi-factor Step-up Authentication – Q&A, OTP/HOTP, OATH  Identity Brokering – Bearer/JWT -> SMSession/Kerberos, SMSession/Kerberos -> Bearer/JWT, etc.  Biometric Authentication – TouchID/Fingerprint and FIDO  Proximity Authentication – BLE NFC QRC  Risk based analysis and profiles Universal SDK Features
15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS  Mobile SSO – Native App to App, App to browser, hybrid  Geolocation and Carrier  Push Notifications – APN, GCM  User and Group Management (SCIM 2.0)  Pub Sub messaging (MQTT 3.1)  Secure Storage – local and private cloud Universal SDK Features – Continued
16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security That Elevates the Experience Customer/Employee Better experience Security based on the level activity being performed Improved trust without impact to user experience Developer Security that is faster to implement Security that is cheaper to implement Security that is easier to implement (especially for non-security experts) Organization Reduced risk, with stronger security and superior authentication options Improved and less costly security enables higher value services via mobile Manage security with security experts, rather than in each app
17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Rapid App Security Use Case Healthcare Customer experience Security & Privacy Integration Finance/ Insurance Contextual Authentication Risk Mitigation Open Banking Retail Customer experience Risk Mitigation Payment security Manufacturing Internet of Things(IoT) Geo Fencing Customer experience Automotive Customer experience Internet of Things(IoT) Payment Security Better End User Experience With Higher Security
18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Questions?
19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DO1T17S M&T Bank: Solving Real-World Banking Challenges with CA API Management 11/16/2017 at 1:45 pm DO1T27S Panel: Multi-faceted Security Options for a Mobile World 11/16/2017 at 2:30 pm DO1T56T API Academy: Microservices - How to Safely Speed Up Your Digital Innovation 11/16/2017 at 3:30 pm
20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Aggregate, Secure & Manage Microservices 101 Create an End-to-End Modern App Architecture 109 Eurosport: A Showcase for IoT & App Experiences 101 Modernize Architectures With Low-code Microservices 106 Protect Apps & APIs with Omnichannel Security 104
21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps: APIs and Microservices For more information, please visit: http://cainc.to/CAW17-APIM

Recommended

CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Technologies
 
API Academy: Microservices - How to Safely Speed Up Your Digital Innovation
API Academy: Microservices - How to Safely Speed Up Your Digital InnovationAPI Academy: Microservices - How to Safely Speed Up Your Digital Innovation
API Academy: Microservices - How to Safely Speed Up Your Digital Innovation
CA Technologies
 
Winter is Coming for Microservice Complexity - Challenges with Docker Apps
Winter is Coming for Microservice Complexity - Challenges with Docker AppsWinter is Coming for Microservice Complexity - Challenges with Docker Apps
Winter is Coming for Microservice Complexity - Challenges with Docker Apps
CA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
CA Technologies
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays
 

Recommended

CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Technologies
 
API Academy: Microservices - How to Safely Speed Up Your Digital Innovation
API Academy: Microservices - How to Safely Speed Up Your Digital InnovationAPI Academy: Microservices - How to Safely Speed Up Your Digital Innovation
API Academy: Microservices - How to Safely Speed Up Your Digital Innovation
CA Technologies
 
Winter is Coming for Microservice Complexity - Challenges with Docker Apps
Winter is Coming for Microservice Complexity - Challenges with Docker AppsWinter is Coming for Microservice Complexity - Challenges with Docker Apps
Winter is Coming for Microservice Complexity - Challenges with Docker Apps
CA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
CA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
CA Technologies
 
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays
 
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
Impressico Business Solutions
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays
 
Cisco Connect 2018 Indonesia - Cisco HyperFlex
Cisco Connect 2018 Indonesia - Cisco HyperFlexCisco Connect 2018 Indonesia - Cisco HyperFlex
Cisco Connect 2018 Indonesia - Cisco HyperFlex
NetworkCollaborators
 
Microevent
MicroeventMicroevent
Microevent
Angelo Agatino Nicolosi
 
Modern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyModern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API Friendly
DevOps Indonesia
 
Cisco Connect 2018 Indonesia - Cisco cmx
Cisco Connect 2018 Indonesia - Cisco cmx Cisco Connect 2018 Indonesia - Cisco cmx
Cisco Connect 2018 Indonesia - Cisco cmx
NetworkCollaborators
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation Experience
Capgemini
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
Diego Gabriel Cardoso
 
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Codemotion
 
Role of dev ops in it consulting
Role of dev ops in it consultingRole of dev ops in it consulting
Role of dev ops in it consulting
Impressico Business Solutions
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
Diego Gabriel Cardoso
 
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays
 
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
apidays
 
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Dana Gardner
 
Extreme DevOps in Fintech
Extreme DevOps in FintechExtreme DevOps in Fintech
Extreme DevOps in Fintech
Angelo Agatino Nicolosi
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networking
NetworkCollaborators
 
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays
 
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
devopsdaysaustin
 
AWS Managed Services - For Regulated Companies
AWS Managed Services - For Regulated CompaniesAWS Managed Services - For Regulated Companies
AWS Managed Services - For Regulated Companies
John Levonick
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
CA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
CA API Management
 

More Related Content

What's hot

Extreme DevOps in Fintech
Extreme DevOps in FintechExtreme DevOps in Fintech
Extreme DevOps in Fintech
Angelo Agatino Nicolosi
 

What's hot (20)

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
 
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...
 
Cisco Connect 2018 Indonesia - Cisco HyperFlex
Cisco Connect 2018 Indonesia - Cisco HyperFlexCisco Connect 2018 Indonesia - Cisco HyperFlex
Cisco Connect 2018 Indonesia - Cisco HyperFlex
 
Microevent
MicroeventMicroevent
Microevent
 
Modern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyModern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API Friendly
 
Cisco Connect 2018 Indonesia - Cisco cmx
Cisco Connect 2018 Indonesia - Cisco cmx Cisco Connect 2018 Indonesia - Cisco cmx
Cisco Connect 2018 Indonesia - Cisco cmx
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation Experience
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
 
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
Roger Dickinson - Making Enterprise Virtual Reality a Practical Reality - Cod...
 
Role of dev ops in it consulting
Role of dev ops in it consultingRole of dev ops in it consulting
Role of dev ops in it consulting
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
 
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
apidays LIVE New York 2021 - APIOps: automating API operations for speed and ...
 
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...
 
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
Making APIs Secure Demands Tracing and Machine Learning to Rapidly Limit Dama...
 
Extreme DevOps in Fintech
Extreme DevOps in FintechExtreme DevOps in Fintech
Extreme DevOps in Fintech
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networking
 
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
apidays LIVE Paris 2021 - Getting started with Event-Driven APis by Hugo Guer...
 
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.2016 - DevOps Meets APIs - Model once. Benefit everywhere.
2016 - DevOps Meets APIs - Model once. Benefit everywhere.
 
AWS Managed Services - For Regulated Companies
AWS Managed Services - For Regulated CompaniesAWS Managed Services - For Regulated Companies
AWS Managed Services - For Regulated Companies
 

Similar to Mobile Payment Security with CA Rapid App Security

Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
CA API Management
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy
CA Technologies
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
Andrew Ames
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
NowSecure
 
Identity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsIdentity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer Relationships
ForgeRock
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
CSA Argentina
 
Identity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinIdentity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel Raskin
ForgeRock
 

Similar to Mobile Payment Security with CA Rapid App Security (20)

Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?CIS 2017 - So you want to use standards to secure your APIs?
CIS 2017 - So you want to use standards to secure your APIs?
 
Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy Enable and Secure Business Growth in the New Application Economy
Enable and Secure Business Growth in the New Application Economy
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 
CA API Management: A DevOps Enabler
CA API Management: A DevOps EnablerCA API Management: A DevOps Enabler
CA API Management: A DevOps Enabler
 
Financial services rely on APIs
Financial services rely on APIsFinancial services rely on APIs
Financial services rely on APIs
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
Identity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsIdentity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer Relationships
 
Creating the Borderless Workplace
Creating the Borderless WorkplaceCreating the Borderless Workplace
Creating the Borderless Workplace
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
How CA Technologies Enables Its Own Employees and Secures Access to Applicati...
 
DIGIPASS for Apps
DIGIPASS for AppsDIGIPASS for Apps
DIGIPASS for Apps
 
Identity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinIdentity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel Raskin
 

More from CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
CA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
CA Technologies
 

More from CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Mobile Payment Security with CA Rapid App Security

  • 1. Mobile Payment Security With CA Rapid App Security Rob Wilson DO1T37T DEVOPS: APIS & MICROSERVICES Advisor, Presales CA Technologies Services Architect CA Technologies Faiz Usmani
  • 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
  • 3. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Challenges to Software Development in the Application Economy How do I create:  A native security experience that is convenient, frictionless, and makes it fast to add to new security modalities to apps  Secure enough to meet audits & compliance requirements  Provides “developer velocity”: maximum value without high costs to develop, operate, or support? Velocity Convenience Security
  • 4. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS What if You Could… Initiate Step-up Authentication when Risk is High Transparently Analyze Risk based on Contextual Data From a Single Solution? Securing the Device to Server Communications Authenticate Users via Wide Array of Credentials Connecting from Mobile Devices & Mobile Apps
  • 5. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Introducing CA Rapid App Security A comprehensive authentication platform for the application economy - mobile, web, IoT  Fraud prevention in real-time  Robust authentication methods inclusive of contextual authentication  Faster & convenient means to secure Apps  Strengthen consumer confidence and enhance brand value by creating a simplified native security experience Built on CA Mobile API Gateway and CA Advanced Authentication
  • 6. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CA Rapid App Security Component Capabilities  CA Mobile API Gateway – Provides support for OAuth, OpenID Connect, Mutual SSL, Touch ID, Cross-device sign-on  Strong Auth & Risk Auth Server (CA Advanced Authentication) – Provides management and validation of CA AuthID credential, and conducts risk analysis with step-up authentication initiation when needed  Universal SDK – Provides streamlined developer experience across MAG and Advance Authentication solution; single, unified SDK to simplify app security for the developer
  • 7. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS User Store Devices Applications Identity Processes Data Store CA Rapid App Security Solution DNA OTP PKI Install Device Certificate Risk Analysis Social Login Mobile SSO & Proximity Login Auth & Risk Server  Risk Engine  Rules & Policies  Strong Authentication Universal Mobile SDK Authentication Gateway Application Services
  • 8. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS User Store Devices Applications Identity Processes Data Store Additionally… Authentication and API Security Auth & Risk Server Universal Mobile SDK Authentication & API Gateway Application Services
  • 9. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Devices Applications Data Store Rapid App Security With CA Security Solutions Auth & Risk Server Universal Mobile SDK Authentication Gateway Application Services User Store CA Directory CA Identity ManagerPolicy ServerAccess Gateway Secure Proxy CA Single Sign-On  Risk Engine  Rules & Policies  Strong Authentication
  • 10. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS “Three-way Trust” Enables Greater Security USER APP DEVICE Uses App Runs on Uses device, has session CA Rapid App Security:  Identifies user, app, and device  Learns and tracks relationship between the three entities  Three-way trust relationship is registered & authenticated to enterprise gateway  Elevates authentication or prevents access when pattern deviates from norm
  • 11. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Universal SDK Simplifies the Developer Interaction loginWithAuthID() (User Id, AuthID Pin)
  • 12. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Universal SDK Provides Flexibility! Protected APISecurity Policy App Credentials Risk Evaluation Mutual TLS User Authentication Social Login Single Sign On One Time Password Multi User Biometric Authentication Certificate Pinning Proximity Login ? PKCE / RFC 7636 Let use case determine the security controls! Device Registration Software Development Kit Dynamic Device Configuration
  • 13. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS  Dynamic application client credentials  Mutual SSL with unique device certificates – PKI x509  Certificate pinning – PKV  Cryptographic camouflage – AuthID  Tokenized credentials and access tokens – OAuth 2.0 and OpenID Connect (certified)  Delegated authentication – Social Media, OAuth/OIDC OP, SAML, etc.  Multi-factor Step-up Authentication – Q&A, OTP/HOTP, OATH  Identity Brokering – Bearer/JWT -> SMSession/Kerberos, SMSession/Kerberos -> Bearer/JWT, etc.  Biometric Authentication – TouchID/Fingerprint and FIDO  Proximity Authentication – BLE NFC QRC  Risk based analysis and profiles Universal SDK Features
  • 14. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS  Mobile SSO – Native App to App, App to browser, hybrid  Geolocation and Carrier  Push Notifications – APN, GCM  User and Group Management (SCIM 2.0)  Pub Sub messaging (MQTT 3.1)  Secure Storage – local and private cloud Universal SDK Features – Continued
  • 15. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Security That Elevates the Experience Customer/Employee Better experience Security based on the level activity being performed Improved trust without impact to user experience Developer Security that is faster to implement Security that is cheaper to implement Security that is easier to implement (especially for non-security experts) Organization Reduced risk, with stronger security and superior authentication options Improved and less costly security enables higher value services via mobile Manage security with security experts, rather than in each app
  • 16. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Rapid App Security Use Case Healthcare Customer experience Security & Privacy Integration Finance/ Insurance Contextual Authentication Risk Mitigation Open Banking Retail Customer experience Risk Mitigation Payment security Manufacturing Internet of Things(IoT) Geo Fencing Customer experience Automotive Customer experience Internet of Things(IoT) Payment Security Better End User Experience With Higher Security
  • 17. 18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Questions?
  • 18. 19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DO1T17S M&T Bank: Solving Real-World Banking Challenges with CA API Management 11/16/2017 at 1:45 pm DO1T27S Panel: Multi-faceted Security Options for a Mobile World 11/16/2017 at 2:30 pm DO1T56T API Academy: Microservices - How to Safely Speed Up Your Digital Innovation 11/16/2017 at 3:30 pm
  • 19. 20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos Aggregate, Secure & Manage Microservices 101 Create an End-to-End Modern App Architecture 109 Eurosport: A Showcase for IoT & App Experiences 101 Modernize Architectures With Low-code Microservices 106 Protect Apps & APIs with Omnichannel Security 104
  • 20. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at communities.ca.com Thank you.
  • 21. 22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevOps: APIs and Microservices For more information, please visit: http://cainc.to/CAW17-APIM