Secure identity experts give organisations secure access on Windows Phone 8.1 with virtual smart cards
Organisations can now give their employees secure access to corporate networks and resources straight from their Windows Phone using Intercede’s MyID technology. Intercede, a secure identity specialist and member of the Microsoft Developer Programme, was today the first company to announce that it can provide virtual smart card (VSC) management – a form of authentication that uses a device’s inbuilt secure element – for Windows Phone 8.1.
One of the biggest security challenges faced by organisations today is verifying the identity of people and devices that attempt to access their networks, data and premises. Many firms rely on usernames and passwords but these are an inherently insecure form of authentication, while proving especially awkward to use on mobile devices.
Virtual smart cards offer a convenient alternative using two-factor authentication, the acknowledged standard for secure access. To date however, many organisations have been reluctant to deploy strong authentication because of the perceived costs and complexities of managing smart cards across the enterprise.
The latest Windows-based devices now support two-factor authentication in the form of a virtual smart card managed by Intercede’s MyID technology, enabling organisations to verify the identity of employees accessing sensitive company information from their Windows Phone 8.1. MyID provides all of the lifecycle management features required to effectively implement large-scale credential roll-outs, including key recovery, certificate renewal and revocation. By effectively binding a person to their virtual smart card, MyID provides the chain of trust that is vital to ensure that the user is who they claim to be and that the credential on the virtual smart card can be trusted.
Windows Phone 8.1 comes with an inbuilt Trusted Platform Module (TPM) – a secure element within the device – which is where keys for use in secure two-factor authentication with a virtual smart card are stored. The TPM is protected from hackers; the keys are never loaded in the operating system’s memory, meaning the VSC remains safe even if the phone itself is compromised.
“Mobile devices have always been seen more as a security risk than a security asset,” said Allen Storey, Product Director of Intercede. “But that’s because mobile security was typically based on a vulnerable form of ID verification – usernames and passwords.”
“Passwords simply do not provide high enough levels of security. They are easily cracked, lost or stolen; and in needing to be increasingly complex, they are also getting harder to remember and more inconvenient for the end user. By implementing two-factor authentication, organisations can immediately strengthen their network security and offer employees the convenience of accessing corporate resources with a simple PIN on the go.”
About :
Intercede is a software company specialising in identity and credential management with a global team of experts located in the US and UK. Intercede’s MyID software enables organisations to create and use trusted digital identities for employees, citizens and machines. This allows secure access to services, facilities, information and networks. MyID meets the highest government standards yet is simple enough to be deployed onto consumer devices such as smartphones and tablets. Critically, MyID provides an easy, convenient and secure alternative to passwords. Millions of identities are managed using MyID and Intercede has provided identity verification and management services to global customers for more than 20 years. MyID is a commercial-off-the-shelf software product, designed and developed to be configurable so it can be embedded as the cornerstone of cyber security infrastructure for governments and corporations. Customers trusting Intercede for secure digital identity include the US and UK governments and some of the world’s largest corporations, telecommunications providers and information technology partners.
For more information visit: www.intercede.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.