Identity: Mobilized

andy.zmolek@lge.com andy@zmolek.com

Todays Journey
1. The mobile paradigm 2. Lessons from the last paradigm shift 3. Mobile identity as paradigm extension
Extend the web - Consumer: Google, facebook Extend enterprise directory: AD, LDAP Mobile Virtualization Mobile Biometrics Near-Field Communications (NFC) Mobile Identity Databases (Neustar) Device-side: Hardware Supplier/OEM, OS/Technology Supplier, Cloud side: Operator, Cloud Service Provider

4. Mobile identity beyond the web

5. Mobile identity platform opportunities

6. Open discussion

The Mobile Paradigm

A device will replace everything in your wallet It is your critical communications center Its a navigation and entertainment center It knows more about you than your spouse It contains your personal and work identities Its not a PC and wont replace it entirely.
PC-centric solutions wont define the mobile experience Did 3270 terminal emulation define the PC experience?

Lessons from the Last Big Paradigm Shift

Central Computing Personal Computing Mobile Computing

1.0
1. 2. 3. 4. 5.

2.0

3.0

Consumers drive disruptive innovation; enterprise follows later Enterprise-oriented ecosystems appear in the new paradigm Eventually the enterprise must adapt or lose competitiveness New market leaders emerge; few old-paradigm leaders survive Value creation and profit shifts toward software and solutions

Drilldown: Mobile Paradigm Changes

Central Computing
Enterprise owns and controls equipment Vendor selection by enterprise only

Personal Computing
Equipment owned by enterprise or consumer Vendor selection by enterprise or consumer

Mobile Computing
Equipment more often consumer-owned (trend) Consumer typically drives ve ndor selection

No consumer use

Limited consumer use of enterprise gear (and vice-versa)

Some control of enterprise data

Consumer AND enterprise us e of same device

Deep fear of losing control of enterprise data

Complete control of enterprise data

Long sales and deployment cycles

Duty cycle: 20 years Software: build-to-suit Locally-oriented

Moderate sales and deployment cycles

Duty cycle: 10 years Software: packaged LAN/WAN-oriented

Short sales and deployment cycles

Duty cycle: 3 years or less Software: cloud/app store Cloud-oriented

Mobile Identity as Paradigm Extension

First attempts to embrace a new paradigm start by extending the old ones
This doesnt mean they will or wont stick New paradigms bring new dynamics into play

Two potential identity Paradigms to extend

Web-centric identity
Primarily consumer-oriented, but also SMB Can include web through SAML for example Active Directory and LDAP drive PC-centric enterprise identity today and are the default places to extend

Enterprise directory-centered identity

Extending the Web (Consumer)

OpenID is a perfect example of something that translates OK from PC to mobile Google takes this further in Android
identity based on gmail account

Facebook does this on multiple platforms

Android also has explicit idendity, synch features

Both are well-positioned to create broad consumer mobile identity ecosystems

Extending the Enterprise Directory

Active Directory has become the default place for the PC-centric enterprise to store identity
Microsoft has a huge vested interest in retaining the enterprise identity store Yet Microsoft still sees mobile devices as an extension of the PC, not part of AD directly

Alternative: vendor-neutral directory via LDAP

Mobile Identity Beyond the Web

Most smartphones serve two purposes:
Consumer device for private life Enterprise device for business life

Mobile identity systems shouldnt ignore this Web-based identity sucks on a mobile device
Poor usability, passwords less than ideal Mobile app paradigm exists outside web

There must be a better way (and there is)

Mobile Virtualization
One device, two (or more) identities Ensure privacy in the consumer experience
Keep personal calls and messages private Install consumer applications without restriction Maintain private personal cellular number

Protect business data and applications

Bring Your Own Phone (BYOP) to enterprise IT Potential to separate billing for enterprise usage IT in full control of enterprise OS, apps, network Wipe business data without affecting consumer Extend enterprise UC services to mobile device

Mobile Biometrics
Low-cost fingerprint scanner
Autentec sensor looks like a trackpad or button Swipe in any direction, different directions or fingers for different functions, easy to use Delivered with the Motorola Atrix

Voice-based biometrics
Hands-free biometric easily run in smartphone Higher equal-error rate than others (~10%)

Visual biometrics facial recognition Emerging: electrical field biometrics

Near-Field Communications
What it is: simple information transfer
Very short range (nearly touching) - contactless card & reader Initialization and configuration of other wireless technologies as needed based on where you are and what you have

Why its useful for identity

Security credential based on where you are and what you have Very low power requirements, particularly in passive mode Minimal interference with other devices Context, based on what you touch or how you gesture. Tool for browsing the physical world Standardized by NFC Forum (nfc-forum.org), ECMA and ISO/IEC

Mobile Identity Databases (Neustar)

Neustar keeps a lot of critical databases for both landline and wireless service providers In some cases these databases are also legally mandated
E-911 location databases Number portability databases North American Numbering Plan Assignment (NANPA)

All mobile device operators send subscriber data to Neustar that links mobile E.164 (telephone) number to subscriber name with network data

Mobile Identity Platform Opportunities

Mobile platform itself hasnt got a WinTel equivalent yet, but a strong contender exists
Apple iOS platform is playing the Mac-equivalent ARM/Android positioning Google to win No better alternative is thriving at this point

Huge push to avoid commoditization on the device and cloud sides of the equation

Device-Side Opportunities
Hardware Supplier/OEM
Hardware to exploit: Multi-core ARM chipsets with strong security features: ARM A15 with virtualization extensions, sensors, NFC, etc. Smartphone OEM now has many now-cost options to integrate into their device; just add software

OS/Technology Supplier
OS mobile identity framework is best included in the OS Expose APIs to enterprise app developers to seed market Ride the coattails of NFC mobile payments initiatives

Cloud-Side Opportunities
Operator-based identity services
Natural extension of existing subscriber identity Also a natural adjacency to NFC-based mobile payments Could follow consortium model used by ISIS

Cloud Service Provider: Mobile Identity-Plus

Standalone mobile identity provider not so sure
What would the funding model be?

Or mobile identity PLUS: mobile presence aggregation/distribution, or mobile payments and affinity program tracking, or mobile social networking services

Thank You

OPEN DISCUSSION