MicroStrategy Usher, a security and analytics platform, is available for use with Apple Watch. Usher replaces traditional passwords with biometric mobile identity and multi-factor authentication.
The system is also designed to ease security administration capabilities. “The app is designed to detect a vast range of business systems, hardware and physical entryways as users approach,” says Paul Zolfaghari, president of MicroStrategy Inc. Users receive prompts via push notifications on their Apple Watch.
“They can use the solution to log in to secure web solutions in the morning before heading into work – like Salesforce, VPNs or work email. They can use Usher to gain physical entry to a number of locations when they arrive at work like parking garages, elevators, and other secure areas,” Zolfaghari says. “They can validate user identities in-person or over the phone with numeric one-time Usher codes. They can use Usher to easily access workstations via Bluetooth or a QR scan, eliminating the need for redundant password unlocks.”
Usher employs access tokens that are stored in an encrypted format on the mobile phone. The server architecture is built on Public Key Infrastructure to ensure that only authorized users communicate with the Usher server from authorized Usher client devices. When the user initially launches the Usher app, it generates a key pair and a certificate signing request and sends the request to the Usher server. The server returns an access token and X.509 PKI client certificate based on the certificate signing request to the app, associating this access token and certificate with the current user.
A self-service web portal enables an administrator to create and manage thousands of badges. Usher badges can be used for password-less authentication to a variety of resources, such as SAML-based cloud and web apps, Windows and Mac workstations and physical access systems. Credentials and keys are software-based, and a single administrative action can revoke all Usher privileges for a specific user/phone instantly. On a replacement smartphone, users can install Usher from the App Store and verify their identity to restore all badges and credentials.
On phones with fingerprint scanners, the administrator can force users to verify their identity with Touch ID on iPhones as the single source of identity, or as a second factor.
“Usher transforms Apple Watch into a key to the enterprise by enabling wearers to log into business systems, unlock computers, validate personal identity, and open physical entryways,” Zolfaghari says. “Apple Watch is an ideal platform for replacing a number of dated security tools—such as passwords, key cards and fobs—in the enterprise. It brings a new level of convenience, which is great for users (employees) while giving organizations best-in-class security.”