SmartCard Forum 2011 - Evolution of authentication market
-
Upload
oksystem -
Category
Technology
-
view
382 -
download
0
description
Transcript of SmartCard Forum 2011 - Evolution of authentication market
Smart Card Forum Prague
Evolution of Authentication market & Beyond
New challenges for enterprises
Jérôme Soufflot
EMEA Channel Team
Marketing & Bus development
Gemalto: Security To Be FreeMore than just a company tag line…it is why we exist
Communicate Travel
Bank
Shop
Work
In ways that are
convenient,
enjoyable and
secure
2
Gemalto’s Secure Personal Devices
1.5 billion secure devices – Produced and personalized in 2009
200 million citizens – Received a Gemalto produced e-Passport
500 million people – Carry a Gemalto produced credit card
400 mobile operators – Connecting 2 billion subscribers
30 years experience – designing/producing secure personal devices
3
…are in the hands of billions of individuals worldwide
Global Leadership Position
*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report
Top producer of:
SIM cards and UICC (1)
Over-The-Air platforms(2)
Chip payment cards(4)
Chip-based corporate security solutions(1)
e-Passports (3)
Innovation leadership examples
Ezio optical reader for online banking
YuuWaa – Combines flash memory with online services
4
Entreprises
5
Even more devices and…
…more ways to run Applications
Since 2007 and Beyond
7
Security of mobile workforces:
Top Concern for end users and IT Managers
Source Cisco -2010
extract Cisco Connected World report
“An identity is a set of claims one principal makes about another
principal in the context of an established relationship”
Username /PW
Smartcards
IP-Address
Passport
Picture
Biometrics
Name
Address
Telephone
Mobile
Fax
Building
Room #
Enterprise & Employee Identity ?
Security is a Balancing Act
and
10
Must balance between
UsabilityStrength
Why Strong Authentication?
Provides protection from unauthorized access
Provides audit trail of individual access activity
Increases security while being easy to use for the employee
Easy to deploy for the administrator
11
Protecting digital assets is a critical need for every business
Enterprise computing infrastructures — on premise,
hosted, or in the cloud — demand rigorous attention to
who, what, where, when, and how a person or an entity
accesses data. Security solutions must verify and
provide assurance that those requesting access are
indeed who and what they say they are.
– Sally Hudson IDC 2010
Risk of Weak Authentication
Unauthorized access
Data theft of digital assets (Intellectual Property)
Loss of brand reputation and customer trust
No audit trail – compliance ramifications
12
Would you leave your house without locking the door?
Data breaches cost U.S. businesses an average of
$6.75 million per breach
- Ponemon Institute, 2009 Study
Online Security concerns reach the public domain
Increasing number of attacks and breaches
Wikileaks – Thousands of secure documents obtained
and released due to unencrypted data transmission.
Epsilon– Millions of email records were recently
compromised when a hacked was able to gain
unauthorized access to outsourced email marketer
Episilon’s data store.
RSA – Security vendor RSA was victim of an advanced
persistent threat which resulted in compromising their
most valuable intellectual property.
Sony Playstation Network –Fraudsters have obtained
data on around 70 million online video gamers. Details
including their names, addresses, dates of birth,
passwords, security questions and credit card details.
13
Web giants proposing now Strong Authentication options to
their users
Choose Authentication Appropriate
Security level
14
OTP
PKI
Biometry
•Mix authentication
method on the same
device
•Select appropriate
Security level justified
for specific enterprise
use case
•Complete IT security
already deployed by
credentials protection
Co
st
Protiva SA Server
5/2/2011 16
Validation server supporting OTP authentication
Standards based technology
Tokens - OATH event based or time based
Mobile App – Time based with time stamping
Web based administrator interface for user management
User self-care portal for registration and password back-up
Easily integrates with existing infrastructure
Established integrations with leading infrastructure technology
Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.
User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.
Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft
IAS/NPS, etc.
The Heart of Protiva Strong Authentication
First level Gemalto answer
Protiva Mobile OTP
2-factor authentication (OTP)
Application installed on the mobile
phone which allow users to
securely generate a One-Time
Password (OTP) using their mobile
phone as a token.
Out-of-band time based OTP
Combination of security and
convenience of one time
password generated on a
mobile device
Integrated in Protiva
SA Server for convenient
central administration
17
User ID: MyID
Password: ********
OTP: 189763
Why Protiva Mobile OTP?
Increasing part of Mobile usage (Smartphone..) in
Enterprise context
The true advantages of mobility with the appropriate
security level
Easy user adoption:
Simple to use for enrolment and OTP generation
No additional hardware to carry
Easy to deploy and manage by administrator
SA Server support large types of devices which allow
adapted security solution
Optimizing TCO of security
18
OTP on display
OTP connected
PKI support
Physical access
Secure storage
OTP
OTP
PKI
Sec
Flas
h
Gemalto SA Server Devices
19
SA Server
SA SMS-OTP
OTP
OTP PKI
.Net Card.Net Key
OTP PKI
.Net Card with
OTP reader
OTP OTP PKI
Smart Guardian
Sec
FlashOTP PKI
SA .Net Dual
OTP OTP PKI
SA Mobile-OTP
OTP
SA Easy OTP V3
OTP
Mobility & Cloud will accelerate market change
More Smartphones + Notebook than Desktop PCs
Q1/10: 54Mu 48Mu 32Mu
(IDC, Strategic Analytics)
With the same connectivity demand, whatever the
device I want to access my social network on my mobile
I want to read my company’s encrypted emails while traveling
I want to pay my parking with my handset
20
Market Drivers for SAAS security
Increase in Enterprise adoption of Hybrid model
Proliferation of SaaS and Federated SSO
Quick time to market/deployment
Differentiator for businesses
Helpdesk cost of supporting passwords
Regulatory Compliance FFIEC, PCI-DSS, European Data Protection Directive, HIPAA/HITECH, SOX
21
22
Issuance and Administration of Gemalto .NET based devices
End User Gemalto .NET devices management
Change PIN
Remote PIN Unblock
View device info (diagnose)
View Certificate on device
Delete Certificates, load P12 file
Modify PIN Policy (DAS 2.0)
Administrator .NET devices management
Remote PIN Unblock
Reset Gemalto .NET devices
Activation and personalization of End User devices:
– End-user Administration Key diversification
– Default PIN Value
– Number of PIN attempts
First level of Service in the Cloud
Ex : Device Administration Services (SAS)
Midmarket
<25 PCs
1-49 employees
25-500 PCs
50-1,000 employees
Small Business
Protiva - A Flexible Authentication Solution
5/2/2011
Protiva Strong Authentication Service
A Hosted OTP solution
Hosted Strong Authentication Service Provides: Complete On Boarding and Device Fulfillment
Flexible billing solutions
Web based portal for device management
Option for complete management of authentication
servers (No CAPEX)
On Premise Authentication Option Complete fulfillment for token provisioning
Protiva SA Server on premise for authentication
(managed by company IT)
Web based portal for user maintenance
Easily Implement Strong Authentication
23
Hosted Strong Authentication Service
5/2/2011 24
Protiva Strong Authentication Service
Corporate Data Resources/
Applications
VPN or
Secure Gateway
RADIUS Server
RADIUS
Identity Store
(LDAP/AD)
Corporate Network
Gemalto
Agent
LDAPSDevice Database
HTTPS
Tunnel Authentication
Attempt Validated
User OTP
Authentication
Request
Remote or Local User
Complete OTP Fulfillment
(Mobile App or Token)
Protiva
Service Features
• Complete Authentication
Management
• Easy On Boarding
• OTP Credential
Fulfillment
• Easy Billing/Licensing
• Custom Webstore
User On Boarding
5/2/2011 25
For Existing Users
SA Server automatically pulls LDAP information
from directory store
For New Users
Web based management portal
Administrators can quickly and easily add new users
User Self Care
For token ordering
Webstore option for user self registration and token ordering
For mobile app OTP
Hosted Application Gateway
– Directs to appropriate mobile app store based on phone type.
Easy, Fast, Simple
User On Boarding
5/2/2011 26
Custom Webstore – User Direct Token Ordering
Gemalto Webstore
Features:
• Customized web
interface
• Direct user billing
• User self-registration
• Automates OTP
device fulfillment
5/2/2011Jan 27, 2010
Strong authentication Service - FulfillmentEnd User Initiated Fulfilment
Order
Two Factor Auth
(2FA) credential or
token ordered by
end user
Receive
2FA credential or
token is shipped or
made available to
end user
Use
User can start using
strong 2FA to
protect access to
cloud resources
Fulfillment Process
27
Benefits of Hosted Authentication
28
SMB
• Secure data resources without additional CAPEX
• Full authentication management without additional IT resources
Fortune 500
• Meet regulatory requirements for data protection
• Reduce the cost of password management and help desk calls
Cloud Service Providers
• Secure authentication as a differentiator from other cloud service providers
• Little to no authentication cost through direct user billing
Online Gaming
• Secure access ensures only authorized users transact within the game
• Little to no authentication cost through direct user billing
A Complete Authentication solution• On Boarding, Fulfillment, Authentication Server Maintenance and Billing
Easy to integrate – Easy to manage
Flexible Licensing Models
No additional CAPEX
Welcome in Gemalto Partner Network
Gemalto has solid long-term relationships with its partners by
focusing on customers and skills
we offer solutions that are fully interoperable and configurable
to meet the requirements of our customers.
Gemalto partners are the leaders in their respective categories:
software, communications, security products, identity
management systems, data centers, logistics, …
29
Thank You
email : [email protected]