Smart Card Forum Prague

Evolution of Authentication market & Beyond

New challenges for enterprises

Jérôme Soufflot

EMEA Channel Team

Marketing & Bus development

Gemalto: Security To Be FreeMore than just a company tag line…it is why we exist

Communicate Travel

Bank

Shop

Work

In ways that are

convenient,

enjoyable and

secure

2

Gemalto’s Secure Personal Devices

1.5 billion secure devices – Produced and personalized in 2009

200 million citizens – Received a Gemalto produced e-Passport

500 million people – Carry a Gemalto produced credit card

400 mobile operators – Connecting 2 billion subscribers

30 years experience – designing/producing secure personal devices

3

…are in the hands of billions of individuals worldwide

Global Leadership Position

*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report

Top producer of:

SIM cards and UICC (1)

Over-The-Air platforms(2)

Chip payment cards(4)

Chip-based corporate security solutions(1)

e-Passports (3)

Innovation leadership examples

Ezio optical reader for online banking

YuuWaa – Combines flash memory with online services

4

Entreprises

5

Even more devices and…

…more ways to run Applications

Since 2007 and Beyond

7

Security of mobile workforces:

Top Concern for end users and IT Managers

Source Cisco -2010

extract Cisco Connected World report

“An identity is a set of claims one principal makes about another

principal in the context of an established relationship”

Username /PW

Smartcards

IP-Address

Passport

Picture

Biometrics

Name

Address

Telephone

Mobile

Fax

Building

Room #

Enterprise & Employee Identity ?

Security is a Balancing Act

and

10

Must balance between

UsabilityStrength

Why Strong Authentication?

Provides protection from unauthorized access

Provides audit trail of individual access activity

Increases security while being easy to use for the employee

Easy to deploy for the administrator

11

Protecting digital assets is a critical need for every business

Enterprise computing infrastructures — on premise,

hosted, or in the cloud — demand rigorous attention to

who, what, where, when, and how a person or an entity

accesses data. Security solutions must verify and

provide assurance that those requesting access are

indeed who and what they say they are.

– Sally Hudson IDC 2010

Risk of Weak Authentication

Unauthorized access

Data theft of digital assets (Intellectual Property)

Loss of brand reputation and customer trust

No audit trail – compliance ramifications

12

Would you leave your house without locking the door?

Data breaches cost U.S. businesses an average of

$6.75 million per breach

- Ponemon Institute, 2009 Study

Online Security concerns reach the public domain

Increasing number of attacks and breaches

Wikileaks – Thousands of secure documents obtained

and released due to unencrypted data transmission.

Epsilon– Millions of email records were recently

compromised when a hacked was able to gain

unauthorized access to outsourced email marketer

Episilon’s data store.

RSA – Security vendor RSA was victim of an advanced

persistent threat which resulted in compromising their

most valuable intellectual property.

Sony Playstation Network –Fraudsters have obtained

data on around 70 million online video gamers. Details

including their names, addresses, dates of birth,

passwords, security questions and credit card details.

13

Web giants proposing now Strong Authentication options to

their users

Choose Authentication Appropriate

Security level

14

OTP

PKI

Biometry

•Mix authentication

method on the same

device

•Select appropriate

Security level justified

for specific enterprise

use case

•Complete IT security

already deployed by

credentials protection

Co

st

Protiva SA Server

5/2/2011 16

Validation server supporting OTP authentication

Standards based technology

Tokens - OATH event based or time based

Mobile App – Time based with time stamping

Web based administrator interface for user management

User self-care portal for registration and password back-up

Easily integrates with existing infrastructure

Established integrations with leading infrastructure technology

Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.

User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.

Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft

IAS/NPS, etc.

The Heart of Protiva Strong Authentication

First level Gemalto answer

Protiva Mobile OTP

2-factor authentication (OTP)

Application installed on the mobile

phone which allow users to

securely generate a One-Time

Password (OTP) using their mobile

phone as a token.

Out-of-band time based OTP

Combination of security and

convenience of one time

password generated on a

mobile device

Integrated in Protiva

SA Server for convenient

central administration

17

User ID: MyID

Password: ********

OTP: 189763

Why Protiva Mobile OTP?

Increasing part of Mobile usage (Smartphone..) in

Enterprise context

The true advantages of mobility with the appropriate

security level

Easy user adoption:

Simple to use for enrolment and OTP generation

No additional hardware to carry

Easy to deploy and manage by administrator

SA Server support large types of devices which allow

adapted security solution

Optimizing TCO of security

18

OTP on display

OTP connected

PKI support

Physical access

Secure storage

OTP

OTP

PKI

Sec

Flas

h

Gemalto SA Server Devices

19

SA Server

SA SMS-OTP

OTP

OTP PKI

.Net Card.Net Key

OTP PKI

.Net Card with

OTP reader

OTP OTP PKI

Smart Guardian

Sec

FlashOTP PKI

SA .Net Dual

OTP OTP PKI

SA Mobile-OTP

OTP

SA Easy OTP V3

OTP

Mobility & Cloud will accelerate market change

More Smartphones + Notebook than Desktop PCs

Q1/10: 54Mu 48Mu 32Mu

(IDC, Strategic Analytics)

With the same connectivity demand, whatever the

device I want to access my social network on my mobile

I want to read my company’s encrypted emails while traveling

I want to pay my parking with my handset

20

Market Drivers for SAAS security

Increase in Enterprise adoption of Hybrid model

Proliferation of SaaS and Federated SSO

Quick time to market/deployment

Differentiator for businesses

Helpdesk cost of supporting passwords

Regulatory Compliance FFIEC, PCI-DSS, European Data Protection Directive, HIPAA/HITECH, SOX

21

22

Issuance and Administration of Gemalto .NET based devices

End User Gemalto .NET devices management

Change PIN

Remote PIN Unblock

View device info (diagnose)

View Certificate on device

Delete Certificates, load P12 file

Modify PIN Policy (DAS 2.0)

Administrator .NET devices management

Remote PIN Unblock

Reset Gemalto .NET devices

Activation and personalization of End User devices:

– End-user Administration Key diversification

– Default PIN Value

– Number of PIN attempts

First level of Service in the Cloud

Ex : Device Administration Services (SAS)

Midmarket

<25 PCs

1-49 employees

25-500 PCs

50-1,000 employees

Small Business

Protiva - A Flexible Authentication Solution

5/2/2011

Protiva Strong Authentication Service

A Hosted OTP solution

Hosted Strong Authentication Service Provides: Complete On Boarding and Device Fulfillment

Flexible billing solutions

Web based portal for device management

Option for complete management of authentication

servers (No CAPEX)

On Premise Authentication Option Complete fulfillment for token provisioning

Protiva SA Server on premise for authentication

(managed by company IT)

Web based portal for user maintenance

Easily Implement Strong Authentication

23

Hosted Strong Authentication Service

5/2/2011 24

Protiva Strong Authentication Service

Corporate Data Resources/

Applications

VPN or

Secure Gateway

RADIUS Server

RADIUS

Identity Store

(LDAP/AD)

Corporate Network

Gemalto

Agent

LDAPSDevice Database

HTTPS

Tunnel Authentication

Attempt Validated

User OTP

Authentication

Request

Remote or Local User

Complete OTP Fulfillment

(Mobile App or Token)

Protiva

Service Features

• Complete Authentication

Management

• Easy On Boarding

• OTP Credential

Fulfillment

• Easy Billing/Licensing

• Custom Webstore

User On Boarding

5/2/2011 25

For Existing Users

SA Server automatically pulls LDAP information

from directory store

For New Users

Web based management portal

Administrators can quickly and easily add new users

User Self Care

For token ordering

Webstore option for user self registration and token ordering

For mobile app OTP

Hosted Application Gateway

– Directs to appropriate mobile app store based on phone type.

Easy, Fast, Simple

User On Boarding

5/2/2011 26

Custom Webstore – User Direct Token Ordering

Gemalto Webstore

Features:

• Customized web

interface

• Direct user billing

• User self-registration

• Automates OTP

device fulfillment

5/2/2011Jan 27, 2010

Strong authentication Service - FulfillmentEnd User Initiated Fulfilment

Order

Two Factor Auth

(2FA) credential or

token ordered by

end user

Receive

2FA credential or

token is shipped or

made available to

end user

Use

User can start using

strong 2FA to

protect access to

cloud resources

Fulfillment Process

27

Benefits of Hosted Authentication

28

SMB

• Secure data resources without additional CAPEX

• Full authentication management without additional IT resources

Fortune 500

• Meet regulatory requirements for data protection

• Reduce the cost of password management and help desk calls

Cloud Service Providers

• Secure authentication as a differentiator from other cloud service providers

• Little to no authentication cost through direct user billing

Online Gaming

• Secure access ensures only authorized users transact within the game

• Little to no authentication cost through direct user billing

A Complete Authentication solution• On Boarding, Fulfillment, Authentication Server Maintenance and Billing

Easy to integrate – Easy to manage

Flexible Licensing Models

No additional CAPEX

Welcome in Gemalto Partner Network

Gemalto has solid long-term relationships with its partners by

focusing on customers and skills

we offer solutions that are fully interoperable and configurable

to meet the requirements of our customers.

Gemalto partners are the leaders in their respective categories:

software, communications, security products, identity

management systems, data centers, logistics, …

29

Thank You

email : jerome.soufflot@gemalto.com