Who are you trying to protect? Risk appropriate authentication

If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect?

Remote Employees/Contractors

Securly provisioned seed to ensure OTP seed can not be replicated. Works with leading VPN providers including MSFT Direct Access.

Privileged Access(HR, R&D, Legal)

Sensitive Access(Executive/Board)

Smart card solutons for strong multi-factorauthentication.

MFA solutions that offeradditional support forbiometric third factor of authentication. Enables encrypted email, digitalsignature, mutual auth-entication, and pre-bootauthentication.

SECURE ACCESS:Verified identitycertificate based

One-time password Certificate-based solutions (PKI)

INSECURE ACCESS:Username/password

IDPrime .NET Bio

Information security professionals are under more pressure than ever before to protect their company’s critical assets. In a time when information can be the most valuable asset a company has, ensuring only authorized users have the ability to gain access to sensitive data systems is critical to ensuring the success of the company. But security also has to be flexible to accommodate the needs of the business. The challenge for IT security professionals today is finding the right balance of security and convenience.

Risk appropriate authenticationEach user accessing the network has a set of requirements based on job function and access needs. When implementing strong security controls, user needs and the ability of IT security to support these needs will require a flexible security solution to meet these varied user profiles.

Protiva: Flexible strong authentication solutionsProtiva provides a full portfolio of products to meet the need for secure access to business resources. It is a modular system that allows businesses to choose the security level they need, from a full end-to-end system to .NET-based smart cards that leverage the card management capabilities in Microsoft Server and Windows OS.

Who are you trying to protect?

Authentication softwareGemalto’s IDConfirm authentication server is scalable and is based on open OATH and EMVCAP standards. The server is designed to work with existing network infrastructure including LDAP and AAA servers. It can be deployed on an existing server and provides authentication services for a full range of devices including OTP (token, card or mobile), Public Key Infrastructure (PKI) -based smart cards and biometrics. The server is equipped with a web-based portal for user account management.

OTP solutions> Gemalto time-based OTP tokens use the current time

computed with a secret key to create a password. When the corresponding validation server receives the password, it combines the current time with the secret key and performs the same cryptographic computation as the token. If the two resulting passwords match up, access is granted for one attempt within a 30 second window.

> SMS OTP solutions use the IDConfirm Server to send a password to any mobile phone via SMS. This offers safe and convenient authentication without the hassle or extra cost of having to carry another device.

> The Protiva Mobile OTP solution exploits all the convenience of the mobile phone without the need for a network. Users download an application that turns the phone into a token that generates a secure OTP.

Smart card solutionsGemalto’s Protiva smart card-based solutions leverage PKI to provide certificate-based strong authentication. In addition, PKI certificates stored on the smart card can be used to enable email encryption and digital signature, and when incorporated into a USB storage device, secure data storage.

> There are three options when deploying a certificate-based identity solution: .NET, minidriver enabled (MD), or PIV. Each solution provides a high level of assurance of the identity of the user attempting to gain logical access to the network. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. .NET and MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a.NET or MD certificate-based authentication solution is virtually plug and play.NET & MD are also compatible with MAC OS and Linux environments.

> Adding biometric functionality adds a further level of security with the addition of fingerprint match-on-card

user verification. This functionality is supported by Windows Biometric Framework.

> Secure Flash USB Token are secure USB tokens that offer simple, highly secure solutions for the mobile office, preventing data loss, securing portable data and digitally signing documents.

Additional PKI functionality> Using the Internet for business processes is cheaper

and faster but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital signatures created using smart card devices with PKI can securely authenticate virtual documents, saving both time and money.

> PKI also allows for email encryption. This is essential for preventing sensitive emails being read by unintended recipients.

> Unsecured USB flash drives can be a major source of data loss but PKI-based tokens are perfect for secure data storage, ensuring sensitive business information is kept safe, even if the drive is lost or stolen.

Flexible authentication built to evolve with your businessOrganizations can deploy simpler solutions for fast, secure user authentication and then evolve to more comprehensive identity protection and network security solutions without having to abandon infrastructure investments or change end-user devices. Gemalto solutions can be used for one-time password applications and then expanded to support PKI and the smart card-based security features in Microsoft’s Windows and .NET platforms. The use of open standards and industry-standard protocols enables hardware optimization, and also helps reduce the total cost of ownership.

Strong authentication adds layers of identity verification to ensure only authorized users gain network access through a variety of easy-to-use form factors that meet business requirements and ensure user adoption.

GEMALTO.COM

GEMALTO (Euronext NL0000400653 GTO) is the world leader in digital security with

2013 annual revenues of €2.4 billion and more than 12,000 employees operating out of

85 offices and 25 Research & Development centers, located in 43 countries. We are at

the heart of the rapidly evolving digital society. Billions of people worldwide increasingly

want the freedom to communicate, travel, shop, bank, entertain and work – anytime,

everywhere – in ways that are enjoyable and safe. Our innovations enable our clients to

offer trusted and convenient digital services to billions of individuals. Gemalto thrives

with the growing number of people using its solutions to interact with the digital and

wireless world.

For more information visit www.gemalto.com, www.justaskgemalto.com,

blog.gemalto.com, or follow@gemalto on Twitter.

© G

emal

to 2

014.

All

righ

ts re

serv

ed. G

emal

to, t

he G

emal

to lo

go, a

re tr

adem

arks

and

ser

vice

mar

ks o

f Gem

alto

and

are

regi

ster

ed in

cer

tain

cou

ntri

es. M

ay 2

014-

CC