EToken Virtual and MobilePASS Software Authenticators.
-
Upload
clifford-jenkins -
Category
Documents
-
view
262 -
download
0
Transcript of EToken Virtual and MobilePASS Software Authenticators.
Agenda
Software authentication overview
Product portfolio
eToken Virtual
MobilePASS
Market background
Identifying the opportunity
The Highlights
What is Software Authentication? Two-factor authentication solutions that enable secure remote network access and digital
signature functionality without the need for a physical hardware authenticator
Available in a OTP and Virtual Smartcard platform
What can you do with it? Securely access web-based online services and corporate networks (VPN)
Digital signature applications (PKI only)
What makes it an innovation in two-factor authentication? Convenience: no hardware to carry
Management: simplified administration
Reduced TCO: reduced costs associated with hardware provisioning and deployment
Security: two-factor authentication without the need for hardware
Hardware vs. Software: Pros and ConsHardware Authenticators Software Authenticators
Usability Must be delivered & deployed
Users need to carry a physical device with them
Increased downtime (can be misplaced, stolen or broken)
Easy to distribute and deploy
Less hassle as does not require additional dedicated device
Less downtime
Security More secure
Enable combined physical proximity (RFID)
More secure than passwords but less secure than a physical authenticator
Don’t comply with the high security standards of an actual smartcard
Less secure than a hardware authenticator
TCO More costly per device
Deployment & operational expenses
Affordable - Lower TCO than physical authenticators
Software Authentication Solutions
eToken Virtual Certificate-based two-factor software authentication security solution
which provides full public key cryptographic functionality such as secure remote access, network access and digital signing
MobilePASS OTP two-factor software authentication that offers the convenience of
one-time passwords generated on your mobile device, PC or portable storage device
NEW! NEW! Virtual smartcard with full PKI functionality
Software PKI-Based Strong Authentication on PC / Removable Drives
Applications Secure remote access
Network access
Digital signing
Virtual Smartcard – functions like a hardware authenticator
SSO
PC security
The Solution: eToken Virtual
eToken Virtual Security Features
AES Encryption: Keys & certificates are securely created and stored in eToken Virtual
Device Locking: eToken Virtual contents are locked at time of provisioning to a specific storage device or PC
Policy Data Signing: Enforces password complexity according to organizational policies
Memory Protection: Prevents content being written to disk
Key Deletion: private data is replaced by random data and rewritten to disk to ensure no trace remains
“Given most users’ aversion to passwords, coupled with the inability to remember more than a few without writing them down, IDC believes that solutions such as soft tokens, certificates, one-time passwords, and hardware-based tokens will make rapid gains.”
IDC - Worldwide Identity and Access Management 2007- 2011 Forecast and 2006 Vendor Shares
eToken Virtual Technical Specifications
Management: eToken TMS 5+ Security Application: eToken PKI Client 5+ Operating Systems:
Windows: XP, Vista, Windows Server 2003 & 2008 (32-bit and 64-bit)
Mac* OS X 10.4 (Tiger), 10.5 (Leopard)
Linux distributions*: CentOs 5.2 (32-bit and 64-bit), Red Hat 5.2 (32-bit and 64-bit), Ubuntu 8.04 (32-bit), Fedora Core 9 (32-bit), SUSE 10.3 (32-bit)
eToken Virtual – User Enrollment Use Case
13
NOTE: NOTE: Admin Rights Required for eToken PKI Client Installation
Use Case: Check Point VPN Network Access
1. User logs into computer and connects via VPN to corporate network
4. Secure connection is established
2. eToken Virtual requests user’s credentials
eToken Virtual
3. eToken Virtual validates credentials
The Solution: MobilePASS OTP passwords generated on Windows
desktops or mobile devices
Applications Remote Access
VPNs
Terminal Server
Citrix applications
Outlook Web Access and other web-based applications including customer-facing online services such as banking, education portals and health care
“Phone-based authentication tokens [are] becoming increasingly popular, and we predict that 50 percent of future two factor authentication implementations will use phone-based tokens.“
Ant Allen, Gartner AnalystUser Authentication Beyond the Password, June 2008
The Solution: MobilePASS
Supported Platforms
Windows Desktop
BlackBerry
Windows Mobile
Java ME
Smartphone
SMS & email delivery - (with SafeWord 2008 and SafeWord ESP only)
Management eToken TMS
SafeWord 2008 with SafeWord ESP Note: MobilePASS appears under the name SoftOTP in the current eToken TMS 5.0 CA release. The name will be
updated to MobilePASS in the upcoming eToken TMS 5.1 GA release.
MobilePASS – Overview (cont.)
For Mobile Devices MobilePASS turns your mobile phone into a strong authentication device.
When you log in to your secure network from your laptop or PC, the quick-launch on your mobile phone will generate the one-time password you use to complete your login.
For Windows Desktop & Portable Storage Devices MobilePASS for Windows Desktops allows you to generate one-time-
passwords on your Windows desktop through a locally installed OTP application or on portable storage devices. Users simply generate a one-time password from their desktop and use it to log on securely to the desired application.
17
MobilePASS – Enrollment and Usage eToken TMS and MobilePASS license are acquired by the
company to enable OTP using software authenticators.
Administrator enrolls MobilePASS authenticator for the user in the TMS Manage.
The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc..
The user installs the MobilePASS software.
The user enters the activation code and activates the software.
OTP is generated using the received PIN.
Using the OTP, the user logs on.
Software Authenticator Management
eToken TMS enables full life cycle management
Including TMSservice - End-user portal
The End-user site enables tasks such as: Enroll a new authenticator
Update the content of an enrolled authenticator
Change/Reset eToken password
Disable/Enable an eToken
Replace a Lost/Damaged authenticator (including revocation)
Manage OTP authenticator including MobilePASS
Enroll eToken Virtual and eToken Virtual Temp
Additional software solutions using TMS:
eToken Virtual Temp
Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator
For each authentication, the user can enrol one temporary virtual authenticator.
eToken Rescue
Users who lose their authenticators can create an eToken Rescue authenticators (default expiration 1 month, max 3 months)
Market Drivers Need for an alternative to physical authenticators
Ease of use and convenience for end users
Lower TCO for management and deployment
Expansion of online Web services Education
Healthcare
Financial services
Extension of enterprise services Partner portals
VPN access
Digital signing
Need to address risk and compliance
“Number of crimeware websites surge in largest jump ever in Dec. 2008” Anti-phishing Working Group
The Mobile Authentication Market
Source: Based on data from IDC, Mobile Security Device Market, March 2008
Target Markets
B2C and B2B organizations that are interested in providing secure access and digital signing capabilities to customers, partners and employees
Solution Remote Access Digital Signing
Enterprise
Out-the-box
Online services
Identifying the Opportunity Deployment
Organizations who want to implement two-factor authentication but don’t want the constraints of hardware deployment or that are cost sensitive to the costs associated with hardware deployment
Security Organizations who want to implement two-factor authentication but do not necessarily need the
full security of a hardware-based solution
Digital signing Organizations that already have authentication solutions in place but who want to add digital
signing capabilities for specific users
Consumer-facing Consumer or B2C deployments where user convenience is crucial and hardware deployment is
too costly
Flexibility Organizations that want to add more flexibility to their existing authentication infrastructure
Key Selling Points
Convenience and simplicity for users – no hardware to carry around
Simplified management and administration
Balances ease of use, security and cost
Eliminates the cost of hardware deployment
Extends the flexibility of organizations’ security infrastructure by complementing existing hardware solutions
Compatible with SafeNet’s broad range of OTP and certificate-based authenticators allowing you to tailor security solutions to use cases and risk levels
“IDC believes that… soft tokens, …will make rapid gains… in the US, compliance, industry pressure, and cost concerns will result in mostly software-based solutions.”
IDC, 2007