eToken Virtual and MobilePASSSoftware Authenticators

Agenda

Software authentication overview

Product portfolio

eToken Virtual

MobilePASS

Market background

Identifying the opportunity

The Highlights

What is Software Authentication? Two-factor authentication solutions that enable secure remote network access and digital

signature functionality without the need for a physical hardware authenticator

Available in a OTP and Virtual Smartcard platform

What can you do with it? Securely access web-based online services and corporate networks (VPN)

Digital signature applications (PKI only)

What makes it an innovation in two-factor authentication? Convenience: no hardware to carry

Management: simplified administration

Reduced TCO: reduced costs associated with hardware provisioning and deployment

Security: two-factor authentication without the need for hardware

Software Authentication

*eToken Virtual only

Authentication Matrix

Hardware vs. Software: Pros and ConsHardware Authenticators Software Authenticators

Usability Must be delivered & deployed

Users need to carry a physical device with them

Increased downtime (can be misplaced, stolen or broken)

Easy to distribute and deploy

Less hassle as does not require additional dedicated device

Less downtime

Security More secure

Enable combined physical proximity (RFID)

More secure than passwords but less secure than a physical authenticator

Don’t comply with the high security standards of an actual smartcard

Less secure than a hardware authenticator

TCO More costly per device

Deployment & operational expenses

Affordable - Lower TCO than physical authenticators

Software Authentication Product Portfolio

Software Authentication Solutions

eToken Virtual Certificate-based two-factor software authentication security solution

which provides full public key cryptographic functionality such as secure remote access, network access and digital signing

MobilePASS OTP two-factor software authentication that offers the convenience of

one-time passwords generated on your mobile device, PC or portable storage device

NEW! NEW! Virtual smartcard with full PKI functionality

Software PKI-Based Strong Authentication on PC / Removable Drives

Applications Secure remote access

Network access

Digital signing

Virtual Smartcard – functions like a hardware authenticator

SSO

PC security

The Solution: eToken Virtual

eToken Virtual Security Features

AES Encryption: Keys & certificates are securely created and stored in eToken Virtual

Device Locking: eToken Virtual contents are locked at time of provisioning to a specific storage device or PC

Policy Data Signing: Enforces password complexity according to organizational policies

Memory Protection: Prevents content being written to disk

Key Deletion: private data is replaced by random data and rewritten to disk to ensure no trace remains

“Given most users’ aversion to passwords, coupled with the inability to remember more than a few without writing them down, IDC believes that solutions such as soft tokens, certificates, one-time passwords, and hardware-based tokens will make rapid gains.”

IDC - Worldwide Identity and Access Management 2007- 2011 Forecast and 2006 Vendor Shares

eToken Virtual Technical Specifications

Management: eToken TMS 5+ Security Application: eToken PKI Client 5+ Operating Systems:

Windows: XP, Vista, Windows Server 2003 & 2008 (32-bit and 64-bit)

Mac* OS X 10.4 (Tiger), 10.5 (Leopard)

Linux distributions*: CentOs 5.2 (32-bit and 64-bit), Red Hat 5.2 (32-bit and 64-bit), Ubuntu 8.04 (32-bit), Fedora Core 9 (32-bit), SUSE 10.3 (32-bit)

eToken Virtual Deployment– Administrator Use Case

12

eToken Virtual – User Enrollment Use Case

13

NOTE: NOTE: Admin Rights Required for eToken PKI Client Installation

Use Case: Check Point VPN Network Access

1. User logs into computer and connects via VPN to corporate network

4. Secure connection is established

2. eToken Virtual requests user’s credentials

eToken Virtual

3. eToken Virtual validates credentials

The Solution: MobilePASS OTP passwords generated on Windows

desktops or mobile devices

Applications Remote Access

VPNs

Terminal Server

Citrix applications

Outlook Web Access and other web-based applications including customer-facing online services such as banking, education portals and health care

“Phone-based authentication tokens [are] becoming increasingly popular, and we predict that 50 percent of future two factor authentication implementations will use phone-based tokens.“

Ant Allen, Gartner AnalystUser Authentication Beyond the Password, June 2008

The Solution: MobilePASS

Supported Platforms

Windows Desktop

BlackBerry

Windows Mobile

Java ME

Smartphone

SMS & email delivery - (with SafeWord 2008 and SafeWord ESP only)

Management eToken TMS

SafeWord 2008 with SafeWord ESP Note: MobilePASS appears under the name SoftOTP in the current eToken TMS 5.0 CA release. The name will be

updated to MobilePASS in the upcoming eToken TMS 5.1 GA release.

MobilePASS – Overview (cont.)

For Mobile Devices MobilePASS turns your mobile phone into a strong authentication device.

When you log in to your secure network from your laptop or PC, the quick-launch on your mobile phone will generate the one-time password you use to complete your login.

For Windows Desktop & Portable Storage Devices MobilePASS for Windows Desktops allows you to generate one-time-

passwords on your Windows desktop through a locally installed OTP application or on portable storage devices. Users simply generate a one-time password from their desktop and use it to log on securely to the desired application.

17

MobilePASS – Enrollment and Usage eToken TMS and MobilePASS license are acquired by the

company to enable OTP using software authenticators.

Administrator enrolls MobilePASS authenticator for the user in the TMS Manage.

The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc..

The user installs the MobilePASS software.

The user enters the activation code and activates the software.

OTP is generated using the received PIN.

Using the OTP, the user logs on.

Use Case: Secure Access to Financial Portal with MobilePASS

Software Authenticator Management

eToken TMS enables full life cycle management

Including TMSservice - End-user portal

The End-user site enables tasks such as: Enroll a new authenticator

Update the content of an enrolled authenticator

Change/Reset eToken password

Disable/Enable an eToken

Replace a Lost/Damaged authenticator (including revocation)

Manage OTP authenticator including MobilePASS

Enroll eToken Virtual and eToken Virtual Temp

Additional software solutions using TMS:

eToken Virtual Temp

Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator

For each authentication, the user can enrol one temporary virtual authenticator.

eToken Rescue

Users who lose their authenticators can create an eToken Rescue authenticators (default expiration 1 month, max 3 months)

Market Background

Market Drivers Need for an alternative to physical authenticators

Ease of use and convenience for end users

Lower TCO for management and deployment

Expansion of online Web services Education

Healthcare

Financial services

Extension of enterprise services Partner portals

VPN access

Digital signing

Need to address risk and compliance

“Number of crimeware websites surge in largest jump ever in Dec. 2008” Anti-phishing Working Group

The Mobile Authentication Market

Source: Based on data from IDC, Mobile Security Device Market, March 2008

Target Markets

B2C and B2B organizations that are interested in providing secure access and digital signing capabilities to customers, partners and employees

Solution Remote Access Digital Signing

Enterprise

Out-the-box

Online services

Identifying the Opportunity Deployment

Organizations who want to implement two-factor authentication but don’t want the constraints of hardware deployment or that are cost sensitive to the costs associated with hardware deployment

Security Organizations who want to implement two-factor authentication but do not necessarily need the

full security of a hardware-based solution

Digital signing Organizations that already have authentication solutions in place but who want to add digital

signing capabilities for specific users

Consumer-facing Consumer or B2C deployments where user convenience is crucial and hardware deployment is

too costly

Flexibility Organizations that want to add more flexibility to their existing authentication infrastructure

Key Selling Points

Convenience and simplicity for users – no hardware to carry around

Simplified management and administration

Balances ease of use, security and cost

Eliminates the cost of hardware deployment

Extends the flexibility of organizations’ security infrastructure by complementing existing hardware solutions

Compatible with SafeNet’s broad range of OTP and certificate-based authenticators allowing you to tailor security solutions to use cases and risk levels

“IDC believes that… soft tokens, …will make rapid gains… in the US, compliance, industry pressure, and cost concerns will result in mostly software-based solutions.”

IDC, 2007

Thank You

www.aladdin.comwww.safenet-inc.com