Ubisecure presentation short

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.

Your Partner in Identity and Access Management

IAM using UbisecureAuthentication, SSO, Federation,

Access control, Authorization and User management

UBISECURE SOLUTIONS, INC.


Ubisecure’s Vision


Ubisecure’s vision

To be the preferred partner in providing authentication and authorization solutions, that enable secure business for the Extended Enterprise.

Extended Enterprise, see e.g. http://en.wikipedia.org/wiki/Extended_Enterprise

The Company

Partner

Partner

Partner

Customer

Customer

Customer

The The ExtendedExtended EnterpriseEnterprise

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.

Ubisecure’s mission

Ubisecure provides authentication and authorization solutions that securely unite partner companies, teams and content.

UNITINGBUSINESS

on theINTERNETSECURELY

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential

UBISECURE SOLUTIONS, INC. Briefly

Ubisecure develops and markets software products for Identity and Access Management (IAM).

The Ubisecure product lines:Ubisecure CustomerID – providing Identity Management and Provisioning of the external users of the EnterpriseUbisecure SSO – providing Authentication and Access Control for Intranet, Extranet and Web ServicesUbisecure Trust – providing Federation for Intranet and Extranet Services

Current primary market area is Finland; Establishing market presence in Sweden;Other selected market areas are being investigated

Target customers are medium to large enterprises and government organizations

Established in 2002, products under development since 1999

Located in Espoo, Finland and Stockholm, Sweden


Excellent Customer Relations is the heart of every company that wants to create profitable and durable relationswith its customers!


Smoothness and agility in creating new Business Concepts and new forms of co-operation is key to success for companies that want to create profitable and durable relations with its Business Partners!


Outstanding Business Performance

29% savings in developing each internet service-29%

500 times more cost efficient to register new customerx500

x100 100 times more cost efficient way to acquire new customer

UBISECURESSO

UBISECURECustomerID

UBISECURETrust


Identities are Assets.

Don’t waste Your opportunity.


Grow your Business.


Effectivemanagement of

external identities

Automated user registration

Ubisecure Product Positioning: Business-Oriented IAM

Your Company

Low threshold foryour company to

developand launch

co-operation with selected

Business Partners

Business partners and Customers

SSOand federation


Business Partners and Customers + Own organizationPublic Cloud + External Cloud + Internal Cloud

YourCompany

External Cloud

Public Cloud

Single Sign-On

Business Partners and Customers

AuthenticationFederationProvisioning

Out-of-band fed.JIT federation

User-driven federationSelf-registrationSelf-registration w. confirmation

Active DirectoryActive DirectoryActive DirectoryActive Directory

Internal Cloud

Own org

User-driven IAM-servicesWorkflow-driven IAM-services

Internal Services

External Services


Customers in various segments

Public sector Industry, trade and service Finance and insurance


Business challenge- Increase customer service- Increase admin efficiency- Reduce paper work- Improve control

CustomersPrivate & Companies

Local Insurance Group

Service 1

Service 2

Service 3

Lokalförsäkring – Improved self services

Local Insurance Group (Lokalföräkring)- The Local Insurance Group is Finland's 5th biggest non-life insurer in terms of premium income.

- Its market share is 9 per cent of Finnish direct insurance income.

- The Group has 545,000 customers and it has responsibility for almost 2 million policies.

- Customers are households, private individuals and SME companies in the expanding countryside and in urban area, especially in service industries. The group is the market leader for farm insurance.

The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!


Service

Integration module

SolutionFunctionality: Self registration service, Delegated rights, Single-Sign-On, Authorization, Role based access, own AD/LDAP

Benefits: Secure and simple access to services 24/7 - Increased revenue

Outsourced identity management

Outsourced and flexible authorization between companies and people.

Reduce customer care costs

Improved customer satisfaction

Centralized audit capabilities of services

Standard based APIs for application integration

Easy and cost efficient deployment with Ubilogin Integration modules

Future: Prepared for business networking (federation)

Service

Service

Service

Integration module

Integration module

Integration module

Full automated self registration service

Local Insurance Group

CustomersPrivate & Companies

Lokalförsäkring – Improved self services

UbisecureSSO

UbisecureCustomerID

Delegating rights/mandates/power of attorney - Private & Company


www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!

Business challenge- Create a flexible means of issuing identities to customers,

organizations or citizens and authenticate them around the services.- Enable government agencies to reduce the cost of supporting

customers at the point-of-service and transfer services to the Internet.

Finnish societyPrivate & Companies

Finnish tax authority

Finnish Tax Authority – eGovernment service at its best

Service

Service

Service

Finnish Tax Authority- Finnish population is app. 5.3 million and the country have app. 370 000 registered companies.

- The Tax Administration collects approximately 2/3 of all taxes and tax-like payments in Finland.

- Business idea: The right tax at the right time. Secure and simple access to services 24/7.

http://www.vero.fi/?domain=VERO_MAIN&path=5


Service

Integration module

SolutionFunctionality: Self registration service, Single-Sign-On, Authorization, Role based

access, Federation, own AD/LDAP

Benefits: 32+ millions transaction and ~760 M€ in savings per year!

Outsourced identity management - Reduced cost per transaction from 50€ to 0.1-0.15€.

More than 80% of the Finnish companies use the service every month.

More then 40% of the Finnish population use the service every month.

Secure and simple access to services 24/7. Effortless tax collection.

Automation of taxation data inflow.

Centralized audit capabilities of services

Outsourced and flexible authorization between companies and people.

Standard based APIs for application integration

Easy and cost efficient deployment with Ubilogin Integration modules

Service

Service

Service

Integration module

Integration module

Integration module

Automated self registration service - Company – Role based and delegating

Finnish tax authority

Finnish societyPublic & Private

UbiloginSSO+

Federation

UbilogineIDM

Finnish Tax Authority – eGovernment service at its best


http://www.vero.fi/?domain=VERO_MAIN&path=5


Case Retail: The Largest Retail Chain in Finland

LoyaltyPortal

Retail company

SAML SP

External authentication services


Corporate IDP(hosted at

Service Provider)

User / Employee

using service

THE CHALLENGES THE SOLUTION THE BENEFITS

User authenticationSecurity with Ease of use Identity provisioning and

role-based access

Corporate Authentication and Federation w External AuthN

Automated Identity provisioning

Role-Based Access Control

Fast deployment of Strong Authentication

alternativesLow threshold to use services

New business concepts multiplying inflow of users

IntranetPortal

SAML SP

ExtranetPortal

SAML SP

Mul

tiple

cor

pora

te p

orta

ls a

nd s

ervi

ces

Thousands of external identitiesMillions of end-users (customers)



Case Itella: Postal and Information logistics services

LogisticsPortal

InformationLogistics company

SAML SP



Corporate IDP(hosted at

Service Provider)

User / Employee

using service


User authenticationSecurity with Ease of use Identity provisioning and

role-based access

Corporate Authentication and Federation w External AuthN

Single Sign-OnDelegated and automated

Identity provisioning

Rapid service roll-out with no individual account provisioning

Low threshold to use secure services

New business concepts multiplying inflow of users

IntranetPortal

SAML SP

ExtranetPortal

SAML SP

Mul

tiple

cor

pora

te p

orta

ls a

nd s

ervi

ces

25 000 internal identitiesThousands of external identities

Millions of end-users (customers)


Case Silta: HR-As-A-Service

HRAs-a-Service

SaaS provider

SAML SP

IAMAs-A-Service



IAM-As-A-Service Provider

User / Employee

using service


User authenticationSecurity, Ease of use and

user acceptance of SaaS service

Intranet authentication +Windows-AD federation

-As-A-ServiceSSO from desktop to services

Rapid service roll-out with no individual account provisioning

Low threshold to use servicesSecure access to SaaS-services alsofrom outside the corporate network

Hundreds of customer organizationsThousands of customer identities


Case eCraft: Collaboration Application-As-A-Service


User authenticationSecurity, Ease of use and

user acceptance of SaaS service

Intranet authentication +Windows-AD federation

-As-A-Service

SSO from the desktop to the cloudAuthorization information securelyZero user account administration

Collaboration AppAs-a-Service

SaaS provider

SAML SP

IAMAs-A-Service


User / Employee

using service


Integrator/Consultancy

Market strategy: The value chain

Ubisecure SaaS Provider

Customer

ProvidesUbisecure SSO and

Ubisecure CustomerIDAs-A-Service

User organization that has internal

apps and services as well as external

services for its external users

(Partners, Customers)

Implements and deploys the Service

in in Customer organization and

configuresUbisecure SSO and

Ubisecure CustomerID in the

customer environment

Develops and provides the

Ubisecure SSO and Ubisecure

CustomerIDproducts


The easy-to-deploy Single Sign-On

and Federation Solution

that provides Extensive Authentication and

Access Control for Intranet, Extranet and

Web Services.

Identify and Authorize.Enable secure business.

UBISECURECustomerID

UBISECURESSO

The identitymanagement solution

that enables outsourcing and delegation of

external user data managementto partners, customers and other

stakeholders.


What problems does Ubisecure Single Sign-On solve?

1. USER AUTHENTICATIONInsufficient or unreliable user authentication

2. SINGLE SIGN-ON Multiple logon to applications during same session +Growing number of user IDs and passwords to memorize

3. APPLICATION-SPECIFIC ACCESS CONTROL Problems and flaws with multiple application-specific access control management and user management

4. KEY SECURITY ISSUES Security issues, e.g. strong user authentication require specialexpertise and experience and are typically difficult and expensive to deploy

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential

What challenges does Ubisecure products solve?

“We needsecure

authenticationfor our

external users!We don’t wantour competitor

to accessour extranet!”

“We wantour partnersto have easy

Single Sign-Onaccess

to our extranetservices from

theirown domains

and their intranets!”

“We want to enable

new business conceptsspeedingup new

customer acquisition and

registration!”

“We wantto get rid of the identity

management hassle

with replication from multiple repositories!”

“We wantefficiency

in managementand accuracy

in accessby enabling delegated

managementof access

information, roles and attributes!”

UBISECURE


A complete set-up as SaaS for the Enterprise

YourCompany

External Cloud

Public Cloud

Single Sign-On

Business Partners and Customers

AuthenticationFederationProvisioning

Out-of-band fed.JIT federation

User-driven federationSelf-registrationSelf-registration w. confirmation


Internal Cloud

Own org

User-driven IAM-servicesWorkflow-driven IAM-services

Internal Services

External Services


Ubisecure SSO is a Liberty Interoperable™ SAML 2.0 Product

The rigorous tests consisted of well-defined use-cases and test procedures

Confirm the security, trustworthiness and the interoperability of Ubilogin products

Proofs the security, flexibility and trust mechanisms also in networks of federated services from different parties

This test process was the technically the most demanding ever and the broadest in terms of use-cases

Many new requirements for the IdPand the SP were defined and tested

Ubisecure SSO passed interoptests in September 2008 as only European product!

Interop program arranged by Liberty Alliance

UBISECURESSO

UBISECURETrust


UBISECURE SSO Authentication Methods

UBIKEYOTP MIDlet

UBIKEYSMS

UBIKEYOTP Printout

2316 53879899 42783320 89876539 84989848 2456

*)

SAML

CallSign

LDAP

*)

Active Directory

Mobile certificate

SQL

WS-Federation

RFID *)Biometric *)

*)

*)

*)

*)

*)

*)

*) Possible to use. Not readily available as Ubisecure SSO option.

Username+

password

One-TimePasswords

SMS-authentication

and others

Certificates, smartcardsand tokens

Operatorservices

Banks’ID-services

Federatedand other

UBISECURESSO

UBISECURETrust


Example of federation

IDP-A

IDP-B

IDP-C

SP-B2

SP-C1

SP-C2

SP-A1

SP-A2

Federation ABC

SP-B1

SP-ABC

UBISECURETrust

This setup requires trust

relationship for SP-ABC with

all IDPsThis IDP-Proxy

setup only requires trust

relationship for SP-A2 with

IDP-A


Federation with Cloud Services

IDP-M

SP-M3

SP-M4SP-M5

SP-M1

SP-M2

UBISECURETrust

Provides SSO user-experience from corporate intranet to all

Cloud-services used


Example of federation with ”The Works”

IDP-A

IDP-B

IDP-C

SP-B1SP-B2

SP-C1

SP-C2

SP-A1

SP-A2

Federation ABC+X

IDP-M+X

SP-M3

SP-M4SP-M5

SP-M1

SP-M2

IDP-RIDP-S

SP-S1

SP-S2

SP-R1

SP-R2

Federation RS+X

UBISECURETrust

Provides SSO user-experience from corporate

intranet to all services used, wherever they are

produced.Identities and well-managed

and used securely.


The CustomerID external identity lifecycle process

Initial registration:Self-service and/or

Delegatedentry of basic info

Identity verification

againstselected

Id-provider

Identity enrichmentusing

internal or externalattribute services/silos

Identity life-cycle management:Self-service

and/or Delegated

1 2 3 … …

UBISECURECustomerID

……

SQLActive DirectoryActive DirectoryActive DirectoryActive Directory

WebServices

www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.

THANK YOU!

Ubisecure Solutions, Inc.

www.ubisecure.com <firstname.lastname>@ubisecure.com

FINLAND: SWEDEN:Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396 FIN-02150 Espoo S-10724 Stockholm

tel. +358-9-2517 7250fax +358-9-2517 7070

Registered in Espoo, Finlandreg. nr. FI1748721-4

Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new online business concepts and speed the growth of existing web-based operations by joining separate sites and services into larger trusted areas. The innovative products allow internet users to flexibly and securely move between online services – without encountering repeated login prompts. Ubisecure maintains an extensive network of partners that offer organizations advice, consulting and technical services; and provides high-level training in secure online business through the widely appreciated Ubisecure IAM Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized identity and access management solutions. For more information, please visit www.ubisecure.com.

Identify and Authorize.Enable secure business.

Ubisecure presentation short

Technology

Transcript of Ubisecure presentation short