300 likes | 435 Views
Smart Card meets Identity & Access Management – The key to your security. CeBIT 2004. A modular HiPath Portfolio. optiClients, optiPoints & Portals. Business Applications. Business Applications. HiPath MetaDirectory HiPath SIcurity HiPath MetaManagement & QoS. HiPath MobileOffice.
E N D
Smart Card meets Identity & Access Management –The key to your security CeBIT 2004
A modular HiPath Portfolio optiClients, optiPoints & Portals Business Applications Business Applications HiPath MetaDirectory HiPath SIcurity HiPath MetaManagement& QoS HiPath MobileOffice HiPath ComScendo Other Applications HiPath OpenScape HiPath ProCenter HiPath Servers & Gateways HiPath Services HiPath is a comprehensive portfolio of modular, multi-function software, services and supporting hardware.
A modular HiPath Portfolio optiClients, optiPoints & Portals Business Applications Business Applications HiPath MetaDirectory HiPath SIcurity HiPath MetaManagement& QoS HiPath MobileOffice HiPath ComScendo Other Applications HiPath OpenScape HiPath ProCenter HiPath Servers & Gateways HiPath Services HiPath is a comprehensive portfolio of modular, multi-function software, services and supporting hardware.
HiPath SIcurity in the Modular HiPath Portfolio Security Analysis and Consulting Smart Card-Based Solutions HiPath SIcurity It’s all right to laugh for who is allowed in The first step is always security HiPath SIcurity Solutions Identity & Access Management Netzwerk & System Security Protected in networks Only Mr. Right is welcome
Why Siemens? Smart Card-Based Identity Management One smart card as unique ID card for all of your IT and communication applications
ChallengesSmart Card-Based Identity Management One solution for several applications Cost-effective processes Ease-of-use Up-to-date data Security
Challenges and Benefits forSmart Card-Based Identity Management Multifunctional Smart Card Several applications Cost reduction and fast RoI Accelerated business processes Cost-effective processes User-friendly solution Ease-of-use Central user rights management, high availability Up-to-date data Secure processes, state-of-the art security solutions Consistent security
HighlightsSmart Card-Based Identity Management • A smart card as multifunctional ID card for all IT and communication applications • A smart card replaces all functions of existing island solutions for different access and security mechanisms, e.g. SecurID Token, transponder, passwords and more • Siemens is the most competent general contractor for large-scale smart card projects – from smart card and security infrastructure to smart card applications andintegration into existing systems • Siemens is your partner to talk to for the entire project.
Decisive Factors for Value-Add Optimal security • Protection of confidential information against unauthorized access • Secure and confidential communications • Secure identification of your communication partner • Consistent strong protection of business processes Enhanced efficiency • High degree of process automation • Acceleration of your business flows • Integration into existing processes and infrastructures
Economy Reduce capital costs Reduce operati-onal costs Increase poduc-tivity PayBack Protection of confidential information against misuse Information security Central Identity Management Up-to-date data Automation of your IT processes Process acceleration Integration into existing infrastructures Investment protection HiPath Business Case Builder: Planning in a secure and transparent manner
HiPath Services: Global Customer centric One Stop Shopfor Real Time Communications Services HiPath Professional Services • We offer you Security Services for value added • Risk Analysis • Design workshops for customizing solutions Implementation workshop • Implementation workshop • Administrator and employee trainings Customer HiPath Lifecycle Services • Installation and Commissioning • Maintenance and related Services • Channel Services • Disassembly and Recycling • Training HiPath Managed Services • Enterprise Network Operations • Managed Security Services • Help Desk Services • Business Continuation Services • Network Application Services
Infrastructure • Central data management and provisioning using a Metadirectory • Integration of a Public Key Infrastructure • Production of personal smart cards Applications • PC access with Personal certificate • Email encryption & signature • Signature of documents Solution Info Portal - Our OfferingSmart Card-Based Identity Management Lösung Siemens Products Application Scenario Examples for Every-Day Applications
HiPath SIcurity CardOS Certified smart card • operating system for • corporate badge and • ID Card projects • HiPath SIcurity Card Maker Secure, high-performance • smart card personalization system • HiPath SIcurity Card API Standard crypto interface • for using certificate-based applications using the smart card • HiPath SIcurity Identity & Access Management Identity Management solutions one-stop shopping including authentication and authorization Siemens Products Info Portal - Our OfferingSmart Card-Based Identity Management Solution Siemens Products Application Scenario Examples for Every-Day Applications
Entering a user into the Directory Generating the identity and distribution to target systems / provisioning Personalization of the smart card with certificate Application Scenario Using the smart card for various applications Info Portal - Our OfferingSmart Card-Based Identity Management Solution Siemens Products Application Scenario Examples for Every-Day Applications
Corporate ID Card Health Professional Card Examples for Every-Day Applications Campus Card Info Portal - Our OfferingSmart Card-Based Identity Management Solution Siemens Products Application Scenario Anwendungen im Alltag
Practical Scenario –Smart Card-Based Identity Management Process In thecorpo-rate directory a data record is generated for the user (identity) The identity is synchronized in the distribu-ted IT systems Personal-lization is performed based on the guaranteed identity Personalization on smart card Meta Directory Synchronization Secure PC Logon Secure Email Digital Signature Remote LAN Access Employee can use applications:
Interface to PKI applications Smart Card operating system HiPath SIcurity CardOS Smart Card Persona-lization PKI Chip Directory Smart Card-Based Identity Management PC Logon Public Key Infrastructure Signature HiPath SIcurity Card Maker (Documents) HiPath SIcurity Card API Email Security HiPath SIcurity Identity Management
HiPath Security Products in the - Practical scenario - HiPath SIcurity CardOS Certified smart card operating system for corporate badge and ID card projects HiPath SIcurity Card Maker Secure, high performance smart card personalization system HiPath SIcurity Identity & Access Mgt. Identity Management solutions one-stop-shopping including Authentication and authorization HiPath SIcurity Card API Standard crypto-interface for using certificate-based applications based on smart cards
HiPath SIcurity Card Maker Bell ID HiPath SIcurity Card Maker VPS Data Siemens SIPORT Card management database Database of CA* Secure, high-performance smart card personalization system Entrust CA Microsoft CA Guardeonic CA • Features • Personalization of smart cards with contact-based (optionally also contact-free) chips in ONE step • Writing security-relevant data onto the smart card for a number of applications such as e-mail encryption and building access control • Import of user information from existing database systems • Integration for many CAs* and card management systems • Customer Benefits • Flexible integration in various smart card management systems • Interoperability with any relevant customer environment • Complete, fast personalization of corporate badges in ONE step and subsequent immediate use • Post-personalization of smart cards already issued for new applications * Certificate Authority
HiPath SIcurity CardOS Certified smart card operating system for corporate card and ID card projects HiPath SIcurity CardOS Card • Customer Benefits • Fast implementation of the operating system in standard environments • Yet flexibility due to fast modifications to or extensions of the existing functionality • Multi-functionality: one card supports various applications • Storage of security-sensitive data (keys, certificate) on a hardware token protected against spoofing • Features • Compatibility with international standards (ISO 7816) and certification as per ITSEC E4-high (German law on digital signatures) • Separate management of applications due to hierarchically structured file system • Comprehensive management of access rights • Clearly structured, modular system architecture, extensible by functions and algorithms
HiPath SIcurity Card API Card API* Applications with HiPath SIcurity CardOS PKCS#11 Module Signature ofDocuments Standard crypto interface to use certificate-based applications PC access Access to procedures Crypto Service Provider (CSP) Secure E-Mail Remote access (RLA) / encryption (VPN) • Features • Interface between hardware token with HiPath SIcurity CardOS and applications using crypto functions such as browsers and secure mail • Parallel provision of the common crypto- interfaces (PKCS#11, Microsoft CSP) • Using the same keys and certificates on one token using PKCS#11 as well as Microsoft CSP • Customer Benefits • Comfortable use of the same keys / certificates using several interfaces and in several applications • Simplified integration in various scenarios through a standard interface • Uniform connection of all certificate-based applications to the hardware token * Application Programming Interface
Policies Rules When? HiPath SIcurity - DirX Solutions Identity & Access Management What? Rolls Rights Access to what? Employee Partner IT systems Resources Applications Who? Customer • Customer Benefits • DirXmetahub • Investment protection for existing systems • Standardization of processes, applications und infrastructures of information & communications DirXmetaRole • Fastest possible, automated assignment of access rights for internal and external users • Fastest possible reaction to new or changed access rights • Features • DirXmetahub • Consistent, standardized data for users and applications • Strongly enhanced quality and up-to-dateness of data DirXmetaRole • Drastic reduction of efforts for access right management • Standardized top level security control for administrators due to compatibility with the standard RBAC (Role-Based Access Control)
Examples for Every-Day Applications- Corporate ID card - 09:00 h Access to the company’s parking lot and the office 09:10 h Time logging Authentication for starting PC and further PC applications 09:15 h 12:00 h Paying for lunch at the canteen Leaving the company grounds to visit customers 13:00 h Setting up a protected connection to the corporate network from the customer’s 14:00 h Signing a proposal in PDF format directly at the customer’s 15:00 h 16:00 h Access to the company’s parking lot and the office Mailing an encrypted revised concept design to the customer 17:30 h Travel expenses are accounted for via an Intranet portal using digital signature 18:00 h 19:00 h Time logging when leaving the office
Examples for Every-Day Applications - Health Care - Access to the doctors’ parking lot 08:00 h Access to the doctors’ office 08:15 h Access to special wards such as newly born child unit and laboratory 08:30 h Authentication at the PC and access to patients’ data 09:00 h Authentication towards a knowledge database for physicians 09:30 h Setting up a VPN connection for consulting a specialist 11:00 h 12:00 h Paying for lunch at the canteen Signing a diagnosis before storing it 14:00 h Encrypted mailing of the diagnosis to the practitioner 14:15 h . . .
Examples for Every-Day Applications- Campus Card - Card is issued upon registration Enrolling for the term and for the disciplines chosen Paying tuition fees, copy jobs, fines for late payments and meals at the students’ restaurant using the smart card Making online reservations for books following successful authentication Digitally signing and submission of term papers Signing up for exams and inquiring about the results online Encoded data exchange in case of studies performed externally in companies Remote access to centrally stored contents
Customer ReferencesHiPath SIcurity Smart Card - Solutions Industry & Automobile Financial Services Telecommunications Government Authorities
Resilience in Communications The modular HiPath architecture creates a resilient and cost-effective communication environment that facilitates heightened business productivity and efficient business processes
HiPath Customer Value Security Individuals Productivity Customers Partners Workgroups OpEx Capex Management Enhance Business Productivity at All Levels by Optimizing Communication Among Individuals, Workgroups, Partners & Customers.
Enterprise solutions contribute to Lifeworks Concept Consumer LifeWorks Carrier Enterprise LifeWorks is our concept for the business communication. It links enterprise networks with carrier networks and makes the applications that run on the enterprise network available everywhere.
LifeWorks Concept:Unified Domain, Unified User Experience Unified Domain Central Office/ Data Center Cellular WAN PSTN VPN Survivable Media Gateways Mobility Client IP Client Unified User Experience Mobile Worker Home Office Branch Office Headquarters