1 / 49

Data Connectors

Data Connectors. HID Global January 2010. Overview: ASSA ABLOY. The worldwide leader in locking solutions Annual revenues of $4.5 billion 150 companies in 40 countries Over 30,000 employees Dedicated to meeting customer needs for safety, security, and convenience. About HID Global.

neo
Download Presentation

Data Connectors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. © 2006. ASSA ABLOY. All rights reserved. Data Connectors HID Global January 2010

  2. Overview: ASSA ABLOY • The worldwide leader in locking solutions • Annual revenues of $4.5 billion • 150 companies in 40 countries • Over 30,000 employees • Dedicated to meeting customer needs for safety, security, and convenience

  3. About HID Global • Part of ASSA ABLOY’s Global Technologies Division • Global leader in solutions for the delivery of secure identity • Award-winning products are used in over 70% of Fortune 1000 companies • The most highly recognized brand in the security industry worldwide • Over 500 million cards and 6 million readers active • Over 1900 employees globally

  4. Our Core Businesses solutions secure identity BUSINESSES APPLICATIONS PRODUCTS

  5. HID Connect Partner Program • PEOPLE • HID Connect Team coordinates worldwide sales and support activity • Annual iNNOVATIONS conferences • PRODUCTS • OEM Reader Modules and Boards • OEM Development Kits • TECHNOLOGIES • HID Prox • Indala Prox • HID iCLASS • PARTNER SOLUTIONS • Time and attendance • Cashless vending • Parking control • Biometrics • Mobile verification • Photo ID printing • Many others • COMPANIES • Over 100 active development partners worldwide • Co-marketing

  6. Primary Markets Government Retail Healthcare Education Corporate • US Gov PIV • EU Parliaments • National ID • Licensing • Corrections • Airports • Passports • Managed Access • Loyalty • Gift Cards • Club Membership • Employee ID • Access Control • Two Factor Authentication • Time & Attendance • Student ID • Library • Debit • Services • Employee ID • Facility Access • Data Access • Time & Attendance • Biometrics • Parking Control Cards Printers Controllers Software Readers

  7. HID Global New Solutions for Secure Identity

  8. Executive Overview • HID on the Desktop™ (HOTD) is a suite of solutions designed to strengthen the overall security of a Microsoft Windows desktop log-on by using Two-Factor Authentication. • Two-Factor Authentication: something the user has (their HID card), and something that the user knows (the PIN associated with that card) • A more secure solution then username/password that is typically used today

  9. Why HID on the Desktop? • Over 500M HID Cards active worldwide • Unique position to add more functionality • Natural extension of security at the door • Already using the card for ID and access • Address a problem that most organizations • deal with on a daily basis • Users already comfortable with card • No need to train on new technology • Easy to deploy • Limited risk 50% of the solution is already in your customer’s hands today!

  10. The Value Proposition Open Doors. HID customers have enjoyed the ease of opening doors with contactless cards for decades Open Doors. Open Windows®. HID customers have enjoyed the ease of opening doors with contactless cards for decades… HID on the Desktop™ brings that same convenience to opening Windows®

  11. HID on the Desktop • Convenient – ATM like transaction for PC logon • Secure – Password replacement solution that enforces two-factor authentication at the desktop • Cost Effective

  12. Current Strong Authentication Landscape • Username and Password • Status Quo – Do nothing • Analysts say that using passwords can cost $ 65 - $ 120 per user, per year • Biometrics • Fingerprint or Facial • Still have not been able to deliver enterprise ready solutions for authentication at a cost effective price point • One Time Password Tokens • $50 to $100 per user • Three Year agreement • Typically used for REMOTE authentication only • PKI using Contact Smart Cards / eTOKEN • PKI based using contact smart card or USB Stick with SIM • $ 50 plus software • Have to carry additional device ( USB Stick or 2nd Card )

  13. HOTD Unique Selling Points Market Focus • When Compliance Matters • HIPAA / HITECH Act • CJIS • Criminal Justice Information System • Shared Workstations • User Roaming • Market Verticals • Healthcare • Manufacturing • Police & Local Government • Energy and Utilities • Colleges and Schools Simple To Deploy Convenient And Easy To Use Compliance Customer Value

  14. HID on the Desktop - Value Proposition • Convenience - Users are able to log-on to their computers more easily • Compliance- When compliance matters for audit, PCI, SOX, HIPAA / HITECH Act • Improved risk management - IT will significantly reduce the probability of a security breach with limited stress on their resources • Security at a low TCO - Companies will have a more secure system with lower investment and low maintenance cost

  15. Physical / Logical Convergence • End users want a single credential that supports both physical and logical access control requirements. • Organizations are seeking: • Meeting Compliance requirements • Minimizing Risk • Increased convenience for end users • A higher level of security • Simplified card management • Overall cost savings

  16. Recent Market Study July 2010

  17. HID Global lead generation HID Global, in conjunction with CSO magazine, is driving awareness in the IT space regarding our converged solutions

  18. The Components The Components • Cards • Prox, iCLASS, MIFARE, DESFire and/or Crescendo cards • Crescendo cards use middleware or a Microsoft mini driver included with the card. • naviGO Software • Provides the management and provisioning of cards used on the desktop. • naviGO is equivalent to access control software that manages and provisions cards used at the door. • Desktop Readers • 125 kHz (Prox Only Readers) • 13.56 MHz (iCLASS Only Readers) • Or Combined Contact/Contactless Readers HID on the Desktop requires only three components: A New Solution for Secure Identity

  19. Microsoft Active Directory The Corporate Environment Microsoft Certificate Authority naviGO Server Microsoft MIIS Web Portal Corporate Network PC or laptop Employee smart card reader smart card reader

  20. Crescendo • Multi-Technology card combines Prox & iCLASS technology with a contact chip • Middleware included • Card transmits digital certificate from trusted CA and validates PIN on card. • If valid, user is logged on using key exchange. • iCLASS • 13.56 MHz cards and tags • Read/Write card uses mutual authentication between the card and the application. • Card validates mutual key and securely transmits serial number, token data and token hash value to the application. • Values are matched with PIN for authentication. The Components • HID Prox • 125 kHz card and tags • Read only card uses unique number to identify user. • Number is combined with a PIN for strong-authentication The Cards HID cards for Physical and Logical Access

  21. HID Technology 101 • Two major contactless technologies • 125 kHz ( HID Prox ) • Legacy • 20 years old • 13.56 MHz ( HID iCLASS ) or ( Mifare or DesFire ) • New industry standards • Always go with iCLASS if they do not have a solution in place • There are some notable differences between how HID technology is used for Physical Security versus Logical Security

  22. Smartcard Technology Contactless 13.56 MHz Chip - iCLASS® - MIFARE® 125 kHz Prox Contactless Chip Contactless Antennae Contact Smart Chip With or without applet

  23. Two Types of Crescendo Cards • MICROSOFT ® – Plug and Play • Supports Microsoft Mini Driver Program • Requires no middleware installation as support is built into Microsoft Operating Systems C200 • Supports PKCS#11 and MSCAPI third-party based applications • Supplied pre-initialized with the required on-card software • No per-seat middleware licenses required C700

  24. Crescendo Summary If an organization decides to implement a Microsoft Certificate Authority based PKI for logical access control, HID’s Crescendo™ smart card delivers the most cost effective, single badge solution, available on the market today. • Off the shelf card, short lead times, low minimum order quantity • Secure – Standards based • Flexible – works with multiple applications • Affordable – Lowest TCO for a single badge multi-technology solution • Replace expensive OTP solutions that provide limited benefits • Works with MS ILM / FIM or HID’s naviGO CMS software • Future Proof your ID Badge

  25. Dell Embedded Reader • HID /Dell partnership delivered the first ever embedded contactless technology in a laptop in 2008 • Dell® Latitude™ E-Family Laptops include 13.56 reader technology in palm rest • Over 3 million in the market to date HID 13.56 MHz Technology Included HID Reader Technology Included E-Series Z-Series

  26. OMNIKEY Readers More specifics in the following slides

  27. Logical Access Readers HID OMNIKEY 3-Series Contact Desktop HID OMNIKEY 4-Series Mobile • Corporate customers • Highly reliable • Easy to install and use • Travelling Business User • High-speed Card Access • Mechanical robust

  28. Logical Access Readers HID OMNIKEY 6-Series USB Dongle Reader HID OMNIKEY 5-Series Contactless Desktop HID OMNIKEY 7-Series Biometric • Corporate customers • Broad contactless standards support • High-speed Card Access • Traveling users • Convenient Dongle Formfactor • Easy to install and use • Corporate customers • Biometric and card integration • Ease of use

  29. HID’s OMNIKEY 3-Series Contact Desktop • One reader for all contact cards • Works with virtually any contact card • No hassle by using different cards • Freedom of choice for the customer on card system • One reader to be used for different applications and cards • Easy integration on PC/SC interface • All drivers are fully PC/SC 2.0 compliant • Standard software can access the reader immediately • Exchange of readers can be easily done without changing the Software • One driver works with all devices of the series • High-Speed Card Access • Supporting fast access to cards • Reduced logon times • Less waiting time before use and low transaction times

  30. HID’s OMNIKEY 4-Series Mobile • One reader for all contact cards • Works with virtually any contact card • No hassle by using different cards • Freedom of choice for the customer on card system • One reader to be used for different applications and cards • Easy integration on PC/SC • All drivers are fully PC/SC 2.0 compliant • Standard software can access the reader immediately • Exchange of readers can be easily done without changing the Software • Robust housing for mobile use • Stainless Steel case • Reader can remain in Notebook • Mechanical stability makes it ideal for long-term mobile use

  31. HID’s OMNIKEY 5-Series Contactless Desktop • Dual-Interface readers for both technologies • Works with virtually any contact and contactless card • No hassle by using different cards • Freedom of choice for the customer on card system • One reader to be used for different applications and cards • Supporting three ISO standards and industry leading technologies in OK5321 • Supports 14443 A+B and ISO 15693 • Best card support with highest possible card speed in standard • NXP MIFARE, HID iCLASS, TI Tag-It, Infineon My-D and NXP iCode support allows one reader for a lot of applications • Supporting HID iCLASS and Prox technology • Only PC/SC compliant reader family that supports HID iCLASS technology and HID Prox technology • Use of physical access credential on the desktop for different applications with OK5321 and OK5325

  32. OMNIKEY 5321CR • Robust waterproof and dustproof casing • Certified IP67 • Stylish design – looks like an • iCLASS, MIFARE, MIFARE Plus, DESFire • Easy to keep clean and sterilize • Healthcare, Clean Rooms • Retail, Hospitality • Manufacturing • Schools OK5321CR 32

  33. HID’s OMNIKEY 6-Series Dongle Reader • Convenient Form-Factor for Mobile use • Small and lightweight, but full featured • Easy to store and carry • Intelligent solutions for card holding • Key ring attachable • Easy integration on PC/SC interface • All drivers are fully PC/SC 2.0 compliant • Standard software can access the reader immediately • Exchange of readers can be easily done without changing the Software • Works with the same driver as the correspondent Desktop readers • High-Speed Card Access • Supporting fast access to cards • Reduced logon times • Less waiting time before use and low transaction times

  34. OMNIKEY 6221 MicroSD • Contact Smartcard reader with USB interface • Supports ISO 7816 Smartcards with T=0, T=1 protocol in SIM-size format • Fast Smart Card interface up to 420kbps • Standard PC/SC 2.0 Driver with Hot Plug Enabler • MicroSD memory card reader • Support MicroSD and MicroSDHC standard of up to 32 GB memory • High-speed USB interface of up to 480Mbps • Supported platforms • Windows 7/XP/Vista/2000 • Windows 2003/2008 Server • Windows CE, Mobile • Linux, MacOS X 10.5 /10.6 (planned) • Other platforms through CCID compliance

  35. OMNIKEY 2061 Bluetooth • With the OMNIKEY 2061 Bluetooth you get a high-performance reader, which allows you to use contact cards without being tied by a cable to your PC-Host or mobile device. This allows convenience for logon while carrying your security badge at all times with the reader

  36. Every Smart Card Application Needs a Reader

  37. naviGO

  38. naviGO Software • Simplifies strong authentication deployments. • Provides the management and provisioning of Prox, iCLASS, MIFARE, DesFire and/or Crescendo cards used on the desktop. • Delivers centralized lifecycle management for cards used for strong-authentication and their associated digital identities. naviGO Benefits • Self-Service for PIN Unblock and Reset • Ease of Use in Enrollment / Provisioning • Centralized Security Policy

  39. Prox / iCLASS on the Desktop naviGO Workstation • naviGO is the password replacement solution that provides faster, easier, and more secure Windows® log-on • Is an ATM-like transaction that uses two-factor authentication (Card and PIN) • Provides Windows authentication with HID Prox, iCLASS, MIFARE or Crescendo Cards • Enables Emergency Access through Knowledge Based Authentication (KBA) • Requires replacement of MS-GINA for Windows XP or a Credential Provider for Vista and Windows 7 Workstation

  40. naviGO User Portal

  41. naviGO User Portal

  42. naviGO Server • Manages and provisions HID Contact and Contactless cards • Benefits to the end-user • Cards can roam between desktops • Allows self-service unblock or reset of PINS • Enables remote access with contactless card (RDP) • Benefits to the IT Security Manager • Supports self-service or attended issuance of two-factor authentication credentials (HID cards of any type) • Can handle contactless, contact or any mixture of card types • Allows centralized management of users and policies • Increases system security with minimal impact to daily operations • Quick and easy to install and use

  43. Server Admin Portal naviGO Admin Portal

  44. Risk Appropriate Authentication Crescendo on the Desktop PKI LEVEL OF SECURITY iCLASS on the Desktop Prox on the Desktop User name & Password CAPABILITY

  45. naviGO Implementation Options Server Server Server Workstation(Standalone) PKI Mixed Environment Standalone Client/Server • Contact (PKI) logon • Managed using naviGO Server • Central policy management • Uses native Windows smart card capabilities • Mixture of Contactless and Contact (PKI) • Managed using naviGO Server • Central policy management • Offers greatest flexibility • Contactless logon • Managed using naviGO Server • Central policy management • Supports roaming & multiple credentials per PC • Contactless logon • Single credential per PC • No management server - standalone deployment • Recommended for lab and demo use BaseCSP and naviGO Drivers for PKI BaseCSP and naviGO Drivers for PKI Client Side Workstation(Client / Server) Workstation(Client / Server) naviGO Workstation Software Not Required Server Side naviGO Server Software Not Required

  46. Closing Thoughts • Password management is not easy nor inexpensive (cheap) • Two-factor authentication ( HID Card plus PIN ) provides greater security and convenience, than a static Active Directory username and complex password • HID on the Desktop allows you to leverage your existing investments to “do more than open the door” • Mix and match technologies (Prox or iCLASS), as needed, for standard desktop users, Crescendo with PKI for Laptops, or for users with higher security needs. • naviGO software ties it all together and offers a migration path from username and password, to contactless, to contact smart cards with PKI

  47. HID on the Desktop Benefits • Simple • Enables an extremely simplified deployment, administration, and use model • Secure • Two-factor authentication (card + pin) eliminates password sharing • Flexible • Offers self-service enrollment with multiple access modes as well as administrator driven policy creation • Scalable • Offers simultaneous support for up to 10,000 concurrent users • Convenient • Provides single means to manage multiple strong authentication methods • Mix contactless and contact cards as needed • Affordable • Leverage existing HID deployed cards. No need to rebadge. New Solutions for Secure Identity

  48. HID on the Desktop Summary • Expand the value of HID cards and tokens to do more than open the door through the delivery of a risk appropriate network access solution for small, medium, and large organizations.

  49. Thank You Questions and Answers

More Related