280 likes | 759 Views
eToken Virtual and MobilePASS. Software Authenticators. Agenda. Software authentication overview Product portfolio eToken Virtual MobilePASS Market background Identifying the opportunity. The Highlights. What is Software Authentication?
E N D
eToken Virtual and MobilePASS Software Authenticators
Agenda • Software authentication overview • Product portfolio • eToken Virtual • MobilePASS • Market background • Identifying the opportunity
The Highlights • What is Software Authentication? • Two-factor authentication solutions that enable secure remote network access and digital signature functionality without the need for a physical hardware authenticator • Available in a OTP and Virtual Smartcard platform • What can you do with it? • Securely access web-based online services and corporate networks (VPN) • Digital signature applications (PKI only) • What makes it an innovation in two-factor authentication? • Convenience: no hardware to carry • Management: simplified administration • Reduced TCO: reduced costs associated with hardware provisioning and deployment • Security: two-factor authentication without the need for hardware
Software Authentication *eToken Virtual only
Software Authentication Solutions • eToken Virtual • Certificate-based two-factor software authentication security solution which provides full public key cryptographic functionality such as secure remote access, network access and digital signing • MobilePASS • OTP two-factor software authentication that offers the convenience of one-time passwords generated on your mobile device, PC or portable storage device
The Solution: eToken Virtual NEW! Virtual smartcard with full PKI functionality • Software PKI-Based Strong Authentication on PC / Removable Drives • Applications • Secure remote access • Network access • Digital signing • Virtual Smartcard – functions like a hardware authenticator • SSO • PC security
eToken Virtual Security Features • AES Encryption: Keys & certificates are securely created and stored in eToken Virtual • Device Locking: eToken Virtual contents are locked at time of provisioning to a specific storage device or PC • Policy Data Signing: Enforces password complexity according to organizational policies • Memory Protection: Prevents content being written to disk • Key Deletion: private data is replaced by random data and rewritten to disk to ensure no trace remains “Given most users’ aversion to passwords, coupled with the inability to remember more than a few without writing them down, IDC believes that solutions such as soft tokens, certificates, one-time passwords, and hardware-based tokens will make rapid gains.” IDC - Worldwide Identity and Access Management 2007- 2011 Forecast and 2006 Vendor Shares
eToken Virtual Technical Specifications • Management: eToken TMS 5+ • Security Application: eToken PKI Client 5+ • Operating Systems: • Windows: XP, Vista, Windows Server 2003 & 2008 (32-bit and 64-bit) • Mac* OS X 10.4 (Tiger), 10.5 (Leopard) • Linux distributions*: CentOs 5.2 (32-bit and 64-bit), Red Hat 5.2 (32-bit and 64-bit), Ubuntu 8.04 (32-bit), Fedora Core 9 (32-bit), SUSE 10.3 (32-bit)
eToken Virtual Deployment– Administrator Use Case Administrator enrolls eToken Virtual for a specific user from the TMS Manage. The only supported use case is enrollment to a removable flash device: • eToken TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators. • eToken TMS is installed and all the required connectors are configured to enable eToken Virtual usage. • Administrator plugs in the user portable device and starts the enrollment process from the TMS Manage web site. • eToken Virtual is created on the portable device, locked and set with the initial user password. • Notification is sent to the user with the eToken Virtual password. • User receives the device and can use it for the authentication.
eToken Virtual – User Enrollment Use Case User accesses the TMS Service web site and enrolls eToken Virtual: • TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators. • TMS is installed and all the required connectors are configured to enable eToken Virtual usage. • User enters TMS Service web site to enroll eToken Virtual. • eToken Virtual is created on the user computer, locked and set with the user password OR user can enroll the eToken Virtual to a portable drive, based on the TMS TPO settings, configured by the administrator. • User can use the eToken Virtual for the authentication. NOTE: Admin Rights Required for eToken PKI Client Installation
Use Case: Check Point VPN Network Access • User logs into computer and connects via VPN to corporate network 2. eToken Virtual requests user’s credentials 3. eToken Virtual validates credentials 4. Secure connection is established eToken Virtual
The Solution: MobilePASS • OTP passwords generated on Windows desktops or mobile devices • Applications • Remote Access • VPNs • Terminal Server • Citrix applications • Outlook Web Access and other web-based applications including customer-facing online services such as banking, education portals and health care “Phone-based authentication tokens [are] becoming increasingly popular, and we predict that 50 percent of future two factor authentication implementations will use phone-based tokens.“ Ant Allen, Gartner AnalystUser Authentication Beyond the Password, June 2008
The Solution: MobilePASS Supported Platforms • Windows Desktop • BlackBerry • Windows Mobile • Java ME • Smartphone • SMS & email delivery - (with SafeWord 2008 and SafeWord ESP only) Management • eToken TMS • SafeWord 2008 with SafeWord ESP • Note: MobilePASS appears under the name SoftOTP in the current eToken TMS 5.0 CA release. The name will be updated to MobilePASS in the upcoming eToken TMS 5.1 GA release.
MobilePASS – Overview (cont.) For Mobile Devices • MobilePASS turns your mobile phone into a strong authentication device. When you log in to your secure network from your laptop or PC, the quick-launch on your mobile phone will generate the one-time password you use to complete your login. For Windows Desktop & Portable Storage Devices • MobilePASS for Windows Desktops allows you to generate one-time-passwords on your Windows desktop through a locally installed OTP application or on portable storage devices. Users simply generate a one-time password from their desktop and use it to log on securely to the desired application.
MobilePASS – Enrollment and Usage • eToken TMS and MobilePASS license are acquired by the company to enable OTP using software authenticators. • Administrator enrolls MobilePASS authenticator for the user in the TMS Manage. • The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc.. • The user installs the MobilePASS software. • The user enters the activation code and activates the software. • OTP is generated using the received PIN. • Using the OTP, the user logs on.
Software Authenticator Management • eToken TMS enables full life cycle management • Including TMSservice - End-user portal • The End-user site enables tasks such as: • Enroll a new authenticator • Update the content of an enrolled authenticator • Change/Reset eToken password • Disable/Enable an eToken • Replace a Lost/Damaged authenticator (including revocation) • Manage OTP authenticator including MobilePASS • Enroll eToken Virtual and eToken Virtual Temp
Additional software solutions using TMS: • eToken Virtual Temp • Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator • For each authentication, the user can enrol one temporary virtual authenticator. • eToken Rescue • Users who lose their authenticators can create an eToken Rescue authenticators (default expiration 1 month, max 3 months)
Market Drivers • Need for an alternative to physical authenticators • Ease of use and convenience for end users • Lower TCO for management and deployment • Expansion of online Web services • Education • Healthcare • Financial services • Extension of enterprise services • Partner portals • VPN access • Digital signing • Need to address risk and compliance “Number of crimeware websites surge in largest jump ever in Dec. 2008”Anti-phishing Working Group
The Mobile Authentication Market Source: Based on data from IDC, Mobile Security Device Market, March 2008
Target Markets B2C and B2B organizations that are interested in providing secure access and digital signing capabilities to customers, partners and employees
Identifying the Opportunity • Deployment • Organizations who want to implement two-factor authentication but don’t want the constraints of hardware deployment or that are cost sensitive to the costs associated with hardware deployment • Security • Organizations who want to implement two-factor authentication but do not necessarily need the full security of a hardware-based solution • Digital signing • Organizations that already have authentication solutions in place but who want to add digital signing capabilities for specific users • Consumer-facing • Consumer or B2C deployments where user convenience is crucial and hardware deployment is too costly • Flexibility • Organizations that want to add more flexibility to their existing authentication infrastructure
Key Selling Points • Convenience and simplicity for users – no hardware to carry around • Simplified management and administration • Balances ease of use, security and cost • Eliminates the cost of hardware deployment • Extends the flexibility of organizations’ security infrastructure by complementing existing hardware solutions • Compatible with SafeNet’s broad range of OTP and certificate-based authenticators allowing you to tailor security solutions to use cases and risk levels “IDC believes that… soft tokens, …will make rapid gains… in the US, compliance, industry pressure, and cost concerns will result in mostly software-based solutions.” IDC, 2007