• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
DSS ITSEC Conference 2012 - VASCO - Tech 2.0
 

DSS ITSEC Conference 2012 - VASCO - Tech 2.0

on

  • 644 views

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Presentation from Riga, Latvia. "Data Security Solutions" Ltd. ITSEC Conference.

Statistics

Views

Total Views
644
Views on SlideShare
644
Embed Views
0

Actions

Likes
0
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    DSS ITSEC Conference 2012 - VASCO - Tech 2.0 DSS ITSEC Conference 2012 - VASCO - Tech 2.0 Presentation Transcript

    • Strong Authentication … … in details Kuznetsov Alexander Technical Account Manager© 2012 - VASCO® Data Security
    • VASCO Core Activities© 2012 - VASCO® Data Security
    • Overview DIGIPASS DIGIPASS Go Range DIGIPASS E-signature DIGIPASS Reader DIGIPASS for Mobile DIGIPASS Nano Virtual DIGIPASS DIGIPASS for Web DIGIPASS PKI DIGIPASS for Windows© 2012 - VASCO® Data Security 3
    • Evolution of Authentication DevicesSecurity Level WYSIWYS Meaningful user prompts Electronic MitM with Social Engineering signature MitM Time-based OTP Phishing Pharming Keyloggers Virtual keyboards Static Counter-based Passwords OTP Sophistication Level of Attacks © 2012 - VASCO® Data Security Federal Reserve Briefing 4
    • Evolution of Authentication platforms Security Ease Cost of Use Flexibility© 2012 - VASCO® Data Security 5
    • VASCO Software DIGIPASS DIGIPASS Go Range DIGIPASS E-signature DIGIPASS Reader DIGIPASS for Mobile DIGIPASS Nano Virtual DIGIPASS DIGIPASS for Web DIGIPASS PKI DIGIPASS for Windows© 2012 - VASCO® Data Security 6
    • Market leader: Digipass for Mobile 4.0Dedicated authentication application in your mobile device Focus: Strong Security! Weak PIN detection, Device Binding, Time+Event Based© 2012 - VASCO® Data Security
    • DP 4 Mobile: why?  Easy to integrate  Included web samples  Easy to deploy  Three provisioning options  Easy to use  Intuitive graphical user interface  Easy to customize  Use your own colors and logos for Mobile© 2012 - VASCO® Data Security 8
    • Supported Mobile Platforms  Android OS 2.2 and later  iOS 4.1 and later  BlackBerry OS 5.0 and later  MIDP2 compatible devices  Windows Mobile / Phone© 2012 - VASCO® Data Security 9
    • DP 4 Mobile Editions  Standard  Fully customizable  Customer responsible for provisioning process  Enterprise  Not customizable  Only authentication  3DES, Time Based, Decimal 2  VASCO responsible for provisioning process© 2012 - VASCO® Data Security 10
    • Step 1: Software Package Download Enterprise Server HTTP download + HTTP download + HTTP download + Local Install + Local Install + Local Install© 2012 - VASCO® Data Security 11
    • Step 2: Activation Modes  Offline activation  QR code activation  Online activation© 2012 - VASCO® Data Security 12
    • Offline Activation DIGIPASS Serial Number Activation Code (21 Digits) Reactivation Password + Local PasswordDIGIPASS Serial NumberActivation CodeReactivation Password © 2012 - VASCO® Data Security 13
    • QR Activation© 2012 - VASCO® Data Security 14
    • Online Activation Identifier + Autorization Code + Nonce 3 4 Encrypted Full Activation Data = (Encrypted with activation password) AAL2GenActivationCodeXErc Static VectorAAL2GenActivationDataRndKey + Serial Number Suffix + Activation Code + Reactivation Counter + Nonce 1 2 Generate Nonce Identifier Authorization Code Activate with Activation Password 5 activation password © 2012 - VASCO® Data Security 15
    • Step 3: OTP Post Activation Response 2 1 OTP AAL2VerifyPassword© 2012 - VASCO® Data Security 16
    • Post Activation Device Binding Response 2 3 Serial Number + Derivation Code AAL2DeriveTokenBlobs 1 Platform Finger PrintCan also be done offline© 2012 - VASCO® Data Security 17
    • Full Picture© 2012 - VASCO® Data Security 18
    • DP4Mobile – Challenge/Response© 2012 - VASCO® Data Security
    • DP4Mobile - QR Challenge/Response© 2012 - VASCO® Data Security
    • Customization: Mobile Provisioning …© 2012 - VASCO® Data Security 21
    • Customization: Post Activation© 2012 - VASCO® Data Security 22
    • Customization: Mobile Settings© 2012 - VASCO® Data Security 23
    • Customization: Multilanguage  One XML file per language  CustomizationToolinputxml  Can also be used for #looks© 2012 - VASCO® Data Security 24
    • Test your Digipass for Mobile Already now, go get your DIGIPASS at: http://dp4mobile.demo.vasco.com/dp4mobile/© 2012 - VASCO® Data Security
    • DIGIPASS SDK: Software engine DIGIPASS SDK  J2ME (Java, BlackBerry)  iPhone OS (Objective C)  WindowsMobile 5.0+ / Windows Phone  Symbian OS (2nd to 5th editions)  Android Integration partners  Clear2pay, Monext, Lemonway  mFoundry  FundTech … Banking applications  HSBC  GarantiBank  Alfa-Bank © 2012 - VASCO® Data Security 26
    • DIGIPASS: The building blocks A Generated code Secret That changes DIGIPASS User Encryption Storage Time Event Challenge Interface Algorithm Parameters Secret Is Protected Encryption Algorithm Time Human Readable Truncation By VASCO© 2012 - VASCO® Data Security 27
    • The same concept on a different platform DIGIPASS DIGIPASS Communication Platform Interface X User User Encryption Encryption Storage User UserEncryption Storage Storage Interface Interface Algorithm Algorithm Parameters Interface Interface Algorithm Parameters Static Vector Secret Secret Dynamic Vector Core Time Shift Time Time DIGIPASS SDK Time Application By VASCO By VASCO© 2012 - VASCO® Data Security 28
    • Software DIGIPASS: Secure Platform© 2012 - VASCO® Data Security 29
    • Software DIGIPASS: Platform Scoring Jail broken? Infected? Location? Behavior?© 2012 - VASCO® Data Security 30
    • Software DIGIPASS: Application Security True Random Key generation Secure Key provisioning Application Signing & Obfuscation Slow Encryption Function Device Binding External Audit© 2012 - VASCO® Data Security 31
    • Software DIGIPASS: Native Integration© 2012 - VASCO® Data Security 32
    • DIGIPASS NANO: Secure Component© 2012 - VASCO® Data Security 33
    • Digipass Nano More Security More Convenience SIM Toolkitmenu Test your DPNANO sample at http://dpnano.demo.vasco.com© 2012 - VASCO® Data Security 34
    • Intel IPT: Integrated DIGIPASS in your PC© 2012 - VASCO® Data Security Federal Reserve Briefing 35
    • Intel IPT drivers  Hardware security level  Regular password logon experience  No shipping!  Central provisioning  Large penetration potential© 2012 - VASCO® Data Security 36
    • Digipass for Web + Intel IPT DP4Web applet: • Activation through VASCO • Generate OTP • Generate e-signature • Supported by all VASCO server solutions© 2012 - VASCO® Data Security 37
    • VASCO Server Side offering© 2012 - VASCO® Data Security 38
    • VASCO Identikey Server Single point of Authentication Custom web applications Hardware Citrix, OWA, etc. Software Smart VPN, SSLVPN, Firewall, etc. Cards© 2012 - VASCO® Data Security
    • Functional architecture Front-End Integration Customer Web Applications Web-based Administration Command • User & DIGIPASS Line TCL Administration • Reporting Apache Tomcat Webserver SOAP SEAL SOAP IIS Web Applications Back-End SEAL Authentication RADIUS RADIUS RADIUS Client LDAP via Windows API SEAL via Custom API ODBC LDAP/LDAPS Domain Login Active Directory Users & PostgreSQL AD Computers Database Directory© 2012 - VASCO® Data Security
    • Identikey Server features Authentication and e-signature validation Server  Strong authentication validation  Transaction data signing – e-Signature  DIGIPASS Family ready (including SMS) Policy based authentication  Different policy for each application  Automatic creation of users  Auto-assigning of the DIGIPASS to the User Easy to Integrate in your front-end application  RADIUS protocol (Authentication)  SOAP protocol – Web-services  SAML protocol – Federation authentication High-availability and scalability model  Load balancing (primary and backup servers)  DB availability control service© 2012 - VASCO® Data Security 41
    • Identikey Server features Centralized Web-based administration interface  DIGIPASS & User management  Domains & Organizational units  Policy management  Application management  System management Delegated administration  > 80 Different administrative priveleges Reporting capabilities  28 standard reports available  Custom reports Admin access can be protected by OTP System and performance monitoring capabilities Fully PCI-DSS compliant© 2012 - VASCO® Data Security 42
    • DIGIPASS Authentication for Windows Logon• DAWL features: • Offline authentication (up to 30 days) • Force OTP • Password Randomization • PSM – Password Synchronization Manager ` • DCR – Dynamic Client Registration • DNS reverse Lookup • Terminal Server authentication © 2012 - VASCO® Data Security
    • DAWL – Architecture + PSM Windows SEAL Windows LDAP ` SEAL-SSL© 2012 - VASCO® Data Security
    • What is DIGIPASS as a Service© 2012 - VASCO® Data Security
    • Supported Types of Authenticators© 2012 - VASCO® Data Security
    • API vs Web Interface© 2012 - VASCO® Data Security
    • Availability© 2012 - VASCO® Data Security
    • MYDIGIPASS.COM© 2012 - VASCO® Data Security 49
    • MDP: conceptFront-end End-user Website 1 2 3 Validation Validation okBack-end DIGIPASS as a Service© 2012 - VASCO® Data Security 50
    • MDP: Launch pad & Marketplace© 2012 - VASCO® Data Security 51
    • MDP: available today 3 types of DIGIPASS  Hardware DP GO6  Software Mobile DP  Software DP4Web with Intel IPT QR-code autologin © 2012 - VASCO® Data Security 52
    • DEMO Interval between 2 successive time List of valid time-based OTP’s units Additional digits List of valid counter-based OTP’s Speeds up verification of an OTP Generated by host Optional Randomly Used for first OTP validation Sent to user Time granularity Standard 32 seconds© 2012 - VASCO® Data Security
    • Thank You Alex Kuznetsov Technical Account Manager EE-CIS aku@vasco.com© 2012 - VASCO® Data Security
    • Copyright & Trademarks Copyright  2011 VASCO Data Security. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security. Trademarks VASCO®, VACMAN®, IDENTIKEY®, aXsGUARD®, DIGIPASS® and the ® logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries Disclaimer of Warranties and Limitations of Liabilities This Report is provided on an as is basis, without any other warranties, or conditions.© 2012 - VASCO® Data Security 55