SmartCard Forum 2011 - Evolution of authentication market


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SmartCard Forum 2011 - Evolution of authentication market

  1. 1. Smart Card Forum PragueEvolution of Authentication market & BeyondNew challenges for enterprises Jérôme Soufflot EMEA Channel Team Marketing & Bus development
  2. 2. Gemalto: Security To Be FreeMore than just a company tag line…it is why we exist Communicate Shop Travel In ways that are convenient, enjoyable and Bank Work secure 2
  3. 3. Gemalto’s Secure Personal Devices…are in the hands of billions of individuals worldwide 1.5 billion secure devices – Produced and personalized in 2009 200 million citizens – Received a Gemalto produced e-Passport 500 million people – Carry a Gemalto produced credit card 400 mobile operators – Connecting 2 billion subscribers 30 years experience – designing/producing secure personal devices 3
  4. 4. Global Leadership Position Top producer of: SIM cards and UICC (1) Over-The-Air platforms(2) Chip payment cards(4) Chip-based corporate security solutions(1) e-Passports (3) Innovation leadership examples Ezio optical reader for online banking YuuWaa – Combines flash memory with online services*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report 4
  5. 5. Entreprises 5
  6. 6. Since 2007 and BeyondEven more devices and……more ways to run Applications
  7. 7. Security of mobile workforces:Top Concern for end users and IT Managers Source Cisco -2010 extract Cisco Connected World report 7
  8. 8. Enterprise & Employee Identity ? “An identity is a set of claims one principal makes about another principal in the context of an established relationship” Username /PW Passport Smartcards Picture Name Address Telephone IP-Address Mobile Biometrics Fax Building Room #
  9. 9. Security is a Balancing ActMust balance between Strength and Usability 10
  10. 10. Why Strong Authentication?Protecting digital assets is a critical need for every business Provides protection from unauthorized access Provides audit trail of individual access activity Increases security while being easy to use for the employee Easy to deploy for the administrator Enterprise computing infrastructures — on premise, hosted, or in the cloud — demand rigorous attention to who, what, where, when, and how a person or an entity accesses data. Security solutions must verify and provide assurance that those requesting access are indeed who and what they say they are. – Sally Hudson IDC 2010 11
  11. 11. Risk of Weak AuthenticationWould you leave your house without locking the door? Unauthorized access Data theft of digital assets (Intellectual Property) Loss of brand reputation and customer trust No audit trail – compliance ramifications Data breaches cost U.S. businesses an average of $6.75 million per breach - Ponemon Institute, 2009 Study 12
  12. 12. Online Security concerns reach the public domain Increasing number of attacks and breaches  Wikileaks – Thousands of secure documents obtained and released due to unencrypted data transmission.  Epsilon– Millions of email records were recently compromised when a hacked was able to gain unauthorized access to outsourced email marketer Episilon’s data store.  RSA – Security vendor RSA was victim of an advanced persistent threat which resulted in compromising their most valuable intellectual property.  Sony Playstation Network –Fraudsters have obtained data on around 70 million online video gamers. Details including their names, addresses, dates of birth, passwords, security questions and credit card details. Web giants proposing now Strong Authentication options to their users 13
  13. 13. Choose Authentication AppropriateSecurity level •Mix authentication Biometry method on the same device •Select appropriate Cost Security level justified PKI for specific enterprise use case •Complete IT security already deployed by OTP credentials protection 14
  14. 14. Protiva SA ServerThe Heart of Protiva Strong Authentication Validation server supporting OTP authentication  Standards based technology  Tokens - OATH event based or time based  Mobile App – Time based with time stamping Web based administrator interface for user management User self-care portal for registration and password back-up Easily integrates with existing infrastructure  Established integrations with leading infrastructure technology  Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.  User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.  Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft IAS/NPS, etc. 5/2/2011 16
  15. 15. First level Gemalto answerProtiva Mobile OTP 2-factor authentication (OTP) Application installed on the mobile phone which allow users to securely generate a One-Time Password (OTP) using their mobile phone as a token. Out-of-band time based OTP Combination of security and User ID: MyID convenience of one time Password: ******** password generated on a OTP: 189763 mobile device Integrated in Protiva SA Server for convenient central administration 17
  16. 16. Why Protiva Mobile OTP? Increasing part of Mobile usage (Smartphone..) in Enterprise context The true advantages of mobility with the appropriate security level Easy user adoption:  Simple to use for enrolment and OTP generation  No additional hardware to carry Easy to deploy and manage by administrator SA Server support large types of devices which allow adapted security solution Optimizing TCO of security 18
  17. 17. Gemalto SA Server Devices OTP Sec OTP OTP PKI Flash SA Mobile-OTP SA SMS-OTP Smart Guardian OTP OTP on display OTP OTP PKI OTP SA Server OTP OTP connected PKI PKI support Physical access SA Easy OTP V3 SA .Net Dual Sec Secure storage Flas h OTP PKI OTP OTP PKI OTP PKI .Net Card with .Net Card OTP reader .Net Key 19
  18. 18. Mobility & Cloud will accelerate market change More Smartphones + Notebook than Desktop PCs Q1/10: 54Mu 48Mu 32Mu (IDC, Strategic Analytics) With the same connectivity demand, whatever the device  I want to access my social network on my mobile  I want to read my company’s encrypted emails while traveling  I want to pay my parking with my handset 20
  19. 19. Market Drivers for SAAS security Increase in Enterprise adoption of Hybrid model Proliferation of SaaS and Federated SSO Quick time to market/deployment Differentiator for businesses Helpdesk cost of supporting passwords Regulatory Compliance  FFIEC, PCI-DSS, European Data Protection Directive, HIPAA/HITECH, SOX 21
  20. 20. First level of Service in the Cloud Ex : Device Administration Services (SAS) Issuance and Administration of Gemalto .NET based devices End User Gemalto .NET devices management  Change PIN  Remote PIN Unblock  View device info (diagnose)  View Certificate on device  Delete Certificates, load P12 file Small Midmarket  Modify PIN Policy (DAS 2.0) Business <25 PCs 25-500 PCs Administrator .NET devices management 1-49 50-1,000  Remote PIN Unblock employees employees  Reset Gemalto .NET devices  Activation and personalization of End User devices: – End-user Administration Key diversification – Default PIN Value – Number of PIN attempts 22
  21. 21. Protiva - A Flexible Authentication SolutionEasily Implement Strong Authentication Protiva Strong Authentication Service  A Hosted OTP solution Hosted Strong Authentication Service Provides:  Complete On Boarding and Device Fulfillment  Flexible billing solutions  Web based portal for device management  Option for complete management of authentication servers (No CAPEX) On Premise Authentication Option  Complete fulfillment for token provisioning  Protiva SA Server on premise for authentication (managed by company IT)  Web based portal for user maintenance 5/2/2011 23
  22. 22. Hosted Strong Authentication Service Corporate Network Protiva Strong Authentication Service Corporate Data Resources/ Applications LDAPS Identity Store Device Database (LDAP/AD) Gemalto Agent HTTPS RADIUS Tunnel Authentication Attempt Validated VPN or Secure Gateway RADIUS Server Protiva Complete OTP Fulfillment Service Features (Mobile App or Token) • Complete Authentication User OTP Authentication Management Request • Easy On Boarding • OTP Credential Fulfillment • Easy Billing/Licensing • Custom Webstore Remote or Local User 5/2/2011 24
  23. 23. User On BoardingEasy, Fast, Simple For Existing Users  SA Server automatically pulls LDAP information from directory store For New Users  Web based management portal  Administrators can quickly and easily add new users User Self Care  For token ordering  Webstore option for user self registration and token ordering  For mobile app OTP  Hosted Application Gateway – Directs to appropriate mobile app store based on phone type. 5/2/2011 25
  24. 24. User On BoardingCustom Webstore – User Direct Token Ordering Gemalto Webstore Features: • Customized web interface • Direct user billing • User self-registration • Automates OTP device fulfillment 5/2/2011 26
  25. 25. Strong authentication Service - FulfillmentEnd User Initiated Fulfilment Fulfillment Process Order Receive Use Two Factor Auth 2FA credential or User can start using (2FA) credential or token is shipped or strong 2FA to token ordered by made available to protect access to end user end user cloud resources 5/2/2011Jan 27, 2010 27
  26. 26. Benefits of Hosted Authentication Cloud Service Online SMB Fortune 500 Providers Gaming • Secure data • Meet regulatory • Secure • Secure access resources without requirements for authentication as a ensures only additional CAPEX data protection differentiator from authorized users other cloud service transact within the • Full authentication • Reduce the cost of providers game management password without additional management and • Little to no • Little to no IT resources help desk calls authentication cost authentication cost through direct user through direct user billing billing A Complete Authentication solution • On Boarding, Fulfillment, Authentication Server Maintenance and Billing Easy to integrate – Easy to manage Flexible Licensing Models No additional CAPEX 28
  27. 27. Welcome in Gemalto Partner Network Gemalto has solid long-term relationships with its partners by focusing on customers and skills we offer solutions that are fully interoperable and configurable to meet the requirements of our customers. Gemalto partners are the leaders in their respective categories: software, communications, security products, identity management systems, data centers, logistics, … 29
  28. 28. Thank Youemail :