• Save
In-Webo multifactor authentication for the cloud ages
Upcoming SlideShare
Loading in...5
×
 

In-Webo multifactor authentication for the cloud ages

on

  • 811 views

In-Webo delivers multifactor authentication as a service (SAAS)....

In-Webo delivers multifactor authentication as a service (SAAS).
It delivers significant usability upsides, such as multi-device support (mobility), selfcare, and super-fast application integration (incl SAML v2).

Statistics

Views

Total Views
811
Views on SlideShare
810
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

In-Webo multifactor authentication for the cloud ages In-Webo multifactor authentication for the cloud ages Presentation Transcript

  • Multifactor authentication for the Cloud ages In-Webo Technologies La protection ultime des identités numériques
  • Mission > To provide Enterprises & Service Operators with state-of-the-art solutions for securing user access and transactions > With strong authentication solutions > Ultimate simplicityand ease-of-use > Token-less and highly secured > No IT constraint, no upfront investment (tools are FREE) > Universal and compatible with digital identity solutions > Especially when legacy solutions cannot be deployed because of: > feasibility : rollout of a new devices, cloud applications, … > costs : equipment of users & partners, cost of SMS > complexity : lenghty setup & complex integration, management of the tokens > usage : certificates setup, no connector available on new devices, etc. La protection ultime des identités numériques
  • Multifactor Authentication ++ !  Secure Online applications, Mobile applications, remote access, Payments, with multifactor authentication embedded in the browser, in the phone or in the applications.  Extend multifactor authentication to the mass market.  Create new usages and new business opportunities secured mobility secure payments, online contracts, dematerialisation, data protection for cloud application …Page  3 La protection ultime des identités numériques
  • Use cases m-banking  Extranet  paiement 3D secure  online betting  Authentication for application  e-gov  secured smart app  electronic vote online gaming  e-health  authenticated helpdesk  TV media box  VPN  web mail maintenance operation signature  e-digicode  groupware La protection ultime des identités numériques
  • Value proposition  Allow massive rollout of secured apps, easily  Reduce TCO of existing multifactor authentication  Software token WITH highest the level of security  Keep full control of your security policies AND use external infrastructure to meet the requirement of compliancy (SOX, PCI, …) and business (security, availability)  NO upfront investisment (free tools, no setup), usage-based fee  Minimal integration effort, no infrastructure hassle  Powerful user user Selfcare features  Secure new usage (mobile app, tablets, Saas applications, B2B, B2B2C)Page  5 La protection ultime des identités numériques
  • Simplify … Simplify the usage and put authentication where the user acts. in the phone in the browser in the applications Behaves as a single sign-on, from user point of view Allows simple and quick enrollment of users, compatible with business agility requirements No more tokens management La protection ultime des identités numériques
  • Positioning SMS-OTP Tokens Password Patented Password + Policy Soft tokens Tokens Smartcard management In-Webo Security Vulnérable Secure SMS-OTP Password Tokens InWebo Smartcard Soft tokens + Policy Password Solutions management Costs /TCO Expensive Affordable SMS-OTP Tokens Password InWebo Smartcard Soft tokens + Policy Password Applications managementUser Experience Complex & not suitable Simple & suitable La protection ultime des identités numériques
  • Multifactor Authentication requirements“Strong” authentication must meet several criteria :Must be multi-factor (what I have, what I know, …)Must be valid once , during a short period of timeMust not be predictable, even if one factor in compromised ! “old school” software solutions don’t meet this criteria ! La protection ultime des identités numériques
  • Security – differenciators vs soft tokens OTP = Function (secret perso key , PIN , incremental)  SW Token OTP = Function (secret perso key , PIN , incremental) In case of reverse engineering of the SW token, avalid intercepted OTP allow to recalculate the PIN(brute force) OTP = Fonction (secret perso key , PIN, incremental,  service key, dynamic keys. )In case of reverse engineering of the SW token, thedynamic key (>500 bits) makes it impossible to recalculatethe PIN, from capture of a valid OTP increased complexity of the synchronization mecanism (patented) PIN not stored on device, exhaustive search not possible La protection ultime des identités numériques
  • In-Webo - Architecture Stores & Markets Strong Activation & managmt authentification tools of the tools HSM Authentication Connect to API Toolbar in Browser Connectors App for phone applications Web services, Librairy for application Radius, SAMLv2 => Generate one time password API Web Console Application (Web, portal, VPN, Mobile, Cloud, etc.) Management & config User management User support User Selfcare La protection ultime des identités numériques
  • Use cases
  • Generic OTP generator for phone Universal offline OTP generator - No SMS, no connection, works without GSM coverage - Full control over the security policy (OTP format, …) - Based on a secured protocol, designed for operating without a secure element (OATH was not designed for execution without a « Secure Element ») - Allow also transaction signature - Available on Androïd, iOS, Blackberry, j2me, Windows Mobile, - Certified by the French Government authorities (ANSSI) Usage for all environments - Web based applications (business & mass market) - Any others application (VPN IPSec, SAP, Citrix, …) - User identification to Call centers - …Page  12 La protection ultime des identités numériques
  • FR0932862qp1dt ****
  • Secured access from a PC Secured connection with automatic logon to web applications - Integrated tool, best user experience - Highest security (phishing, MITM, html injection, …) - Generates OTP and interacts with authentication page (no integration required) - Full control over the security policy (OTP format, …) - Available for IE, Firefox, Chrome. (Safari in 2Q12) Can be installed concurrently on several PCs (work, home, etc…) - Web based applications (business & mass market) - Services web B2B Page  14 La protection ultime des identités numériques
  • ********** My userId xxxx OTP xxxPage  15 La protection ultime des identités numériques
  • Google Apps integration La protection ultime des identités numériques
  • Confirmer une transaction La protection ultime des identités numériques
  • 3D-Secure Authentication La protection ultime des identités numériques
  • « Strong » Authentication with AD FS 2.0 1- Connection request Federated Application(s) 5- Connexion (browser redirection) 4- 2FactorAuthentication 2- Token request (browser redirection) 3- Token request (browser redirection) Identity Provider FS-P FS InWebo (SAML) AD FS 2.0 AD FS 2.0 AD DS
  • La protection ultime des identités numériques
  • La protection ultime des identités numériques
  • Strong Authentication embeded in applications Host / GUI Librairy mAccess 1) PIN entered 3) Identifiant / OTP 2) OTP sent généré Portal / server application Mobil Appl / Tablet / desktop … Secure access via mobile applications - SDK allow to implement strong authentication witin any Application - Transparent user experience - Patented and secured librairy Usage for smartphone, tablet, vonnected TV … - Business Applications - Mobile banking - … La protection ultime des identités numériques
  • m-Banque
  • Supported platformsPhones & smartphones OS & Browsers … and any Java MIDP 2.0 enabled phone 2Q12 La protection ultime des identités numériques
  • Setup and management
  • User Enrollment Stores & Markets Activation of the end-user’s tools HSM Connection Connectors for API provisionning appli ,IAM, etc.. provisionning Web services, (certificates) OTP-InWebo Web Console Admin/ Manager (OTP In-Webo) API IW DirSync LDAP, Active Directory La protection ultime des identités numériques
  • Provisionning and activation Selection of the Web Services API Creation of a users(IAM, Sync disposable activation provisionning HSM1 AD, workflow, base) and Application code for the user provisioning request Activation code « 159 839 914 » Postal mail, @, @to manager, face to face, SMS, … Distribution of the2 activation code to the « 159 839 914 » user Enter the activation3 code in the tool « 159 839 914 » Synchronization and download of application policy La protection ultime des identités numériques
  • Activating user devices La protection ultime des identités numériques
  • IntegrationIntegration of the validation server Web Services API Webservice integration validation (sample provided) Site Web, Portal mobile, Extranet validation Configuration of the SAML API SAML settings (no integration) SaaS validation HSM Radius configuration API (no integration) Radius VPN, accès distant validation La protection ultime des identités numériques
  • USER SELFCARE La protection ultime des identités numériques
  • User Selfcare with mAccess (on the mobile) La protection ultime des identités numériques
  • Administration des Services
  • User management La protection ultime des identités numériques
  • Technical architecture Hosting Router Switch & Database Center #1 (active) HSMPrivate or public Load balancing (master) (active) Web front-end network (active) GbE GbE GbE GbE Hosting Router Center #2 Switch & Database HSM (stand-by) Load balancing (mirrored) (stand-by) Web front-end (active) 2 separate hosting suppliers « Tier 3 » ou « Tier 4 » Hardware (Telecity / Equinix) Security La protection ultime des identités numériques Modules
  • Identity Hub
  • Identity Hub Application 1 requester Identty Hub Moyens de paiement Validation server Identity, @, preferences E-Safe key HSM Bank account Proof of address Scoring Application 2 Supplier & requester Fidelity API (external data) Data store Monetization … La protection ultime des identités numériques
  • Some References La protection ultime des identités numériques
  • Thank you Contact : Laurent Charreyron laurent.charreyron@in-webo.com Try it out now ! : www.in-webo.com/en