• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Solution brief   ds3 support for intel® identity protection technology
 

Solution brief ds3 support for intel® identity protection technology

on

  • 271 views

 

Statistics

Views

Total Views
271
Views on SlideShare
271
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Solution brief   ds3 support for intel® identity protection technology Solution brief ds3 support for intel® identity protection technology Document Transcript

    • Seamless Two-Factor Authentication:DS3 Incorporates Support forIntel® Identity Protection TechnologyChallenge• Providing strong authentication requires supporting a diverse range of tokens andauthentication mechanisms, including added support for new technologies that arereaching the market.• The need for strong, easy-to-use, two-factor authentication has increased ashacker attacks have become more sophisticated and online banking, commerce,and government transactions have become more commonplace.• Hardware tokens present problems in provisioning, management, and potential loss.Software tokens—while convenient—provide a lower level of security and a primetarget for malware. Solution• Designing the DS3 Authentication Server to accommodate an extensive range ofauthentication mechanisms—quickly adapting to powerful, emerging technologies asthey are introduced—delivers the flexibility and the rigorous identity protection thatenterprise business customers require. • Incorporating Intel® Identity Protection Technology (Intel® IPT) into a solution, such asthe DS3 Authentication Server, strengthens security by using one-time passwords(OTPs) generated within a tamper-resistant module in hardware. These OTPs can begenerated and passed through with or without user action.“The reason why I am so bullishabout the [Intel] IPT solution isthat it offers a new light at theend of the tunnel, where wehave the ability to turn on strongauthentication for every personout there in the entire onlineworld who has an Ultrabook.”— Teik Guan, CEO, DS3Solution BriefIntel® IdentityProtection Technology
    • (or rely on software tokens). Multi-factorlog-in to the corporate network or VPN issimplified. Those employees with Intel IPT-equipped PCs don’t need to carry and usea separate token. The credentials suppliedby the PC itself allow them to accessthe network. Capsule Description:DS3 Authentication ServerThe DS3 Authentication Server applianceoffers multi-factor authenticationwith end-to-end encryption of keysprovided by a FIPS-certified HardwareSecurity Module. With extensive supportfor a variety of token types and OTPmechanisms from different vendors(including Intel IPT support), thisauthentication server accommodatesthe stringent requirements of financialinstitutions and is also gaining popularityin other industries where protectionagainst fraud and information theftis vital—including eCommerce sites,telecommunications services, cloudcomputing portals, logistics operations,educational institutions, and governmentorganizations.Teik Guan, DS3’s CEO, commented, “Whenwe were initially presented with the IntelIPT offering, from a DS3 perspective wesaw every IPT-equipped PC as essentiallya front-end token. This was naturallya good fit for what DS3 does becausewe want to be able to offer a platform-free token across the widest range ofselections—to both new and existingcustomers, so that everyone could choosewhat exactly they needed for theirapplication. It’s not so much a decisionthat is made only at the point-of-purchase,but a decision based on what tokens acustomer’s end users will be able to use,throughout the lifecycle of the application.DS3 encourages customers to select thekinds of tokens and mechanisms that bestmatch their business practices. “By havinga back-end system that flexibly combinestwo or even three of these types ofofferings together,” Guan said, “customerswill not be restricted by choice of token orby choice of infrastructure. Customers areable to choose what approach makes thebest sense for their businesses. That,I would say, is a very good thing. If youReducing Data Theft RisksThe trade-off between rigorous securityand ease-of-use has been an ongoingchallenge since the earliest days ofpersonal computing. If security practicesare too difficult for users to followon a regular basis, they’ll find ways tocircumvent the practices or becomecareless. Lowering the security standardsto make the system easier to use exposessensitive information to loss or theft.Cyber attacks that deliberately targettoken use have become increasinglysuccessful. With the latest version ofthe DS3 Authentication Server, whichincludes support for Intel IPT, the risks ofdata exposure or theft are substantiallydiminished.Based in Singapore, DS3 introduced theDS3 Authentication Server, its flagshipenterprise solution, in 2003. In 2012,DS3 added support for Intel IPT to bringthe advantages of hardware-basedauthentication using OTPs to theircustomers. DS3 continues to followthrough on its mission: to give customersthe widest possible selection ofauthentication options. As new, promisingtwo-factor authentication technologiesare developed and validated by theindustry, DS3 integrates them into itsserver solutions.Advanced Protection TechnologyHardware-generated OTPs, coupled withback-end server support, represent one ofthe most advanced, proven methods fordisrupting hacker efforts and reducing therisk of account breaches. Intel IPT is builtinto all Intel-inspired Ultrabook™ devices,select second-generation Intel® Core™processors, and Intel® vPro™ technology-based PCs that feature third-generationand second-generation Intel® Core™vPro™ processors. By supporting thistechnology in the latest versions of theDS3 Authentication Server, DS3 eliminatesthe need for customers to acquire andmanage separate physical tokensFeatures and Benefits of Intel® Identity Protection Technology (Intel® IPT)Most security experts regard hardware-based authentication, as implementedby Intel IPT, as more effective than software-only authentication. Intel IPT offersthese features and benefits:• One-time password (OTP) generation. A chipset embedded in an Intel IPT-equipped PC generates a single-use six-digit password in periodic timedintervals (in isolation from the PC operating system). The authentication serversynchronizes and confirms this password on the back-end, validating that accessis being granted to a user on a trusted platform, not malware.• Public key infrastructure (PKI) signing. Intel IPT also provides access-pointprotection through a PKI certificate, embedded in the same manner as theOTP credentials. Enterprises can rely on this hardware-based PKI certificate toeliminate a requirement for any additional smart card or token.• Protected transaction display. Encrypted I/O technology that works incombinations with Intel IPT or PKI delivers another layer of protection wheneversensitive online transactions are taking place. This feature confirms the userpresence, verifies the transactions, and blocks malware screen scrapers fromharvesting data from the PC display.2DS3 Incorporates Support for Intel® Identity Protection Technology
    • look at security practices even 10 yearsago, most business users were restrictedby what they could use and deploy totheir customers. They were often toldby the security administrator, ‘No, youcannot do this.’ And, now, with a widechoice of front-end devices to offer—withthis stronger authentication ecosystem inplace—the business users have the abilityFigure 1. Overview of the DS3 Authentication Server and Intel® Identity Protection Technology components.DS3 Authentication ServerBackendHost OSChipsetEmbedded IPT App in the ChipsetWeb ServerIntel Service VerificationServer LibraryIntel® Identity Protection Technology MiddlewareIntel-providedcomponentISVcomponentInternetBrowserIntel IdentityProtectionTechnology Plug-inUltrabook™ or PCfeaturing Intel IdentityProtection Technology3Credentials aresent to the DS3AuthenticationServer forauthentication.1 From a Webportal, userenters usernameand password.2 OTP is generated by Intel IPTfrom Ultrabook or IPT-enabled PC.4 If credentials are authenticated,user can access the Web portalDS3’s philosophy is to offer customersauthentication that matches their securityneeds and business practices, advancingits solution capabilities as quickly assecurity technologies evolve. Intel IPTextends powerful new capabilities to DS3solutions.“We’re seeing a need for strongauthentication that is deployed evenfor non-financial or government-based applications. Intel IPT providesbank-grade security protocol for themasses. Now when an enterprisewants to secure the remote accessfor its partners or employees, it canhave almost the equivalent level ofsecurity as the banks use. It can havethis same level of security withoutneeding to set up the same level ofinfrastructure—where we’re talkingabout token issuance, token logistics,token management—because allof these can be simply addressedthrough a combination of the IntelIPT-enabled notebooks, which are theUltrabook devices, and a flexible back-end authentication system:the DS3 server.”— Teik Guan, CEO, DS3to decide what best works for them. This,I believe, is a good value proposition and agood fit for the industry.”With the dramatic increase in financialand business transactions performedonline, strong authentication has becomean essential requirement to preserveprivacy and protect business assets.3DS3 Incorporates Support for Intel® Identity Protection Technology3
    • For More InformationFor additional details about the DS3 Authentication Server, visit ds3global.com. For a current list of PCs that feature Intel Identity Protection Technology, visit ipt.intel.com.To watch a video that explains how Intel Identity Protection Technology works, go toipt.intel.com/how-it-works.aspx.Solution provided by:DS3 Incorporates Support for Intel® Identity Protection Technology 1 No system can provide absolute security under all conditions. Requires an Intel®IPT-enabled system, including a 2nd or 3rd generation Intel®Core™ processor, enabled chipset, firmware, and software.Available only on participating Web sites. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. Information in this document is provided in connection with Intel®products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document.Except as provided in Intel‘s terms and conditions of sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use ofIntel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Unless otherwiseagreed in writing by Intel, the Intel products are not designed nor intended for any application in which the failure of the Intel product could create a situation where personal injury or death may occur. . Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructionsmarked “reserved” or “undefined.” Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes tothem. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Currentcharacterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copiesof documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting Intel’s Web siteat www.intel.com. Copyright © 2012 Intel Corporation. All rights reserved. Intel, Intel Core, Intel vPro, Ultrabook and the Intel logo are trademarks of Intel Corporation in the U.S. and other countries.*Other names and brands may be claimed as the property of others. Printed in USA 0912/JK/MESH/PDF Please Recycle 327944-001US