Cidway Corporate Access 06 2009 Full


Published on

1 Comment
  • Seamoon Co. Ltd is the first company made the OTP Tokens in China. All OTP Tokens are Researched & Developed by ourselves.

    Could you please feel free to check our website: to know more about us? Thanks.

    And we are interested in any of you OEM and ODM projects, Seamoon will be your good partner providing the best quality Hardware OTP
    Tokens to you and your customers;

    If you have any interested in our OTP Tokens, Please do not hesitate to contact me for more information regarding to your specific needs.

    And if you are not in charge of this field, could you let me know who is in charge of, and let me know his/her e-mail address, telephone NO.
    better, thanks very much.

    Do expect we can cooperate in near future, and look forward to your reply soon.
    Alice Liu
    International Marketing
    Tel: (86) 755 8366 0895 Fax: (86) 755 8366 1990
    Mobile No.: (86) 135 1099 9024 Skype: seamoon_alice
    ShenZhen Seamoon Technology Co., Ltd.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cidway Corporate Access 06 2009 Full

  2. 2. Table of content • CORPORATE BACKGROUND  Facts & History  Industries • PRODUCT PRESENTATION  Product Line  Tokens Features  Server Features  Key differentiators • BUSINESS CASES  Corporate Access Copyright © 2009 CIDWAY Security SA. All rights reserved – 2
  4. 4. CIDWAY – Background Cidway Partners and Customer Services  Created in December 2005  Global presence via partners & resellers  Head Quarters in Lausanne, CH  Support center 24/7  Sales Offices in Switzerland & UK  Support portal available for partners  Internal R&D& Patent Office  Consulting services CIDWAY’s Vision Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime This vision is fuelled by:  Meeting virtually all authentication requirements  Making Authentication & Transactions simple, easy, accessible, secure and user friendly  Addressing virtually unlimited vertical applications from one platform  Providing the next generation mobile software security solution for identity, transaction and data protection Copyright © 2009 CIDWAY Security SA. All rights reserved – 4
  5. 5. Secure Identity, Authentication & Transactions Banking& Finance E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud… Mobile Application’s Providers Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…) Mobile Money & Payment P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment… Enterprise resource access Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail… Homeland Security Airline pilot & vehicle identification physical security solutions (guard exchange id., biometric implementation, etc.) Telecommunications Mobile Top-up, resources access, ASP authentication solution, SIM based OTP… E-Government services Citizens authentication & transaction security, electronic & mobile voting, bill payment… Enable new channels - Improve client’s confidence & loyalty – Lower TCO Copyright © 2009 CIDWAY Security SA. All rights reserved – 5
  7. 7. CIDWAY Authentication products One server for multiple tokens SESAMI Mobile SESAMI Slim Time based OTP Software token for Time based OTP Hardware token mobile phones GAIA Server Authentication platform GAIA SDK Authentication platform SDK SESAMI Mobile SDK SESAMI SMS Token SDK for mobile phones SMS based OTP for mobile phones Copyright © 2009 CIDWAY Security SA. All rights reserved – 7
  8. 8. CIDWAY SESAMI SMS FEATURES & CHARACTERISTICS • Strong two-factor authentication • No need for software installation or activation in the mobile • No secret stored in the mobile • User convenience – no need to carry any other device • User can change his mobile phone time zone or time • Easy management – no need to maintain stock and distribute hardware tokens • Easy deployment, no need for tokens maintenance • Works with any SMS enabled mobile phone or PDA OTP FEATURES • 8 decimal digits (or optionally 8 hex-digits) • Time-based combined with challenge-response • SHA-1 algorithm • Easy deployment • Validity of few seconds (server parameter) • Automatic time management by the server • No stock management • Low on-going cost Copyright © 2009 CIDWAY Security SA. All rights reserved – 8
  9. 9. CIDWAY SESAMI Slim FEATURES & CHARACTERISTICS • Portable, personal and robust (3.2 mm thickness – credit card size) • 2 line clear LCD display • Replaceable battery (token’s data is not erased during battery replacement) • Time based OTP – new OTP every second • 8 characters length OTP (hex-decimal or decimal) • Initialization through a secure two way IR protocol using the SESAMI initialization set • Device protected by user-selected PIN (configurable parameter [0-15 tries]) • Protection against token physical attacks (temper evidence) • Protection against user physical attacks (stress PIN) • Customizable operational parameters • 12 operational buttons • Robust and user-friendly • No need for reader or other equipment • Customizable front panel • Secure • Low on-going cost Copyright © 2009 CIDWAY Security SA. All rights reserved – 9
  10. 10. CIDWAY SESAMI Mobile FEATURES & CHARACTERISTICS Security • Time based OTP with time stamping, Digital Signature • OTP time management to the second • Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted, neither stored on the server (patented solution) • PIN Code selected by the User (no need for temporary PIN sent to the User) Compatibility • Large handset coverage (Symbian, Java, WinCE, Brew, Blackberry, iPhone*) • Automatic time synchronization (support of any clock change on the mobile) • Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…) Functionalities • 2-factor authentication (User authenticated by the Server) • 2-way authentication (server is authenticated by the User) • Transaction’s signature (guarantee the integrity of transactions, against MitM) • Automated registration • Time Traceability • Mobile SDK for integration into any existing mobile application (*) S1-2009 Copyright © 2009 CIDWAY Security SA. All rights reserved – 10
  11. 11. CIDWAY Deployment Strategy (Sesami Mobile) Deployment Strategy • Push:the Client initiates the download by pushing the mobile application to the end-user (requires to have the mobile phone numbers) • Pull: the end-user will initiate alone the download of the mobile application (for example by accessing the Company’s Intranet) 1. User downloads the Mobile application on his mobile phone Deployment Communication Channels • Other the Air – wireless communication (gprs, umts…) using methods such as sms-link, wap push, url… • Computer Download – downloading the mobile application 2. Customer registers the Sesami Mobile application on the User’s computer to be synchronized with the Mobile phone. • eMail – sent to the User as an email attachment (assuming User has email access from his mobile) • Com Ports – the mobile application can be transferred to the mobile by any of its communication channels 3. Registration successful (bluetooth, IrDA, usb…) Deployment Platform • Gaia Deployment tools – Gaia server includes a set of tools and templates to manage mobile application’s deployment, by push or pull, including web pages templates, sms gateway scripts (link to ClickaTel&Tyntec gateways)… Copyright © 2009 CIDWAY Security SA. All rights reserved – 11
  12. 12. CIDWAY GAIA server • Protocols: • HTTP, RADIUS, WSDL, SOAP (XML Web Services Description Language) • SW Requirements: • Windows 2003/8 & SQL 2005 Server / SQL express • SQL 2005 server for real failover solution with Principal, Mirror and Witness • Integration Options: • Runs also on VMWare • Interface with MSAD & any LDAP • Administration: • Web based & Role Based • Configuration: • Web based under IIS • Reporting: • SQL Reporting Services, Web based , • Export & Statistics Copyright © 2009 CIDWAY Security SA. All rights reserved – 12
  13. 13. CIDWAY key differentiators Flexibility • Hardware, sms& Software tokens • Multi-purpose solution (transaction, authentication, document/email corroboration) • One single server for multi-channel communication Cost Optimization • 1 solution secures all remote-access • Low acquisition, deployment and maintenance costs • No need for inventory (sms& soft) • Transaction’s cost reduction and customer retention Convenience • 1 device & 1 PIN for any access or transaction • Familiar and user friendly experience • No need to carry many tokens Security • Time based OTP algorithm (One Time Password is “not predictable”) • Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.) • Secrets are not stored in the Cell-phone (soft token) Integration • Easy to integrate within existing infrastructure • Scalable solution Copyright © 2009 CIDWAY Security SA. All rights reserved – 13
  15. 15. Corporate Access - CIDWAY 1. Remote Access / VPN (using a PC or a PDA) 2. Desktop login (in the corporate network) 3. Remote access using Citrix plugin from Cidway 4. Webmail access using plugin from Cidway 5. Application Access (SAP, Oracle, etc.) SSL VPN Gateway radius PDA CIDWAY SERVER &Cidway OTP Copyright © 2009 CIDWAY Security SA. All rights reserved – 15
  16. 16. Corporate Access – CidWebPlugin • CIDWeb ISAPI filter and extension enables IIS secure Web login for any web site, by using One Time Password. • CIDWeb can be used for both Form Based Authentication and Basic Authentication sites. • No need to redesigned login form! • For each Web access, CIDWeb intercepts the OTP entered by the user in the password field of the Form or Basic Authentication. The CIDWeb sends to the CIDWAY GAIA server the OTP for verification. Upon success, the user is granted access to the web page. • Examples of Web access: Organization Boundry 5. Web Site is opened to user - Microsoft Exchange / OWA 4. On successful 1. User Enter OTP authentication, static password passed back Into Login Form - Citrix (Web Interface). to IIS Cidway GAIA - Any Web pages / sites. Server 3. CidWeb passing OTP to Cidway server for authentication Organization IIS Server with CidWeb 2. OTP & User Name passed to IIS Copyright © 2009 CIDWAY Security SA. All rights reserved – 16
  17. 17. CIDWAY Some of our Clients, Partners & on-going initiatives Copyright © 2009 CIDWAY Security SA. All rights reserved – 17
  18. 18. THANK YOU FOR YOUR ATTENTION For more information, contact: Laurent FILLIAT Mob. +41 78 842 11 47 Tel. +41 21 331 27 00 Fax +41 21 331 27 09 Email: