digital signing identity protection - askon international...application providers needing higher...
TRANSCRIPT
Digital SigningIdentity Protection
Eric Avigdor, Director Product Management
October 2015
12.10.152
Agenda
2
where we were
Where we are
Where we will be
PKI is coming back…
Past Present Future
12.10.153
CEE & Gemalto Opportunity
eIDAS
Strong PKI awareness
Cloud / Server Signing
12.10.15
Security at the EDGESecurity at the CORE
World leader in PKI USB token
technologyWorld leader in PKI smart card
technology
World #1 World #1
Merging two leaders with solid foundations
12.10.155
Gartner MQ Leader for the 4th Year Running
5
“SafeNet’s ability to meet
customer needs over a range
of use cases and its
responsiveness to standards,
regulatory needs and legal
needs were among the best
compared with other vendors
in this Magic Quadrant.”
12.10.15
€2.5bnrevenue 2014
6
Gemalto’s global presence
6
14,000employees worldwide
86%customer satisfaction in annual survey
2bn+end-users benefit from our solutions
114+patents and patent applications in 2014
180 countrieswhere our clients are based
12.10.157
Identity Protection – Target market
7
Employees, ContractorsConsumers/Subscribers,
Business users,
Communities of interest
ID mgmt, user auth, access
mgmt, federation, etc.
User auth, digital signing,
federation, attribute sharing
Enterprise itself (to protect
access to its apps & resources)Application providers needing
higher degree of assurance
We sell to
End-users
Service targeting
Use-cases
B2B B2CB2B
Private identity services for
corporates & organizations for use
internally
Public/Community ID
services, offered by high-
assurance identity providers, used
by 3rd party application providers
MNOs, Trust Centers
Gov. Agencies (IDPs)Enterprises, Service Providers
Enterprise Trusted Identities
12.10.158
Trusted Identities
8
Identities/Credentials
Issued & Managed
Here
Identity Services
“Consumed” Here
IDENTITY
PROVIDERS
SERVICE
PROVIDERS(relying parties)
USERS(professionals, consumers)
• Multi-party schemes (ID
service providers vs. ID service
“consumers” vs. users)
• Interoperability, certification, federation,
standards
• Driven by:
• Regulation (national or sub-national,
e.g., EC)
• Dematerialization, efficiencies,
workflow improvement
• Led by
• Governments (eGov, HSPD-12, etc.)
• Communities of interest, specific
industries (Healthcare, GSMA, etc.)
Government
Agency
Certificate
Authority
Mobile
Network
Operator
e-Health
Digital Sig
(Tax Filing,
etc.)
e-Gov
e-Commerce
12.10.159
Why Gemalto?
9
...and they trust us to secure and manage their most valuable identities
Trusted by leading
global brands
Gemalto offers a complete solutionconsisting of PKI tokens and smart
cards, middleware and management
software
Gemalto is the recognized global
leader in PKI solutions
Gemalto has the reach, resources and
capabilities to be your long-term
partner in creating trusted
ecosystems with secure identities
Gemalto is the world leader in
digital security and has an
extensive portfolio of leading edge
products and services
12.10.1510
Markets we serve
10
Traditionally strong Geo’s
India – new mandate - use FIPS certified tokens
Russia – Local GOST certification
Brazil – SAT FISCAL. Local ITI certification
Sweden – Perso. Bureau services (National ID)
New Growth Geo’s
Europe – eIDAS. cross-border trust & digital signature
Japan – Central bank mandate – Use CBA tokens
CIS – country specific GOST standards
Middle-East – local certifications
12.10.15
3+ billion Internet users globally today
7.1 billion mobile subscriptions today
9.2 billion mobile subscriptions by 2020
A ten-fold increase in mobile data traffic
is predicted between 2014 and 2019
Expected growth
Today’s connected, mobile world
Trusted Identities Trusted Identities 11
12.10.15Trusted Identities 12
SOURCES: Gartner
Tablets in
use by 2020
860M By 2020, smartphones will be
in the hands of 70% of the
global population
1.2BConnected
devices by
2020
26B
Growth of mobile device ownership
Revenue growth of
the personal
portable security
devices market by
2018
12.10.15Trusted Identities 13
Identities are everywhere
“The concept of a secure identity
has become a critically important
issue for citizens, governments,
enterprises and any organization
that determines rights and privileges
for individuals.”
—Smart Card Alliance
50-60BEstimated number of
digital identities in the
world today
75%Of the world’s
population that has at
least 1 digital ID –
50% have at least 4
24The average number
of digital identities
per individual in 2014
12.10.15Trusted Identities 14
Digital Signing – The Mobile Need
The Need:Enable malware-resilient signing using qualified digital
certificates on mobile devices in G2B environments
337 M Tablets in 2015
292 M Laptops & Desktops in 2015
2.1 B Mobile phones by 2017
0.9 B Tablets, laptops, desktops in 2017
12.10.15Trusted Identities 15
Problems
Many government services still must be conducted in
person or by mail
Result: Higher costs for agencies to manage paper,
inconvenience for citizens
Healthcare and higher education records continue to be
primarily paper based. Healthcare has significant fraud
risk with ePrescription
Result: Higher costs to manage paper, high security risk,
significant potential for fraud in healthcare, inconvenience
for patients/students
Many private enterprises don’t have strong authentication
solutions in place to verify employees’ identities and allow
for digital signature
Result: risk for data breach, inconvenience for
departments that frequently sign documents
12.10.15Trusted Identities 16
Addressing Global Digital Signing Needs
Document
Signing
Tax
Filing
Government
WorkersElectronic
ProcurementElectronic
Health
Electronic
Education
12.10.15Trusted Identities 17
Leading Solutions for Trusted Identities
Certificate Authorities
Use cases we address
Who we sell to
Digital Signing
e-Procurement
National ID
Tax Filing
e-Health
GovernmentsMNOs
Products we offer
e-Education
OEM/ISV
IDGo 800
SafeNet Authentication Client USB tokens
Smartcards
ReadersSDKs
Middleware Authenticators
12.10.15Trusted Identities 18
Product portfolio
SafeNet eToken
USB tokens
Middleware Platforms
SafeNet Authentication Client
SafeNet IDGo 800
SafeNet IDGo 800
SafeNet IDGo 800 for mobile
Smart cards
Readers
Micro SD, Bluetooth,
NFC
Authenticators
12.10.15Trusted Identities 19
Product Convergence
eToken Pro
Java 72K
eToken Pro
Anywhere
eToken
5100/5105
eToken
5200/5205
IDBridge
Next Gen
eToken
5300
NG-
OTP
eToken
7300
eToken 5110
eToken Pro
card
IDPrime
.NET
eToken
4100
IDPrime MD
830/840
ID Prime MD
IDPrime MD
Next gen
Token/OS/Applet ConvergenceMiddleware
Convergence
SafeNet
Authentication
Client
• Full client
• PKCS#11 lib
• Minidriver
Stop selling Sell (existing customers) Sell!
12.10.15Trusted Identities 20
SafeNet Authentication Client
• Cross-platform Middleware
• Cross-platform SDK
• Large ecosystem integration
• Minidriver
• Customization tool
• Multiple Browsers
12.10.15Trusted Identities 21
Mobile Signing
Use cases
• Invoice signing
• Signing prescriptions
• Email signing
The Need:
• Extend Digital Signature to mobile endpoints
Verticals
• CA / Gov
• Healthcare
• Financials
Value Proposition
• Enable ISVs to extend their
security solutions to Mobile
• Enable CAs & trust centers to
extend to mobile use cases
• Solution can integrate with both
desktop and mobile
• Secure Bluetooth pairing and communication
12.10.15Trusted Identities 22
Mobile Signing – Routes to Market
End User
Channel
Partners
(VAR, SI…)
Technology
Partners
Local ISV’s(Application
Developers)
++
Apps
K1100
CT1100
SDK
IDGo License
SDK
IDGo License
Maintenance
12.10.15Trusted Identities 23
SafeNet IDBridge Bluetooth solutions
DESCRIPTION
SUPPORTED APPLICATIONS
Bluetooth low-energy-enabled solutions for
roaming users. Integrated with mobile device
management for anytime, anywhere use with
PCs, tablets, smart phones.
• Secure remote access
(VPN/ Web)
• PC Security: boot
protection & file
encryption
• Digital signature
• Network logon
• Strong two-factor
authentication
• Email encryption
• eHealth, eProcurement,
and eGovernment
applications
FORM FACTORS
• Reader/badge holder design—IDBridge CT1100
• USB token mode—IDBridge K1100
12.10.15Trusted Identities 24
Middleware: IDGo 800 and IDGo 800 Mobile
DESCRIPTION
FEATURES & BENEFITS
Middleware and SDKs, enabling the management
of access to network security systems using
IDPrime smart card technology and mobile
applications such as Bluetooth and NFC.
IDGo 800
• Cryptographic
middleware
allowing 3rd party
applications to
easily support PKI,
OTP and PC-SC
technologies
• Easy integration in
the main mobile
application using
the Software
Development Kit
(SDK)
NFC
IDGo 800 Mobile
• IDGo Mobile
includes an OTH
ATI, a PC-SC API
and a range of
drivers to interface
with a larger
range of secure
elements, such as
Bluetooth smart,
USB, NFC and
smart card
readers.
IDGo 800 IDGo 800 Mobile
12.10.15Trusted Identities 25
Use Cases: Tax Filing
Background
• Country: India
• Program: MCA-21
• Annual Tax filing
• 600K companies
USB Tokens
Background
• Country: Brazil
• Program: SAT FISCAL
• POS Tax reporting
Micro SD
The Need:
• Digital Signature
• Non Repudiation
12.10.15Trusted Identities 26
Use Cases: Healthcare
Background
• Country: Canada
• Use Case: Digital signature of electronic prescriptions
by all medical and pharmaceutical staff
• Future opportunity to expand to mobile
Bluetooth
The Need:
• Streamline processing
• Reduce drug fraud
12.10.15Trusted Identities 27
Use Cases: Mobile Document Signing
Use Case
• Invoice signing
• Signing prescriptions
• email signing
Micros SD & Bluetooth
The Need:
• Extend Digital Signature to mobile endpoints
12.10.15Trusted Identities 28
Use Cases: Portable Digital Signing
Use Case
• Web Signing portals
• Signing application carried on the token
Lead with: SafeNet 7300
The Need:
• Portable Digital Signing
• Zero footprint
12.10.15Trusted Identities 29
Market dynamics
Using eSignature!
UX wins…
Low adoption of qualified signature
USA leading adoption of e-Signature
EU to follow US with eIDAS
Regulated countries remain PKI fans
Priority
Governments going paperless to:
Save money
Save Time
Increase convenience
Increase security
Analysts recommend
• Support multiple Signature types:
Hardware, Software, mobile.
• Integrate products with trust
center
• Student enrollment in a university abroad
• Health data online access when abroad
• Public call tenders for abroad companies
• Signing contracts with abroad partners
Analysts predict
• Many regions will require PKI for
Government interaction
• EU adopting strategy of centrally
managed keys
eIDAS: EU Framework for:
Electronic IDentification And
Signature
eIDAS
Low adoption
Need for change
12.10.15Trusted Identities 30
Server Signing
> Enabler for Mobile signing
> Faster issuance & customer acquisition.
(No need to fulfil a token)
User experience
Security
Incremental business
> Enabler for Mobile signing
> No additional hardware to carry(also on desktop environments)
> No lost tokens. No reissuance costs
> Faster issuance (no Token)
Operational efficiency
> True revocation(not possible with external token)
> Not exposed to side channel attacks
> Easy integration with:risk management / fraud detection
(centrally track behavioral aspects)
> Reduce cost of ownership
(no handling costs for smart cards)
> Single middleware for cloud signing & tokens
Private keys
12.10.15Trusted Identities 31
Gemalto solutions for regional regulations
Gemalto has solutions for a growing list of regional government
requirements for activities such as tax filing, digital signing and
authentication
India – FIPS Certified token
Russia – local GOST cert
Brazil – SAT FISCAL. Local ITI cert
Sweden – Perso. Bureau services
(National ID)
Europe: eIDAS. cross-border trust &
DigSig
Japan: central bank mandate –CBA tokens
CIS: country specific GOST standards
Middle-East: local certifications
Canada: Healthcare
United States: PIV
Central America: PKI
South Africa: PKI
12.10.15Trusted Identities 32
India MCA-21
Indian Ministry of Company Affairs
Overview
The Indian Ministry of Corporate Affairs, part of the Government of India,
wanted users to have a Digital Signature credentials for tax filing
Specifics
• Provide secure online access to MCA services of more than
IM business and individuals
• Users must have Digital Signature Certificates (DSC) issued
by licensed Certifying Authority
Solution
• Product: SafeNet eToken 5100
• Number deployed: More than 350,000
12.10.15Trusted Identities 33
Brazil ICP
Civil Identity Registry
Overview
ICP Brazil was introduced as federal law in 2001; In 2010 Brazil
introduced the Tax payer Identity Registry – to issue 150 million cards in
9 years
Specifics
• Create a national PKI solution for electronic ID
• Solution must ensure authenticity, integrity, non-repudiation,
secrecy combined with legal validity
Solution
• More than 2M PKI-based smart cards and tokens were
provided to leading Brazilian CAs such as Certisign, Serasa
and directly to state agencies
12.10.15Trusted Identities 34
National ID Oman
Sultanate of Oman
Overview
Oman created a National Registry System to modernize the identification
system and make it more efficient and secure for both government
officials and citizens
Specifics
• Provide citizens with PKI smart card that stores personal
credentials such as name, address, digital photograph,
fingerprints, driving license, etc.
• In addition to digital identification, electronic gates have been
implemented for border control. The national ID card will
integrate an electronic purse as well as e-government
applications.
Solution
• Product: Gemalto IDPrime smart cards
• Number deployed: 2.5M
12.10.15Trusted Identities 35
U.S. Common Access Card
US Department of Defense
Overview
The DoD conducted a review and realized efficiency and financial
benefits that would come from moving identity management from
individual locally maintained systems to a centrally managed approach.
Specifics
• Every employee of the DOD would be issued a single
common identity credential (CAC) to be used for physical
access, access to specific services, logical access to
information systems including ensuring confidentiality and
accountability in email based communications
• The card is personalized with three PKI certificates and some
30 demographic data elements
Solution
• More than 17M CAC cards have been provided to employees
of the DOD since the program began in 2001
12.10.15Trusted Identities 36
Other international customers
National ID• Kuwait: • Switzerland: • Nigeria: Belgium• Czech Republic • Finland: • France• Sweden• Portugal• Lithuania • Qatar• Oman• UAE• Kingdom of
Bahrain
• Saudi Arabia• Gabon• Hong Kong• Mongolia• Denmark• Taiwan
eHealth• Italy• Algeria• Bulgaria• France• Germany• Gabon• Sweden
• UK• Puerto Rico• Slovenia
Border & Visa• Ghana• Argentina• Norway• Croatia• Morocco• South Africa
Gemalto has contributed to more than 80 successful government
programs worldwide and has all the required project management
skills, reputation and expertise to deliver the IT infrastructure
Thank you!
37