Digital SigningIdentity Protection

Eric Avigdor, Director Product Management

October 2015

12.10.152

Agenda

2

where we were

Where we are

Where we will be

PKI is coming back…

Past Present Future

12.10.153

CEE & Gemalto Opportunity

eIDAS

Strong PKI awareness

Cloud / Server Signing

12.10.15

Security at the EDGESecurity at the CORE

World leader in PKI USB token

technologyWorld leader in PKI smart card

technology

World #1 World #1

Merging two leaders with solid foundations

12.10.155

Gartner MQ Leader for the 4th Year Running

5

“SafeNet’s ability to meet

customer needs over a range

of use cases and its

responsiveness to standards,

regulatory needs and legal

needs were among the best

compared with other vendors

in this Magic Quadrant.”

12.10.15

€2.5bnrevenue 2014

6

Gemalto’s global presence

6

14,000employees worldwide

86%customer satisfaction in annual survey

2bn+end-users benefit from our solutions

114+patents and patent applications in 2014

180 countrieswhere our clients are based

12.10.157

Identity Protection – Target market

7

Employees, ContractorsConsumers/Subscribers,

Business users,

Communities of interest

ID mgmt, user auth, access

mgmt, federation, etc.

User auth, digital signing,

federation, attribute sharing

Enterprise itself (to protect

access to its apps & resources)Application providers needing

higher degree of assurance

We sell to

End-users

Service targeting

Use-cases

B2B B2CB2B

Private identity services for

corporates & organizations for use

internally

Public/Community ID

services, offered by high-

assurance identity providers, used

by 3rd party application providers

MNOs, Trust Centers

Gov. Agencies (IDPs)Enterprises, Service Providers

Enterprise Trusted Identities

12.10.158

Trusted Identities

8

Identities/Credentials

Issued & Managed

Here

Identity Services

“Consumed” Here

IDENTITY

PROVIDERS

SERVICE

PROVIDERS(relying parties)

USERS(professionals, consumers)

• Multi-party schemes (ID

service providers vs. ID service

“consumers” vs. users)

• Interoperability, certification, federation,

standards

• Driven by:

• Regulation (national or sub-national,

e.g., EC)

• Dematerialization, efficiencies,

workflow improvement

• Led by

• Governments (eGov, HSPD-12, etc.)

• Communities of interest, specific

industries (Healthcare, GSMA, etc.)

Government

Agency

Certificate

Authority

Mobile

Network

Operator

e-Health

Digital Sig

(Tax Filing,

etc.)

e-Gov

e-Commerce

12.10.159

Why Gemalto?

9

...and they trust us to secure and manage their most valuable identities

Trusted by leading

global brands

Gemalto offers a complete solutionconsisting of PKI tokens and smart

cards, middleware and management

software

Gemalto is the recognized global

leader in PKI solutions

Gemalto has the reach, resources and

capabilities to be your long-term

partner in creating trusted

ecosystems with secure identities

Gemalto is the world leader in

digital security and has an

extensive portfolio of leading edge

products and services

12.10.1510

Markets we serve

10

Traditionally strong Geo’s

India – new mandate - use FIPS certified tokens

Russia – Local GOST certification

Brazil – SAT FISCAL. Local ITI certification

Sweden – Perso. Bureau services (National ID)

New Growth Geo’s

Europe – eIDAS. cross-border trust & digital signature

Japan – Central bank mandate – Use CBA tokens

CIS – country specific GOST standards

Middle-East – local certifications

12.10.15

3+ billion Internet users globally today

7.1 billion mobile subscriptions today

9.2 billion mobile subscriptions by 2020

A ten-fold increase in mobile data traffic

is predicted between 2014 and 2019

Expected growth

Today’s connected, mobile world

Trusted Identities Trusted Identities 11

12.10.15Trusted Identities 12

SOURCES: Gartner

Tablets in

use by 2020

860M By 2020, smartphones will be

in the hands of 70% of the

global population

1.2BConnected

devices by

2020

26B

Growth of mobile device ownership

Revenue growth of

the personal

portable security

devices market by

2018

12.10.15Trusted Identities 13

Identities are everywhere

“The concept of a secure identity

has become a critically important

issue for citizens, governments,

enterprises and any organization

that determines rights and privileges

for individuals.”

—Smart Card Alliance

50-60BEstimated number of

digital identities in the

world today

75%Of the world’s

population that has at

least 1 digital ID –

50% have at least 4

24The average number

of digital identities

per individual in 2014

12.10.15Trusted Identities 14

Digital Signing – The Mobile Need

The Need:Enable malware-resilient signing using qualified digital

certificates on mobile devices in G2B environments

337 M Tablets in 2015

292 M Laptops & Desktops in 2015

2.1 B Mobile phones by 2017

0.9 B Tablets, laptops, desktops in 2017

12.10.15Trusted Identities 15

Problems

Many government services still must be conducted in

person or by mail

Result: Higher costs for agencies to manage paper,

inconvenience for citizens

Healthcare and higher education records continue to be

primarily paper based. Healthcare has significant fraud

risk with ePrescription

Result: Higher costs to manage paper, high security risk,

significant potential for fraud in healthcare, inconvenience

for patients/students

Many private enterprises don’t have strong authentication

solutions in place to verify employees’ identities and allow

for digital signature

Result: risk for data breach, inconvenience for

departments that frequently sign documents

12.10.15Trusted Identities 16

Addressing Global Digital Signing Needs

Document

Signing

Tax

Filing

Government

WorkersElectronic

ProcurementElectronic

Health

Electronic

Education

12.10.15Trusted Identities 17

Leading Solutions for Trusted Identities

Certificate Authorities

Use cases we address

Who we sell to

Digital Signing

e-Procurement

National ID

Tax Filing

e-Health

GovernmentsMNOs

Products we offer

e-Education

OEM/ISV

IDGo 800

SafeNet Authentication Client USB tokens

Smartcards

ReadersSDKs

Middleware Authenticators

12.10.15Trusted Identities 18

Product portfolio

SafeNet eToken

USB tokens

Middleware Platforms

SafeNet Authentication Client

SafeNet IDGo 800

SafeNet IDGo 800

SafeNet IDGo 800 for mobile

Smart cards

Readers

Micro SD, Bluetooth,

NFC

Authenticators

12.10.15Trusted Identities 19

Product Convergence

eToken Pro

Java 72K

eToken Pro

Anywhere

eToken

5100/5105

eToken

5200/5205

IDBridge

Next Gen

eToken

5300

NG-

OTP

eToken

7300

eToken 5110

eToken Pro

card

IDPrime

.NET

eToken

4100

IDPrime MD

830/840

ID Prime MD

IDPrime MD

Next gen

Token/OS/Applet ConvergenceMiddleware

Convergence

SafeNet

Authentication

Client

• Full client

• PKCS#11 lib

• Minidriver

Stop selling Sell (existing customers) Sell!

12.10.15Trusted Identities 20

SafeNet Authentication Client

• Cross-platform Middleware

• Cross-platform SDK

• Large ecosystem integration

• Minidriver

• Customization tool

• Multiple Browsers

12.10.15Trusted Identities 21

Mobile Signing

Use cases

• Invoice signing

• Signing prescriptions

• Email signing

The Need:

• Extend Digital Signature to mobile endpoints

Verticals

• CA / Gov

• Healthcare

• Financials

Value Proposition

• Enable ISVs to extend their

security solutions to Mobile

• Enable CAs & trust centers to

extend to mobile use cases

• Solution can integrate with both

desktop and mobile

• Secure Bluetooth pairing and communication

12.10.15Trusted Identities 22

Mobile Signing – Routes to Market

End User

Channel

Partners

(VAR, SI…)

Technology

Partners

Local ISV’s(Application

Developers)

++

Apps

K1100

CT1100

SDK

IDGo License

SDK

IDGo License

Maintenance

12.10.15Trusted Identities 23

SafeNet IDBridge Bluetooth solutions

DESCRIPTION

SUPPORTED APPLICATIONS

Bluetooth low-energy-enabled solutions for

roaming users. Integrated with mobile device

management for anytime, anywhere use with

PCs, tablets, smart phones.

• Secure remote access

(VPN/ Web)

• PC Security: boot

protection & file

encryption

• Digital signature

• Network logon

• Strong two-factor

authentication

• Email encryption

• eHealth, eProcurement,

and eGovernment

applications

FORM FACTORS

• Reader/badge holder design—IDBridge CT1100

• USB token mode—IDBridge K1100

12.10.15Trusted Identities 24

Middleware: IDGo 800 and IDGo 800 Mobile

DESCRIPTION

FEATURES & BENEFITS

Middleware and SDKs, enabling the management

of access to network security systems using

IDPrime smart card technology and mobile

applications such as Bluetooth and NFC.

IDGo 800

• Cryptographic

middleware

allowing 3rd party

applications to

easily support PKI,

OTP and PC-SC

technologies

• Easy integration in

the main mobile

application using

the Software

Development Kit

(SDK)

NFC

IDGo 800 Mobile

• IDGo Mobile

includes an OTH

ATI, a PC-SC API

and a range of

drivers to interface

with a larger

range of secure

elements, such as

Bluetooth smart,

USB, NFC and

smart card

readers.

IDGo 800 IDGo 800 Mobile

12.10.15Trusted Identities 25

Use Cases: Tax Filing

Background

• Country: India

• Program: MCA-21

• Annual Tax filing

• 600K companies

USB Tokens

Background

• Country: Brazil

• Program: SAT FISCAL

• POS Tax reporting

Micro SD

The Need:

• Digital Signature

• Non Repudiation

12.10.15Trusted Identities 26

Use Cases: Healthcare

Background

• Country: Canada

• Use Case: Digital signature of electronic prescriptions

by all medical and pharmaceutical staff

• Future opportunity to expand to mobile

Bluetooth

The Need:

• Streamline processing

• Reduce drug fraud

12.10.15Trusted Identities 27

Use Cases: Mobile Document Signing

Use Case

• Invoice signing

• Signing prescriptions

• email signing

Micros SD & Bluetooth

The Need:

• Extend Digital Signature to mobile endpoints

12.10.15Trusted Identities 28

Use Cases: Portable Digital Signing

Use Case

• Web Signing portals

• Signing application carried on the token

Lead with: SafeNet 7300

The Need:

• Portable Digital Signing

• Zero footprint

12.10.15Trusted Identities 29

Market dynamics

Using eSignature!

UX wins…

Low adoption of qualified signature

USA leading adoption of e-Signature

EU to follow US with eIDAS

Regulated countries remain PKI fans

Priority

Governments going paperless to:

Save money

Save Time

Increase convenience

Increase security

Analysts recommend

• Support multiple Signature types:

Hardware, Software, mobile.

• Integrate products with trust

center

• Student enrollment in a university abroad

• Health data online access when abroad

• Public call tenders for abroad companies

• Signing contracts with abroad partners

Analysts predict

• Many regions will require PKI for

Government interaction

• EU adopting strategy of centrally

managed keys

eIDAS: EU Framework for:

Electronic IDentification And

Signature

eIDAS

Low adoption

Need for change

12.10.15Trusted Identities 30

Server Signing

> Enabler for Mobile signing

> Faster issuance & customer acquisition.

(No need to fulfil a token)

User experience

Security

Incremental business

> Enabler for Mobile signing

> No additional hardware to carry(also on desktop environments)

> No lost tokens. No reissuance costs

> Faster issuance (no Token)

Operational efficiency

> True revocation(not possible with external token)

> Not exposed to side channel attacks

> Easy integration with:risk management / fraud detection

(centrally track behavioral aspects)

> Reduce cost of ownership

(no handling costs for smart cards)

> Single middleware for cloud signing & tokens

Private keys

12.10.15Trusted Identities 31

Gemalto solutions for regional regulations

Gemalto has solutions for a growing list of regional government

requirements for activities such as tax filing, digital signing and

authentication

India – FIPS Certified token

Russia – local GOST cert

Brazil – SAT FISCAL. Local ITI cert

Sweden – Perso. Bureau services

(National ID)

Europe: eIDAS. cross-border trust &

DigSig

Japan: central bank mandate –CBA tokens

CIS: country specific GOST standards

Middle-East: local certifications

Canada: Healthcare

United States: PIV

Central America: PKI

South Africa: PKI

12.10.15Trusted Identities 32

India MCA-21

Indian Ministry of Company Affairs

Overview

The Indian Ministry of Corporate Affairs, part of the Government of India,

wanted users to have a Digital Signature credentials for tax filing

Specifics

• Provide secure online access to MCA services of more than

IM business and individuals

• Users must have Digital Signature Certificates (DSC) issued

by licensed Certifying Authority

Solution

• Product: SafeNet eToken 5100

• Number deployed: More than 350,000

12.10.15Trusted Identities 33

Brazil ICP

Civil Identity Registry

Overview

ICP Brazil was introduced as federal law in 2001; In 2010 Brazil

introduced the Tax payer Identity Registry – to issue 150 million cards in

9 years

Specifics

• Create a national PKI solution for electronic ID

• Solution must ensure authenticity, integrity, non-repudiation,

secrecy combined with legal validity

Solution

• More than 2M PKI-based smart cards and tokens were

provided to leading Brazilian CAs such as Certisign, Serasa

and directly to state agencies

12.10.15Trusted Identities 34

National ID Oman

Sultanate of Oman

Overview

Oman created a National Registry System to modernize the identification

system and make it more efficient and secure for both government

officials and citizens

Specifics

• Provide citizens with PKI smart card that stores personal

credentials such as name, address, digital photograph,

fingerprints, driving license, etc.

• In addition to digital identification, electronic gates have been

implemented for border control. The national ID card will

integrate an electronic purse as well as e-government

applications.

Solution

• Product: Gemalto IDPrime smart cards

• Number deployed: 2.5M

12.10.15Trusted Identities 35

U.S. Common Access Card

US Department of Defense

Overview

The DoD conducted a review and realized efficiency and financial

benefits that would come from moving identity management from

individual locally maintained systems to a centrally managed approach.

Specifics

• Every employee of the DOD would be issued a single

common identity credential (CAC) to be used for physical

access, access to specific services, logical access to

information systems including ensuring confidentiality and

accountability in email based communications

• The card is personalized with three PKI certificates and some

30 demographic data elements

Solution

• More than 17M CAC cards have been provided to employees

of the DOD since the program began in 2001

12.10.15Trusted Identities 36

Other international customers

National ID• Kuwait: • Switzerland: • Nigeria: Belgium• Czech Republic • Finland: • France• Sweden• Portugal• Lithuania • Qatar• Oman• UAE• Kingdom of

Bahrain

• Saudi Arabia• Gabon• Hong Kong• Mongolia• Denmark• Taiwan

eHealth• Italy• Algeria• Bulgaria• France• Germany• Gabon• Sweden

• UK• Puerto Rico• Slovenia

Border & Visa• Ghana• Argentina• Norway• Croatia• Morocco• South Africa

Gemalto has contributed to more than 80 successful government

programs worldwide and has all the required project management

skills, reputation and expertise to deliver the IT infrastructure

Thank you!

37