smartcard forum 2010 - secured access for enterprise
DESCRIPTION
TRANSCRIPT
IIIIISmart Card Forum – PragueSecured Access for entreprise
Jérôme Soufflot
Bus dev EMEA Channel Manager
May 20 , 2010
Agenda
2
Overview Gemalto IAM offer
Gemalto Presentation
Share expertise with Use cases
Update on Smart Card & components technology
3March 2010
Gemalto key figures
€ 1.65 billion revenue 2009
Innovation: 11 R&D centers worldwide
1,400 engineers
103 inventions first filed in 2009
Over 4,500 patents/applications
Global footprint: 18 production centers
30 personalization facilities
77 sales & marketing offices
Experienced team: 10,000 employees
90 nationalities
42 countries% of FY ’09 revenue
Europe,
Middle East,
Africa
€ 929m56% of revenue
North & South
America
€ 394m24% of revenue
Asia
€ 331m20% of
revenue
Regional revenue
Producing and securely personalizing over 1.5 billion devices in 2009
Serving 450 mobile operators worldwide with some 1.8 billion SIM cards
addressable by our solutions
Supplying over 350 banks worldwide with banking cards in the hands of
over 800 million people
Supplying ePassports to countries with some 600 million citizens
30 years experience in designing and producing secure personal devices
Gemalto’s secure personal devices are in the
hands of billions of individuals
4March 2010
Strategic alliances and partners
Alliances with major industry players in all Business
Units telecommunications, ID and security
Joint initiatives with leading payment associations
Network of 400 partners with worldwide coverage
Business partners: VARs, resellers, distributors,
systems integrators
Solution and technology partners
– Increase Gemalto solutions portfolio
– Ensure interoperability with leading solution providers
March 2010 3
Cards, Tokens
& OTP Readers
6
BU Security - IAM Enterprise OfferSmart Card
Readers
Services, Fulfillment and
supportOperated services
Drivers, applications and authentication servers
Hosts the One-Time-Password application
Hosts the OTP secret keys and (can) protect them with a PIN
Computes the OTP
Secure chip
Tamper-proof
Resistant from
hardware attack
Resistant from
software attack
What is the Role of the Smart Card?
OTP
Hosts digital certificates
Hosts user PIN
Computes encryption /
signing cryptography
PKI
Example of Smart Card Use in Enterprise
Secure access to buildings
Secure access to Entreprise networks
Secure access to Entreprise
applications
Authenticate employees digitally
and physically
•email •Digital signature
E-signer SoftwareVerification
server
Web server
Data
Management
Applications
Passwords and
OTP
Barcode &
Magnetic encoding
PKI Certificates
Photos
Physical
Access
Controls
Entreprise Data
Se
cu
rity
Feature set
2 factor
authentication
OATH OTP on card +
Gemalto SA Server
PKI Certificates +
MS Base CSP
•Certificate based logon
•Digital Signature
•Encryption
•Secure Storage
3 factor
authentication
Strong authentication for Enterprises
User
name and
password
9
CARDS & MIDDLEWARE
10
11
TPC
Regional Offer: IAS, CNS, SetAccess
.NET
TOP
Card Families
12
Differentiating features Core Message Target Customers
.NET
Minidriver PKI architecture
OTP OATH onboard
Bio solution
.NET dev. environment
FIPS 140-2 level 3
Microsoft integration
Easy to deploy / Low TCO
Versatility (form factors, OTP)
Mainstream offer
MS-centric F500
SMEs through
Channel
TPCCommon Criteria EAL 4+
certification
CC certified for legally
binding signatureFortune 500
Direct or through SIs
TOP
Javacard,
Global Platform
Dual Interface
FIPS 140-2 level 3
Multiplicative Cryptographic
Javacard Platform System Integrators
IASIAS ECC Compliant
CC EAL4+ certification
Emerging european
regulatory compliance
Regional (France,
Europe?)
Government
Healthcare
Differentiation & Positioning
13
Middleware Management systems
.NETNone for Windows
Libraries for Linux & MacOS
Gemalto DAS
Microsoft ILM
Intercede myID
Opentrust SCM
Versatile vSEC:CMS
TPC Classic Client V 6.0
Microsoft ILM
Opentrust SCM
Intercede myID
TOP n/a n/a
IASClassic Client V6.0 Opentrust SCM
Microsoft ILM
Middleware, Management & Competition
Features, Value Proposition & Mgmt. options
14
Main Features PKI and OTP authentication
Minidriver for Windows XP, Vista, W7
Diversity of form factors
PKCS#11 libraries for Windows, Linux, Solaris and Mac
Wide integration in the IAM ecosystem
.NET development platform
Value Proposition Ease of deployment, reduced Total Cost of Ownership
Versatility (2 authentication mechanisms, variety of form factors)
Ease of integration (wide ecosystem integration)
Management Options SME: Gemalto DAS, Versatile VSEC:CMS
Large Enterprise: Microsoft ILM, Intercede myID and Opentrust SCM
CONNECTED PKI & SECURE
FLASH TOKENS
15
Features & Value Proposition
16
Unique feature Use
USB eSeal token v2
Java Smart Card based
pki Classic client
USB Shell Token v2 + NET CCID .NET based
pki
USB Shell Token v2 +
TPC IM CC CC EAL4+ /
PPSSCD Pki
Classic client
SA .NET Dual
connected / non
connectedMobility & security
pki + OTP
17
Features & Value Proposition
HID =Human Interface Device
Unique
featureUse
SEG
CCID .NET
MS CAPI & CSP
pki + secure
storage
SG
HID
pkcs#11
secure storage +
P11
SG FIPS
Fips 140-2
level 3secure storage
18
Prox-DU
Product Launch
May 2010
Prox-DU with Stand
READERS Prox
Prox-SU
SOFTWARE
19
What is SA Solutions?Gemalto SA Solutions is the product offer for
Strong Authentication (SA) relying on One Time Password (OTP).
This offer is made ofA validation server and some software components:
Gemalto SA Server (version 4)
SA Server authentication agent software
SA Server Sconnect plug-in
Authentication tokens:Easy OTP Token
.Net smart card or
.Net smart card plug-in format embedded in a GemPC Shell reader to build an USB token
.Net Display card
.Net Dual token
Smart Enterprise Guardian
Authentication is targeted for every company with:Mobile workers who want to access to their enterprise resources: network, mail, web pages, etc.
Employees accessing to private data through the Internet, an Intranet, etc.
20
21
Token Management System
Managed by
End User
Managed by
Enterprise
Smart TMS“Self”
Main Use:Centralized Deployment and Token Control
Remote Pin Unblock
Resize partitions
Update for maintenance
Report Token lost for data dest.
Applicative content management
Token recovery
Security Policy management
Usage reporting
Token Issuance workflows
SOFTWARE .NET Bio
Features & Value Proposition
22
Main Features Middleware and cards available for Window XP, Vista and 7
Up to 10 Fingerprints (FP) stored and matched on card
Support of Base CSP and PKCS#11 architectures
Windows 7 version
Support of the Windows Biometric Framework (WBF)
PKI and Non PKI version support
Value Proposition Security: 2 or 3 Authentication Factors
Device + PIN and / or FP
No need to manage PINs or Passwords
Cost saving, convenience, security
Privacy, compliance to regulations
Non repudiation
.Net solutions
Axa Technology Services (France)
Situation: A subsidiary of the AXA Group providing IT
infrastructure services and support to most of the group’s
companies.
Challenge: Equipped end-user hardware (6K Agents , brokers)
project with a smart card-based strong authentication platform that
also supports biometrics & provide convenience
Solution: .NET Bio (strong authentication with a biometrics-
enabled smart card)
Benefits
Rapid solution development and implementation at
customer level
Multi-authentication modes (PIN only, fingerprint only,
PIN & fingerprint)
Converged badge solution for physical and logical
access reduces data loss network attacks, password
sharing and badge swapping
Enhanced end-user experience, convenience and
flexibility for secure network access
Situation
10 K users in locations
around the world
Military and civilian staff
Challenges:
Need for Strong Remote
authentication to online
services
Combining OTP and PKI
for 2 different security
clearance access levels
Ecosystem
Partners: Microsoft, EDS,
BT, CAP Gemini
Solution
.NET Card with PKI & CAP
OTP
20K cards delivered.
Ministry of Defense (European country)
26
Telenor Hungary -Pannon
(Compuworx)
Situation: Population: 1500 employees.
Challenge: New HQ building ; new system for
authentication & access control
Solution: A converged .NET badge (Hybrid
with Mifare technology),
Applications:
PC log on
Ecosystem :
Microsoft ILM
Benefit:
1 single badge, higher security, easiest
management
27
Petroleum Development Oman (PDO)
(GBM)
Situation:
PDO is the main exploration company in Oman
Population: 9000 employees & subcontractors working in
9 majors location across Sultanate of Oman
Challenge:
Unify logical & physical access in one card
Implement Microsoft CA
User smart cards for SSO
Solution:
A converged .NET badge (Hybrid with HID technology),
Applications:
PC log on
Physical Access
Ecosystem :
Microsoft ILM
Benefit:
1 single badge for multiple accesses
Cost saving: .Net lowest TCO
Better governance
Improve control
28
University of Macedonia
(Intec partner)
Situation: Population: 7000 users (Students and staff).
Challenge: Have a solution offering security, services
and automation for staffs & students
Solution : A multiapplication student smart badge (.Net card, GTO readers)
Applications on the student smart badge solution:Identification,
Access control
Computer Login
VPN
Esignature
Wifi
EcosystemMicrosoft MSC as system integrator
Microsoft FIM for identity management & certificate
Microsoft CRM Dynamics
Benefits:Simplicity & Security: With easy and secure applications access control
Self service : The student takes care of the enrolment “certificate “ himself
Improved student population database management
Welcome in Gemalto Partner Network
Gemalto has solid long-term relationships with its partners by
focusing on customers and skills
we offer solutions that are fully interoperable and configurable
to meet the requirements of our customers.
Gemalto partners are the leaders in their respective
categories: software, communications, security products,
identity management systems, data centers, logistics, …
29
Questions?Jérôme [email protected]: Channel Bus dev EMEA
Tel. : +33 (0)1 55016148