Hello, It's Me: Mobile Options for End-User Authentication
|
|
- Primrose Gregory
- 8 years ago
- Views:
Transcription
1 Hello, It's Me: Mobile Options for End-User Authentication As enterprises re-evaluate their strategies for authenticating end-users with methods that are stronger than traditional usernames and passwords, solution providers are responding by developing innovative options for authentication that leverage what is arguably the most personal, indispensable and ubiquitous of all modern devices the mobile phone. This Analyst Insight frames the expanding range of mobile options that are available for end-user authentication in the enterprise. March 2012 Analyst Insight Aberdeen s Analyst Insights provide the analyst perspective of the research as drawn from an aggregated view of surveys, interviews, analysis and industry experience. Business Context: A Wake-Up Call for Authentication Starting in the second half of 2011, Aberdeen's research in IT Security has noted multiple times that many enterprises are re-evaluating their strategies for authenticating their end-users with methods that are stronger than traditional usernames and passwords. Business context driving these initiatives includes compliance, vulnerabilities and threats, and mobility: The latest findings and recommendations from the agencies of the Federal Financial Institutions Examination Council (FFIEC), issued in a June 2011 supplement to its October 2005 guidance on Authentication in an Internet Banking Environment. The supplemental guidance highlights a number of authentication controls as being more effective in the context of current threats, although no specific controls or technologies are positively endorsed. The highly-publicized headlines of recent successes by the Internet's many attackers and foes, including security breaches at traditional market-leading solution providers such as RSA, The Security Division of EMC and DigiNotar, the now-defunct Netherlandsbased subsidiary of VASCO Data Security. These and other highprofile incidents have collectively served as an industry wake-up call regarding the changing nature of the security threat landscape increasingly, attacks are highly targeted to specific organizations; carefully crafted based on intelligence-gathering about systems, business processes and individuals; and executed across multiple vectors in a manner which is designed to evade detection. The rapid, remarkable impact of enterprise mobility. Mobile devices are ubiquitous, indispensable, highly personal and carried by virtually all demographic groups and are increasingly being leveraged by enterprise IT departments to enhance end-user authentication and improve overall enterprise security (see sidebar). This last point underscores the primary focus for this latest Analyst Insight a look at mobile options for stronger end-user authentication in the enterprise. Fast Facts Findings from Aberdeen's global study of more than 850 organizations, conducted in 1Q2012, help to describe the challenges and the opportunities created by the "bring your own device" trend in enterprise mobility. Enterprise policy toward employee adoption of mobile devices for business purposes: 33% employees must use company-issued devices 38% company-issued mobile devices are available, but employees may use their own devices if they choose 15% employees are responsible for supplying their own mobile devices 14% no formal policy Enterprise supports mobile software applications for business purposes: 42% yes 18% planned < 12 months 19% evaluating 21% no This document is the result of primary research performed by Aberdeen Group. Aberdeen Group's methodologies provide for objective fact-based research and represent the best analysis available at the time of publication. Unless otherwise noted, the entire contents of this publication are copyrighted by Aberdeen Group, Inc. and may not be reproduced, distributed, archived, or transmitted in any form or by any means without prior written consent by Aberdeen Group, Inc.
2 Page 2 Mobile Options for End-User Authentication Compared to traditional options for stronger end-user authentication, options that leverage today's mobile devices offer several general benefits including lower barriers to adoption for end-users (who leverage devices they already carry and know how to use), and lower total cost of ownership for the enterprise (who leverage devices the end-user may have purchased, potentially for multiple business purposes). The most common mobile options for end-user authentication in the enterprise that Aberdeen sees in its IT Security research are one-time passwords, digital certificates and out-ofband authentication. One-Time Passwords One-time passwords (OTP) are the classic example of two-factor end-user authentication, because they combine something the end-user knows (typically a personal identification number, or PIN) with something they have (traditionally a standalone hardware device referred to as a token, which generates a pseudo-random number every 60 seconds or at the push of a button). The combination of these two factors PIN plus one-time password creates a unique login credential that is valid for a single use. Software tokens are software applications which provide functionality that is essentially equivalent to that of traditional standalone hardware tokens. The end-user enters their username and password, along with their PIN and one-time password from the mobile device, to access enterprise resources (Figure 1). Over the last decade, solution providers have significantly expanded the range of mobile platforms supported by software tokens including smart phones, tablets, and SIM cards for greater end-user convenience and lower total cost than hardware tokens. Definitions In general, factors for enduser authentication include: Something you know (such as a PIN) Something you have (such as a phone, a card or a token) Something you are (such as a voice or finger biometric) Something you do (such as typical patterns of behavior, or the unique dynamics of end-user typing on a keyboard) SIM (Subscriber Identification Module) cards are used to identify and authenticate end-users (subscribers) on mobile phone networks. Among other things, each SIM card contains a unique serial number, the unique mobile phone number of the end-user, and other security and network information. Figure 1: One-Time Passwords Enterprise Mobile Applications (Software Tokens) Server-based authentication solutions send a one-time passcode to a pre-registered mobile phone (e.g., in an SMS message), which the end-user enters together with their PIN, username and password to access enterprise resources (Figure 2). A simple way to think of it is that software tokens generate one-time passwords locally (on the mobile devices that endusers are holding in their hand), while server-based authentication generate one-time passwords remotely (in the cloud).
3 Page 3 Figure 2: One-Time Passwords Server-based (e.g., SMS) Enterprise mobile applications refer to small-footprint software applications which are specifically designed to run on smart phones, tablets or other mobile devices, and which are optimized for graphical, touch-based user interfaces (i.e., they are not browser-based). New approaches to providing authentication and other security capabilities for enterprise mobile applications include software developer kits (SDKs) for embedding one-time password authentication functionality directly into the application code. In these scenarios, the mobile application automatically and transparently provides the one-time password as part of accessing the enterprise resource (Figure 3) which not only enhances end-user convenience, but also defends against man-in-the-middle attacks. Definitions Man-in-the-Middle or Man-in-the-Browser refers to scenarios in which an attacker hijacks an online session by transparently inserting himself between the end-user and the legitimate target resource. Figure 3: One-Time Passwords Enterprise Mobile Applications (embedded SDK) Digital Certificates Digital certificates are credentials which have been issued by a trusted authority (a certification authority, also referred to as a certificate authority, or CA); they establish a relationship between a specific end-user and a specific cryptographic key. Certificates are in turn the foundation for a wide range of capabilities, including end-user authentication (e.g., to the endpoint / desktop, for network access, for remote access, for privileged administrative accounts), digital signatures (e.g., signed ), encryption of sensitive data (e.g., encrypted , secure file transfer), and physical access (e.g., integration with physical access control systems for building entry).
4 Page 4 Digital certificates are supported on a wide range of form factors, including smart cards, smart phones, SIM cards, chip-based tokens, bank cards and electronic passports. Newly emerging software smart cards for smart phones provide certificate-based functionality equivalent to that of a standalone smart card (Figure 4). In addition, leading vendors are introducing innovative solutions that leverage software smart cards and proximity-based smart phone technologies such as Bluetooth and NFC (nearfield communication) to provide automatic login and automatic logout to local workstations or physical access control systems. Fast Facts Digital certificates are also supported in a variety of standardized formats for example, see X.509, EMV which specify attributes such as version, serial number, algorithm, issuer, validity period, and optional extensions. Figure 4: Digital Certificates Enterprise Mobile Applications (Software Smart Cards) Interoperability and acceptance of certificates and smart cards continues to be driven positively by US Federal government-led initiatives, e.g.: PIV-I (Personal Identity Verification Interoperable) cards, which meet the technical specifications to work with US Federal PIV infrastructure (e.g., card readers), and which are issued in a trusted manner ICAM (Identity, Credentialing and Access Management), the US Federal initiative defining a government-wide architecture for trusted credentials Enhanced support for certificates and smart cards within the Microsoft platform is also reducing barriers to adoption, for example: Support for smart cards as Plug and Play components of Windows 7 The introduction of Direct Access, for secure remote connections which are transparently chained to a smart card-based Windows logon Out-of-Band Solutions Out-of-band authentication (OOBA) refers to a scenario in which an end-user enters their username and password to access an enterprise resource, but must also respond in a different band or channel (e.g., a phone call, text message, or push notification to a mobile app) as an integral part of Fast Facts PIV-I is designed to drive interoperability with the US Federal PIV infrastructure for: Federal agencies, contractors, suppliers and business partners State and local governments First responders Healthcare workers ICAM is designed to improve electronic access to government services for: Federal agencies, contractors, suppliers and business partners US citizens
5 Page 5 the authentication process (Figure 5). In a similar way, out-of-band solutions can be used to ask the end-user to verify online transactions (e.g., approve a transfer of $X to Account Y at Bank Z). Figure 5: Out-of-Band Authentication (OOBA) and Transaction Verification Note that server-based authentication solutions that send a one-time passcode in an out-of-band channel (e.g., an SMS message with a one-time passcode, sent to a mobile phone as discussed above), are not considered out-of-band authentication, because the end-user enters the one-time password together with their username and password (in the same channel) to access the enterprise resource. Companies evaluating out-of-band technologies for end-user authentication should ensure that their solution providers protect them with appropriate legal indemnification, in the event of potential future disputes over intellectual property in this area (see footnote in Table 1). Aberdeen's Research Findings: Mobile Adoption Figure 6 provides a snapshot based on multiple Aberdeen research studies conducted in the first half of 2011 of how these general classes of phonebased technologies for end-user authentication are currently being adopted in enterprise environments, along with plans and evaluations for future adoption. In terms of current use: All companies currently allowing end-users to access enterprise resources using mobile phones are currently supporting mobile web access Four out of five (83%) respondents are currently using enterprise mobile apps for business purposes, with leading performers deploying an average of 11 employee-facing enterprise mobile apps and lagging performers deploying an average of 5 More than half (55%) have a current mobile device management initiative Two out of five (41%) currently support one-time passwords About one in four (25%) currently support digital certificates Definitions Mobile web access refers to the most basic approach for mobile end-user authentication, in which the enterprise resources being accessed are web-based e.g., Outlook Web Access and the end-users authenticate within their mobile web browsers using traditional username and password. Mobile device management (MDM) solutions generally include device authentication capabilities (based on dozens of device parameters such as time, location, configuration settings, and other attributes), in addition to user authentication and application controls, as the means to control end-user access to enterprise resources. Aberdeen's research has shown that MDM is commonly the first step in a broader enterprise mobility management (EMM) initiative.
6 Page 6 About one in four (23%) currently support out-of-band authentication Relative to current use, the responses for planned use in the next 12 months and current evaluations indicate very high market interest in stronger forms of end-user authentication than basic username / password. Figure 6: Adoption of Phone-based Authentication (1H2011) Mobile web access 100% Enterprise mobile apps 83% 10% Mobile device management 55% 24% One-time passwords 41% 19% Digital certificates 25% 26% Out-of-band authentication 23% 24% Percentage of All Respondents Current Use Planned or Evaluating Source: Aberdeen Group, July 2011 Customer Case-in-Point: Direct Marketing Services Founded in 1923, a leading provider of business-to-business direct marketing services today generates nearly $1B in annual revenue and serves its global customer base with approximately five thousand full-time employees worldwide. Security-related pressures that led to the company's recent adoption of one-time password software tokens on employee-owned smart phones and tablets include: Client contracts and regulatory compliance requirements, which impact the manner in which customer and prospect data may be captured, handled, analyzed and disseminated Consumer concerns about the privacy and security of their data, which could lead them to exercise their ability to prevent such data from being collected, used or shared Management of third parties, which provide a portion of the overall services in certain engagements "Many of our customers, especially those in the financial services and healthcare segments, expect this feature to be a standard component of our security program," explained the company's Director of IT. "While one-time passwords do involve an additional step in the process of our end-users obtaining remote access to our network, the increased security it provides to us and our customers far outweighs any inconvenience." Phased rollouts of software tokens from Entrust began in 2011 for all of the company's SSL VPN users, representing about 30% of the total employee
7 Page 7 population. Because of the company's desire to minimize its total cost of ownership by supporting software tokens on employee-owned smart phones and tablets, the ability to support grid cards as a low-cost alternative for employees without their own smart phone or tablets from the same Entrust IdentityGuard management console was a key solution selection criteria. Rollout of the software token solution did uncover a few tangential issues early on, for example the fact that the company's SSL Server Certificates had expired. "On the one hand we were communicating that the installation of software tokens is mandatory and urgent," noted one company vice president, "While on the other hand, every employee following the directions to comply was receiving an error message saying that the certificates were invalid and recommending not to continue." But as these issues were overcome, the company is satisfied with the overall balance of security, total cost and end-user convenience offered by its selection of a primarily phone-based option for end-user authentication. Definitions Grid cards refer to a 5-row by 10-column matrix of numbers and characters which has been uniquely created and issued to each end-user. When logging in, end-users are asked to provide the corresponding information from a number of specific cells (e.g., the number or character from the cell D5) as their one-time password. Grid cards can be printed (wallet-size) and carried physically, or produced and stored electronically. Solutions Provider Case-in-Point: Entrust (Dallas, TX) Since the mid-1990s, Texas-based Entrust has developed identity-based IT security solutions including strong authentication, fraud detection, digital certificates, SSL and EV SSL Server Certificates, and Public-Key Infrastructure (PKI) that today support more than 5,000 organizations in over 85 countries. Historically, Entrust's customer base has been particularly strong in the areas of government, financial services, telecommunications, pharmaceuticals, aerospace and defense. Figure 7: Entrust IdentityGuard Software Authentication Platform Many Authentication Methods, Common Management Console Source: Entrust, March 2012 The Entrust IdentityGuard solution is a flexible software authentication platform and common management framework that allows organizations to select the appropriate balance of security, total cost and convenience for each segment of their end-user population. Entrust IdentityGuard is designed to support a broad range of authentication methods from a common management console (Figure 7) including solutions for
8 Mobile application (software token) Server-based (SMS) Mobile application (embedded SDK) Hardware-based (e.g., SIM) Hardware-based (e.g., SIM, NFC) Mobile application (software smart card) Authentication (1) Transaction Verification MDM Integration Hello, It's Me: Mobile Options for End-User Authentication Page 8 website authentication, desktop authentication, building access, cloud authentication, remote / mobile access, secure , digital signatures, government eid and passport, and government ehealth and citizen ID. In the context of this Analyst Insight, Entrust IdentityGuard provides the broadest support among leading solution providers for mobile options for end-user authentication (see Table 1). Solutions Landscape (illustrative) Solution providers of mobile options for end-user authentication range from those who focus on specific methods (e.g., OTP, certificates, OOBA), to those who focus on specific mobile platforms (e.g., SIM), to those who support mobile options as part of a broader, "platform" approach to enduser authentication. Table 1 provides an illustrative list. Table 1: Mobile End-User Authentication for the Enterprise One-Time Passwords Digital Certificates Out-of- Band (3) Solution Providers (illustrative) Entrust X X X X X x X X VASCO X X X X RSA / EMC X X X x x X Gemalto X X X X X ActivIdentity X X X SafeNet X X Quest Software X X Symantec (VeriSign) X X X Swivel X X StrikeForce (2) X X X PhoneFactor X X Authentify X X Note 1: OOBA capabilities based on a partnership with Authentify are designated by "x" Note 2: Ram Pemmaraju, CTO of StrikeForce Technologies, is credited by the US Patent Office as the inventor of US Patent # , "Multichannel Device Utilizing a Centralized Out-of-Band Authentication System," issued January 2011 Note 3: At the time of publication the number of partnerships, acquisitions and in-house development efforts related to the integration of mobile authentication and mobile device management capabilities is on the rise; readers should confirm current status in this regard directly with the respective solution providers
9 Page 9 Summary and Key Takeaways As enterprises re-evaluate their strategies for authenticating end-users with methods that are stronger than traditional usernames and passwords, mobile devices are becoming even more attractive as the means for addressing mounting regulatory pressures for stronger authentication, an increasingly sophisticated vulnerability and threat landscape, and unrelenting expectations of mobility for the typical enterprise end-user. Solution providers are responding by developing innovative options for enduser authentication that leverage these mobile devices, particularly in the area of one-time passwords, digital certificates and out-of-band authentication. Solution providers of mobile options for end-user authentication range from those who focus on specific methods (e.g., OTP, certificates, OOBA), to those who focus on specific mobile platforms (e.g., SIM), to those who support mobile options as part of a broader, "platform" approach to enduser authentication. From the end-user perspective, mobile authentication solutions have several advantages: Mobile devices are faithfully carried and used already, so barriers to adoption are low Mobile solutions are generally designed to be familiar and easy to use, so little training is required Mobile devices are generally always in the end-user's possession, so the authentication experience to enterprise resources is always consistent From the enterprise perspective, advantages of mobile authentication solutions include: Mobile devices already exist and can be leveraged for multiple business purposes, which lowers total cost of ownership for the enterprise The question "what devices are on the enterprise network" can be addressed by device authentication (e.g., the issuance of a digital certificate to provide each device with a unique digital identity); Aberdeen's research in network access has shown that the leading performers are nearly 2-times more likely than the lagging performers to have implemented this capability Many enterprise users have more than one mobile device; the business needs to establish a level of assurance not only for what devices are accessing its network, but also for what authorized identities are behind those devices Mobile authentication solutions complement existing mobile device management initiatives, which already exist at more than half of all companies participating in Aberdeen's 2011 study
10 Page 10 Enterprises should first establish what strategic objectives they are trying to achieve with their enterprise mobility management initiatives e.g., compliance, risk, total cost, convenience, collaboration and then select the mobile options for end-user authentication that best supports these needs. In other words: first why, then how. For more information on this or other research topics, please visit Jumping on the Out-of-Band Wagon; January 2012 Stronger Authentication for Small and Mid-Sized Businesses; November 2011 Too Trusted to Fail: Attacks on SSL Server Certificate Infrastructure in 2011; October 2011 Enterprise Mobile App Strategies; October 2011 Enterprise-Grade BYOD Strategies; September 2011 The Case Against Passwords: Reevaluating Stronger User Authentication; August 2011 The Case for Smart Cards; July 2011 Enterprise Mobility Management Goes Global: Mobility Becomes Core IT; July 2011 Related Research IAM Integrated: Analyzing the Platform versus Point Solution Approach; June 2011 Managing Identities and Access; March 2011 Secure Remote Access: From the Outside In, to the Inside Out; January 2011 The Zen of Network Access; Dec Five Key Capabilities for Gaining Visibility and Control over Your Network Devices, Endpoints and End-Users; Sept Logon Once, Access Many: The Pursuit of Single Sign-On; March 2009 One-Time Passwords for Two-Factor Authentication; January 2009 Managing Privileged Users; Nov Strong User Authentication: Best-in-Class Performance at Assuring Identities; March 2008 Author: Derek E. Brink, Vice President and Research Fellow for IT Security For more than two decades, Aberdeen's research has been helping corporations worldwide become Best-in-Class. Having benchmarked the performance of more than 644,000 companies, Aberdeen is uniquely positioned to provide organizations with the facts that matter the facts that enable companies to get ahead and drive results. That's why our research is relied on by more than 2.5 million readers in over 40 countries, 90% of the Fortune 1,000, and 93% of the Technology 500. As a Harte-Hanks Company, Aberdeen s research provides insight and analysis to the Harte-Hanks community of local, regional, national and international marketing executives. Combined, we help our customers leverage the power of insight to deliver innovative multichannel marketing programs that drive business-changing results. For additional information, visit Aberdeen or call (617) , or to learn more about Harte-Hanks, call (800) or go to This document is the result of primary research performed by Aberdeen Group. Aberdeen Group's methodologies provide for objective fact-based research and represent the best analysis available at the time of publication. Unless otherwise noted, the entire contents of this publication are copyrighted by Aberdeen Group, Inc. and may not be reproduced, distributed, archived, or transmitted in any form or by any means without prior written consent by Aberdeen Group, Inc. (2012a)
Entrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationIDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape
IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationEntrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant Sam.linford@entrust.
Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments Sam Linford Senior Technical Consultant Sam.linford@entrust.com Entrust is a World Leader in Identity Management and Security
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationAuthentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationThe Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device
The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-668-6536 www.phonefactor.com Executive
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationStrong Authentication. Securing Identities and Enabling Business
Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationOut-of-Band Multi-Factor Authentication Cloud Services Whitepaper
Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper StrikeForce Technologies, Inc. 1090 King Georges Post Rd. Edison, NJ 08837, USA Tel: 732 661-9641 Fax: 732 661-9647 http://www.sftnj.com
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationStrong Identity Authentication for First Responders
Strong Identity Authentication for First Responders Entrust Solutions for Compliance to U.S. Department of Homeland Security First Responder Authentication Credential (FRAC) Standards Entrust Inc. All
More informationDefending the Internet of Things
Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity
More informationTECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS
TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationGlobal Multi-factor Authentication Market 2015-2019
Brochure More information from http://www.researchandmarkets.com/reports/3058588/ Global Multi-factor Authentication Market 2015-2019 Description: About Multi-factor Authentication Multi-factor authentication
More informationVeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationManaged Services PKI 60-day Trial Quick Start Guide
Entrust Managed Services PKI Managed Services PKI 60-day Trial Quick Start Guide Document issue: 3.0 Date of issue: Nov 2011 Copyright 2011 Entrust. All rights reserved. Entrust is a trademark or a registered
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationBoosting Enterprise Application Performance in Distributed Environments
Boosting Enterprise Application Performance in Distributed Environments April 2012 Jim Rapoza ~ Underwritten, in Part, by ~ Boosting Enterprise Application Performance in Distributed Environments Modern
More informationIdentity & Privacy Protection
Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550 CyberSecurity One of the most serious economic
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationTwo-Factor Authentication
Two-Factor Authentication IT Professional & Customer Service Desk Feature Guide Two-Factor Authentication for Exchange Online Office 365 Dedicated & ITAR-Support Plans April 26, 2013 The information contained
More informationHow CA Arcot Solutions Protect Against Internet Threats
TECHNOLOGY BRIEF How CA Arcot Solutions Protect Against Internet Threats How CA Arcot Solutions Protect Against Internet Threats we can table of contents executive summary 3 SECTION 1: CA ArcotID Security
More informationIntel Identity Protection Technology (IPT)
Intel Identity Protection Technology (IPT) Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Steve Davies Solution Architect Intel Corporation 1 Copyright
More informationCA ArcotOTP Versatile Authentication Solution for Mobile Phones
PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding
More informationAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection Complying with the North American Electric Reliability Corporation Critical Infrastructure Protection standards Get this White Paper Entrust Inc.
More informationWhite Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
VENDOR PROFILE Passlogix and Enterprise Secure Single Sign-On: A Success Story Sally Hudson IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
More informationImplementation Guide for protecting
Implementation Guide for protecting Remote Web Workplace (RWW) Outlook Web Access (OWA) 2003 SharePoint 2003 IIS Web Sites with BlackShield ID Copyright 2010 CRYPTOCard Inc. http:// www.cryptocard.com
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationSAFEAPP TECHNOLOGY PROGRAM
SAFEAPP TECHNOLOGY PROGRAM Join our dynamic community of technology application developers that recognize the advantages of SafeNet security solutions. SafeNet Overview................. 3 Partnering with
More informationKey Authentication Considerations for Your Mobile Strategy
Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationDeriving a Trusted Mobile Identity from an Existing Credential
Deriving a Trusted Mobile Identity from an Existing Credential Exploring and applying real-world use cases for mobile derived credentials +1-888-690-2424 entrust.com Table of contents Approval of the mobile
More informationBlackShield ID Agent for Remote Web Workplace
Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,
More informationDigitalPersona Pro Enterprise
DigitalPersona Pro Enterprise Version 5.3 Frequently Asked Questions 2012 DigitalPersona, Inc. All Rights Reserved. All intellectual property rights in the DigitalPersona software, firmware, hardware and
More informationMobile Security. IIIIII Security solutions for mobile as an endpoint. financial services & retail. enterprise. public sector. telecommunications
Mobile Security IIIIII Security solutions for mobile as an endpoint financial services & retail enterprise public sector telecommunications transport IIIIII Table of Contents The challenges of mobile security....
More informationIntel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationI D C V E N D O R S P O T L I G H T
I D C V E N D O R S P O T L I G H T E n f o r c i n g I dentity a nd Access Management i n C l o u d a n d Mobile Envi r o n m e n t s November 2012 Adapted from Worldwide Identity and Access Management
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationProposed Service. Name of Proposed Service: Technical description of Proposed Service: Registry-Registrar Two-Factor Authentication Service
Print Date: 2009-06-25 23:04:33 Proposed Service Name of Proposed Service: Registry-Registrar Two-Factor Authentication Service Technical description of Proposed Service: Background: The frequency and
More informationWHITE PAPER Identity Management in a Virtual World INTRODUCTION. Sponsored by: Aladdin Knowledge Systems. Charles J.
WHITE PAPER Identity Management in a Virtual World Sponsored by: Aladdin Knowledge Systems Charles J. Kolodgy June 2003 INTRODUCTION Today s enterprises need new methods of developing trust in a virtual
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationMIS Impact Report Duo Security looks to shake up authentication market with mobile and service focus Analyst: Steve Coplan 5 Dec, 2011 Duo Security named for the two-factor authentication technology for
More informationNETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES
NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES September, 2015 Derek E. Brink, CISSP, Vice President and Research Fellow IT Security and IT GRC Report Highlights p2 p4 p6 p7 SMBs need to adopt a strategy
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationHOTPin Integration Guide: DirectAccess
1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility
More informationDeploying Smart Cards in Your Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry
More informationStrong Authentication for Healthcare
Strong Authentication for Healthcare Entrust Solutions for Centers for Medicare & Medicaid Services Authentication Compliance Entrust Inc. All All Rights Reserved. 1 1 Entrust is a registered trademark
More informationSwivel Multi-factor Authentication
Swivel Multi-factor Authentication White Paper Abstract Swivel is a flexible authentication solution that offers a wide range of authentication models. The use of the Swivel patented one-time code extraction
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationTECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION
TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION SMS PASSCODE is the leading technology in a new generation of two-factor authentication systems protecting against the modern Internet threats.
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationYour 2013 Guide to Travel and Expense Management. March 2013 Christopher J. Dwyer
Your 2013 Guide to Travel and Expense Management March 2013 Christopher J. Dwyer Your 2013 Guide to Travel and Expense Management The average organization relies on business travel to achieve business
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationProtect Identities for people, workstations, mobiles, networks
ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More informationPROTECT YOUR WORLD. Identity Management Solutions and Services
PROTECT YOUR WORLD Identity Management Solutions and Services Discussion Points Security and Compliance Challenges Identity Management Architecture CSC Identity Management Offerings Lessons Learned and
More informationThe 4 forces that generate authentication revenue for the channel
The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationAn Overview of Samsung KNOX Active Directory and Group Policy Features
C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationThe Cloud, Mobile and BYOD Security Opportunity with SurePassID
The Cloud, Mobile and BYOD Security Opportunity with SurePassID Presentation for MSPs and MSSPs January 2014 SurePassID At A Glance Founded 2009 Headquartered in Orlando, FL 6 sales offices in North America,
More informationWhitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION A RECENT SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PARED WITH THE FACT THAT
More informationTHE SECURITY OF HOSTED EXCHANGE FOR SMBs
THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available
More informationProtectID. for Financial Services
ProtectID for Financial Services StrikeForce Technologies, Inc. 1090 King Georges Post Road #108 Edison, NJ 08837, USA http://www.strikeforcetech.com Tel: 732 661-9641 Fax: 732 661-9647 Introduction 2
More informationNASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)
Frequently Asked Questions (FAQ s) November, 2013 This list of FAQs is a subset of a larger list derived by the Agency. This list is tailored to meet the needs of users at Headquarters. If you do not find
More informationUser Authentication for Software-as-a-Service (SaaS) Applications White Paper
User Authentication for Software-as-a-Service (SaaS) Applications White Paper User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 1 of 16 DISCLAIMER Disclaimer of Warranties
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationAgent Configuration Guide
SafeNet Authentication Service Agent Configuration Guide SAS Agent for Microsoft Internet Information Services (IIS) Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationConfiguration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06
SafeNet Authentication Service Configuration Guide 1.06 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationMODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
More information