Multifactor authentication systems Jiří Sobotka, Radek Doležel

Size: px
Start display at page:

Download "Multifactor authentication systems Jiří Sobotka, Radek Doležel"

Transcription

1 Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Fakulta elektrotechniky a komunikačních technologií VUT v Brně Abstract - In this article are described methods of deploying systems of multifactor authentication. For two factor authentication were used two technologies from different industry area leading companies. Each system has different approach to the secure authentication issue. In the last part are described benefits of fourth factor of authentication. 1 Introduction A S the computer networks spread to almost all parts of human life became more vulnerable thanks to the enormous number of access points and connections between terminals. Classical method of authentication by user name and password is not anymore sufficient enough for credible user identification. The user password system has two main disadvantages: the passwords are either simple and easily guessable or very difficult and most of the users are going to write them somewhere and jeopardize the security of password. Even if a system administrators force the users to periodically change the passwords, the risk that an attacker will obtain the password by guessing or by brute force attack are still a threat. Still many companies are using this system as the only way of protecting their data. Furthermore authentication by password is for system operator very expensive, financial burden of for example password recovery service represent a considerable amount of the help desk time. Nevertheless breaking of the system security and loss of the data can be much more expensive for the company. 2 Authentication Authentication is a process of verifying the identity of a person requiring access to the system. To prove that I am really the person I claim is possible by following factors: Knowledge of an information password or PIN Possession of a thing token or card (two factor authentication) By a personal characteristic biometry, fingerprint for example (three factor authentication) Nowadays when identity theft problems are becoming a serious issue is a confidence in digital identity very important. More factors can be required for identification at system login to higher the authentication credibility. In the terms of secure access to the system it is necessary to distinguish between authentication and authorization, when authentication provides user identification and authorization define area of user activity in the system. 2.1 Authentication by password Authentication by password is the most used but also the most vulnerable form of authentication. Considerable effort has been used to develop system of password administration with different levels of password complexity; still obtaining the password by an attacker is only a matter of used tools and time. Propriety of using password authentication system has to be considered in comparison with value of assets secured by the system. In most of the cases higher level of security is required. 2.2 Two factor authentication Use of the two factor authentication considerably increases the system security level by forcing users to identify themselves by two identification factors. In most of the cases it is password (something the user knows), and a token (something the user has). These devices are very small and suitable for carrying them in pockets or together with keys. They usually contain keys for the cryptographic algorithms, user s digital ID, user s digital signature. The user s data are secured from compromising, because they all are stored in the token instead of hard drive. These devices are protected from tampering and thanks to the hard shell are quite durable. For successful login to the system, the token has to be plugged in to the USB port and correct PIN has to be entered by keyboard. The computer then carries out communication with authentication server for verifying user identity. 2.3 Thirth factor Thirth factor, which can be used for user identification and authentication, is a biometrical feature of the person requiring access to the system. Detailed description of biometrical methods is beyond scope of this article. 3 Applications of two factor authentication 30

2 Application of more methods of authentication is called multifactor authentication, or strong authentication. In our work we are focusing on two factor authentication. Classical example of two factor authentication is a credit card issued by a bank. To access your account by ATM you need to insert a card (something you have) and enter a PIN (something you know). As the organizations are improving security of their information systems, multifactor authentication is becoming popular. The organizations usually already have databases of user and user passwords and thus implementation of USB tokens is a convenient way how to improve security of entire system. Price, easy application and usage contribute to expansion of tokens. 3.1 Principle of the USB tokens USB tokens serves as a convenient storage of certificates for authentication, identification a digital signature. Every organization can create own token deployment strategy as well as system rules. Tokens can be easily distributed among large group of users in a short time period, even for large geographic distances. USB token is used to verify user identity and then allows access to required resources in the area of user authorization. USB tokens were used for storage of private keys and certificates in PKI and VPN technologies. Cryptographic USB tokens are perfect supplement of VPN for enterprises requiring secure distant access to company network. Nevertheless, USB tokens have many applications allowing strong and simple solution and offers additional benefits [1]: Security Cryptographic keys, certificates and personal information are safely stored in hardware device secured from extracting information. Portability Small size of devices allow carrying them in the pocket and having all personal information always accessible. Universality USB token can be used for save all kinds of information. Provides functions as cryptographic calculations, storage of authorization data, physical and logical access control. Simple and convenient usage Simple plug in to the USB port make all security functions accessible Modernization USB tokens can be easily modernized for support of biometry, PKI and other functions without change of current devices. Companies working with sensitive user data, financial systems, etc. are subject of controls executed by governmental institutions. Proper security from compromising, unpermitted access, wiretapping or tampering is being verified. 3.2 Technology SafeNet ikey USB Token USB tokens SafeNet are devices for secure authentication, can contain user s authorization data as passwords, keys, certificates or biometrical data and all of that in a very secured way. The device has operational system (DKCCOS), which provide secure access to the stored data. The tokens can be used in PKI systems as well as in different systems. SafeNet ikey USB Token is a portable PKI device of a small size, so it can by carried in a pocket. It generates and store digital data as private keys, digital certificates, user names and passwords and biometric templates. SafeNet USB Tokens provides easy application of advanced authentication without need for install additional devices. ikey represent hardware device, resistant to copying stored information, conformational by FIPS (Federal Informational Processing Standard), Level 2 and FIPS 140-2, Level 3 [ 1 ], providing high level of security for valuable digital property. SafeNet Inc. Company developed four basic kinds of tokens ikey: ikey 1000, ikey 2032, ikey 3000 and ikey Each kind has different amount of internal memory and supports different number of functions. Token ikey 1000 provides basically only safe storage of data, the other three types facilitates operations with stored data and other cryptographic operations as generating and verifying passwords, implementation of digital signature etc. Basic algorithms of symmetric and asymmetric cryptography are used. 3.3 Technology RSA SecurID Other approach to the problem of two factor authentication is technology developed by RSA Company. RSA SecurID system is based on periodical changes of the authentication key. Each SecurID authenticator contains unique symmetric key, which is combined by certain algorithm to generate a code, so-called one-time password (OTP). New OTP is being generated every 60 seconds. Every generated code is then by AES (Advanced Encryption Standard) algorithm encrypted and displayed on integrated screen. Each authenticator is by patented technology synchronized with authentication server, thus high level of security is ensured. During login to the system is the user asked to enter one-time password, by which he proves the possession of a token and he also needs to enter persona identification number PIN knowledge of information is proved. Combination of a PIN and one-time password is very difficult to guess for an attacker and even if he manage to find the right combination, after 60 seconds it is useless. For companies, dependent on wide token distribution to provide secure access for all employments is reliability of the tokens very important. RSA authenticators offer high level of reliability. SecurID Tokens are designed for the worst environmental conditions. They are able to resist quick temperature changes, mechanical exertion or submerge to the water. Before installation is each token subject to extensive tests. 31

3 Every user gets assigned one token, each of them generates different one-time password. System SecurID offers not only classical hardware tokens, but also software and on-demand tokens, which enable to use devices the use already has, as device for generating the code notebooks, cell phones, PDA. working with all kinds of platforms. Agent sends authentication requests of users to RSA Authentication Manager, where user authentication is performed. After verifying user identity, access to the system is allowed Hardware authenticator Advantage of hardware authenticators is no need for installing any other applications. Also no further initialization is necessary, the tokens are immediately ready. Only symmetric initialization key has to be uploaded to the authentication manager and synchronization follows. Five different RSA SecurID hardware authenticators exist. Basic version is RSA SecurID 700, which is designed as a key fob. This type contains only display with the one-time password. Every 60 seconds new password generated by AES algorithm is displayed. Extended version is RSA SecurID 800, where en USB connector and integrated smart chip are added. As supplement to one-time password generator it offers also storage for digital certificates for authentication, digital signature and file encryption applications. Device can store several combinations of user names and passwords for access to different applications. If the token is inserted to USB port, given application can automatically access the passwords, so the user does not have to log in to each application separately. Different physical elaborations of same authenticator are RSA SecurID 200 and RSA SecurID 520 models. These authenticators have size and shape of credit card and again very durable case. Both models have display with one-time password. Model SecurID 720 has in addition a keyboard where the user enter his PIN, final code on display is then hash of combination of actual one-time password and PIN Software authenticator Goal of software authenticator is to lower number of things the use has to carry to be able to securely access the system. Software authenticators offer same level of two factor authentication as hardware authenticators. Software tokens employs the same algorithms as hardware tokens, the symmetrical key is saved in users computer instead of in the token. RSA SecurID software tokens supports smartphones BlackBerry, iphone and smartphones with Java and with operational systems Windows Mobile and Symbian. From computer OS, MS Windows and Mac OSX are supported RSA Authentication Agent User requests for access are accepted by RSA Authentication Agent, either from local or distant stations (by VPN). RSA Authentication Agent is integrated in existing systems, applications and consoles, which serve as gate for remote access to the server, VPN networks firewalls, web servers etc. Many modifications exist for different applications, which are RSA Authentication Manager Core of the RSA SecurID system is RSA Authentication Manager, which maintain used database, handle authentication requests and allows access to the system. RSA Authentication Manager offers possibility of centralized management of whole system, creation of hierarchical structure of users and administrators, and all of that with full support of secure remote access. Entire communication with Authentication Agents is secured, as well as all important aspects of system user names and passwords, server databases and remote administration. System also uses logical evaluation of attack attempts or use of stolen tokens. Because RSA Authentication Manager is centralized system, failure of one central server would take down whole system, the central database and Authentication Manager are installed on more servers, so-called replicas. Replicas provides backup of user database and enable user authentication on more servers. In comparison with SafeNet technology has RSA SecurID several advantages. Verification of possession of a token is proceed by copying one-time password from token display, so no reader is necessary. Second advantage is periodical password change, so even in a case of revealing of the password, the attacker has only 60 second to use it. Last advantage is in impossibility of copying the tokens. 4 Deployment of two factor authentication In our laboratory, both technologies were deployed for educational purposes. From SafeNet the ikey 3000 was chosen together with open source software. RSA SecurID is more complex technology and original software had to be used with RSA SecurID 200 and RSA SecurID 800 tokens. 4.1 Two-factor authentication with ikey 3000 The ikey 3000 tokens [7] were selected because they also support RSA standard PKCS #15 (Public-Key Cryptography Standards: Cryptographic Token Information Format Standard) [8]. PKCS #15 allows using an alternate cryptographic token interface for independence on the support from manufacturer. Tokens ikey 3000 are products of SafeNet, Inc. For working with the tokens an infrastructure is necessary to build. The infrastructure is based on Open Source Software. 32

4 4.1.1 Security infrastructure building The tokens are only medium, but for their fully usage the whole infrastructure is necessary to build. The security infrastructure is shown in Figure 1. Figure 1 consists of clientserver model on each side. In Figure 1 is also outlined the layers division by Reference model ISO/OSI. Figure 1: Security Infrastructure. In the infrastructure are used applications that represent the Open Source Software projects. As can be seen in Figure 1, most of the applications are running on Application layer of Reference model ISO/OSI. On a client side the complex of applications that supports operating system for working with tokens is involved on Application and other lower layers. This support is represented by the OpenSC project [9]. For the communication HTTPS is used, which establish connection on Application layer. A base of this protocol is SSL/TLS that operates on lower layers. For the successful connection establishing a web server on a server side and a web browser on the client side are used. The web server is powered by Apache HTTP Server [10] and as the web browser can be used standard web browser compatible with certificates and tokens, Mozilla Firefox and Microsoft Internet Explorer etc. The connection is secured by certificates issued by a certification authority. The certification authority is created by the OpenSSL project [11]. The description of the Open Source Software projects used in the infrastructure is given in Table 1. Open Source Software project OpenSC Web browser Apache HTTP Server OpenSSL Description Operating system support for tokens Client's application compatible with certificates and tokens Web server that provides secure connection establishing Certification authority that issues certificates Table 1: Open Source Software projects description. Server As a basic system on the server the GNU/Linux operating system is used. Into this operating system Open Source Software projects as the appropriate services are installed. The server then provides services such as certification authority and web server. Certification authority is created by the OpenSSL project and issues server s and client s certificates with matching private keys. The web server is powered by Apache HTTP Server. Apache HTTP Server is set up for connection establishing via HTTP and HTTPS. With HTTPS connection is used a mutual authentication. During one session of the mutual authentication the client's certificate as well as server certificate is proved. Client In most cases is the client represented by a user computer. As an operating system on the user computer can be used GNU/Linux as well as Microsoft Windows. The aim of this solution is creating the client that could be independent on the platform of the operating system. On the user computer it is suitable to install standard web browser compatible with certificates and tokens. In our case we use Mozilla Firefox. Support for tokens is supplied by the OpenSC project. Project OpenSC consist of many parts, but two main are OpenCT and OpenSC. Project OpenSC is developed for the GNU/Linux operating system. The ported version for the Microsoft's operating systems is already available Working with tokens The clients' certificates can be stored in secured key storage of web browser (software) or into the tokens (hardware). We use tokens for our purpose. The OpenSC project serves for management of the tokens. The whole process of working with tokens can be divided into two parts. First part is a management of tokens by administrator and second one is an client usage of tokens. The items of token life cycle are listed with description in Table 2. User Description Formatting Erase of old items Initialization re- Storing quired content Administrator Handover Operating system and applications setup Associate with cryptographic interface used Storing client's certificate with matching private key and often setup of an access PIN (Personal Identification Number) The token with the access PIN is given to end user Installation of supported drivers and link applications with token interface Usage Common user usage of token Return to administrator If a content of the token is out of date Table 2: Life cycle of working with token 33

5 4.1.3 Establishing secure connection via HTTPS with tokens When the whole infrastructure is built, appropriate setup is done and tokens are ready then clients can work together with server. The process of secure connection establishing between the client and the server consists of several points. In these points are the two-factor and the mutual authentication used. The two-factor authentication is realised by tokens. In to the tokens are stored client's certificate and matching private key. The validation of the client's certificate and the server certificate represents the mutual authentication. The process of connection establishing is following: the client tries to establish secure connection via HTTPS to the server the server accept incoming connection and send back the server certificate the client validates the server certificate if the server certificate is approved then the client input the access PIN to the token if the access PIN is correct then the client can put and check-up the own client's certificate the server validates the client's certificate if the client's certificate is approved then the secure connection is successfully established To establish the secure connection is necessary to accomplish each point of this listing. If only one point is disturbed then the whole connection is disconnected and client has to try establish a new connection from beginning. 4.2 Two factor authentication with RSA SecurID Each RSA SecurID token is delivered from manufacturer with related XML file. XML file contains information about each token serial number, initial key for generating passwords seed, date of activation of the token, date of expiration of the token and physical address. This information is important for the server for synchronisation with token. For deploying the tokens, XML file is uploaded to the RSA server and synchronisation is performed. Following paragraph describes part of the XML source code, installed for each token in RSA Authentication manager. All informations are in plain text, except the most important line Seed. Usual lifetime of the token is 4 years. <SN> </SN> <Seed>=nPjS+lF+Fv9ZXaBFok5aKA==</Seed> <Birth>2008/12/08</Birth> <Death>2012/03/31</Death> <TokenMAC>3tY44ro8dPXsYQK6Y6qdQ==</TokenMAC> The network structure consists of several parts. Heart of the system is server with installed RSA Authentication Manager, which administers all aspects of RSA Authentication System: user accounts, RSA SecurID tokens, policies, other support instances as replica servers and RADIUS server. Other part are user terminals, with installed instances of RSA Authentication Agent. User terminals can be desktop computers with Ethernet connection, wireless laptops or mobile devices. Each user has to use his own personal RSA SecurID token for successful log on to the system. User with the mobile device can use software RSA SecurID token in order to lower number of necessary things needed for authentication, since he carries the mobile device with him all the time. Brief structure is on Figure 2. Figure 2: Structure of RSA SecurID system Each user computer has RSA Authentication Agent installed for secure communication with RSA Authentication Manager. In the RSA Authentication Manager has been created a system of administration levels with hierarchical structure and with different policies for each level. The students were creating their own users profiles for each level and simulating a company network with main administrator and subordinate administrators. Important point of assigning rights to each administrator is correct set up of the policies at each level of administration structure. Only the main administrator has the rights to the whole system and for the all levels of the hierarchical structure. Subordinate administrators can administrate only part of the system and group of users assigned to them by main administrator. Subordinate administrators shall not have access to their own user account or to the accounts of others administrators. One of the other features of RSA SecurID system is RSA Authentication Client, a tool for secure log on to the system and for acces to the certificates stored within the token. RSA Authentication client supports only RSA SecurID 800 Authenticator, which is a universal device. For smart card use, it has a tiny smart card with an embedded chip and reader build into it. The smart chip is a microprocessor that can store and process data. For SecurID use, it has a panel that displays the SecurID tokencode. To use the SecurID 800 as a smart card, the user needs to insert it into the USB port of the computer. The user can then add a valid Windows account, digital certificate, or both to the smart card. For example, to configure Authentication Client to display the RSA logon prompts, the user sees fields to add a 34

6 Windows account (user name, password, and domain) to their smart card. This allows the user to log on to the computer by inserting the smart card and entering a PIN instead of manually entering a Windows account. While installing the full RSA Authentication Client product, a user interface RSA Control Center is also installed. The Control Center contains options that allow users to store certificates on the smart card and manage many other aspects of their authenticator. For example, the user can select options to change or unblock a smart card PIN, manage certificates and Windows accounts, copy the tokencode to log on to a SecurID application, and review authenticator details and logon requirements. You can also select a Group Policy Object setting to remove certain options from the Control Center. After synchronization the one-time passwords for each minute are calculated. Passwords can be saved in to the file and required time period can be chosen in the terms of minutes, hours, days, months or years. Figures 4 and 5 [12] shows a function of RSA SecurID Token Calculator and a way how an attacker can authenticate himself without physical possession of a token. For successful authentication, correct time synchronized with RSA server is necessary. But security of the RSA SecurID is not compromised, because for use of RSA SecurID Token Calculator the XML file is need. This file is delivered together with tokens, so only system administrator has access to this file. Also user password is still needed. Figure 4: Cain & Abel tool RSA SecurID Token Calculator [12] Figure 3: RSA Control Center One part of our work was to find a way of attacking this system. Only possible way how to break this system is to predict generated token numbers. One of the methods is described in following article Simulation of a hacker attack [12] Software Cain&Abel has a tool RSA SecurID Token Calculator to calculate generated one-time passwords in advance. For the reason of correct synchronization, it is necessary to have several one-time passwords for successful brake in to the system. To generate one-time passwords, Cain&Abel require XML file distributed with tokens, which contains information about token and initial key for password generating algorithms - seeds. After the import of XML file, serial number and seed of the token is displayed. Then the tool is synchronized with token by entering actual one-time password from the token. Figure 5: RSA SecurID token [12] 35

7 5 Fourth factor Last type of authentication can be system of knowledge of some person a factor somebody I know [13]. This principal of identification by an entrusted person is being used from the beginning of a mankind. In the electronic environment is this principal used to verify identity by or phone call. For practical implementation of this type of authentication is proposed a system of guarantees. Authentication is applied on a group of users, where one of the users with appropriate rights a guarantee, uses his authentication devices for emergency authentication of other user an applicant. This principle is fully applicable in RSA SecurID system. If a user lose or forget his authenticator, other user with appropriate rights his guarantee, can provide a temporary access by generating one time password, provided the user remembers his password. RSA Authentication Manager offers two versions of generating emergency token code a temporary fixed tokencode and a set of one time tokencodes. The former is a one tokencode with limited lifetime, while the latter is a set of tokencodes, each of them can be used only one time. RSA Authentication Manager also offers a possibility of denying authentication with the user hardware token for the case the token was stolen. Important part of this kind of authentication is user identity verification process. It is necessary to ensure that the guarantee correctly identifies a person he is guaranteeing for. If the user is identified by or phone, the authentication system is not sufficiently reliable. There are many methods of obtaining unauthorized access by so called social engineering, as described by Kevin Mitnick [14]. Some kind of a personal bond should be among guarantee and applicant. A proposal of fourth factor authentication is described in [13]. 6 Conclusion Two factor authentication provides secure and reliable way of identifying user during access to the system. Both technologies were successfully deployed in our laboratory and now help with education of computer security to students. The designed example is based on the secure infrastructure. For building whole infrastructure Open Source Software (GNU/Linux, OpenSC, Mozilla Firefox, Apache HTTP Server and OpenSSL) is used. In this solution the two-factor and the mutual authentication is realised. The two-factor authentication uses as the medium the ikey 3000 and RSA SecurID tokens. Into the tokens are stored the client's certificate and matching private key. When the user wants to use his token then he has to input access PIN because the token (first factor) is protected by the access PIN (second factor). The mutual authentication stands for proving certificates on both sides, i.e. on the client's computer and on the server. The work with tokens is divided into two parts, but if these parts would be joined together then the life cycle of the token usage is created. The first part is management by administrator and second one is common user usage. The whole communication model consists of several points when the certificates are validate on opposite side and on the client's computer is in addition used token with the access PIN. REFERENCES [1] SafeNet White Paper. Multi-Factor Authentication [online] Available: < [2] RSA White Paper. RSA SecureID Authenticators [online] Available: < [3] Security Reference Guide CDW. [online] Available: < [4] SafeNet The Foundation of Information Technology [online] Available : < />. [5] BRAINARD, John, JULES, Ari, RIVEST, Ronald. Fourth Factor Authentication: Somebody You Know [online] Available: < />. [6] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley, 2002 [7] SafeNet (Rainbow) ikey 3000 Datasheet [online] [cit ]. Available: < [8] RSA Laboratories PKCS #15: Cryptographic Token Information Format Standard [online] [cit ]. Available: < [9] OpenSC [online]. [cit ]. Available: < [10] Apache SSL/TLS Encryption Apache HTTP Server [online]. 2009, [cit ]. Available: < [11] OpenSSL: Documents, openssl(1). [online]. [cit ]. Available: < [12] SMÉKAL, L. Útoky pomocí programu Cain & Abel. Brno: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií, XY s. Vedoucí diplomové práce Ing. Jiří Sobotka [13] BRAINARD, John, JULES, Ari, RIVEST, Ronald.Fourth Factor Authentication: Somebody You Know [online] Dostupný z WWW: < />. [14] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley,

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Digital Signatures on iqmis User Access Request Form

Digital Signatures on iqmis User Access Request Form Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory GoldKey vs RSA Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory WideBand Corporation www.goldkey.com Analysis of Current Technologies

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

More information

RSA Authentication Manager 7.1 Administrator s Guide

RSA Authentication Manager 7.1 Administrator s Guide RSA Authentication Manager 7.1 Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Moving to Multi-factor Authentication. Kevin Unthank

Moving to Multi-factor Authentication. Kevin Unthank Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

RSA Authentication Manager 7.1 Basic Exercises

RSA Authentication Manager 7.1 Basic Exercises RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo

More information

Strong Authentication for Secure VPN Access

Strong Authentication for Secure VPN Access Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

SafeNet Authentication Client (Windows)

SafeNet Authentication Client (Windows) SafeNet Authentication Client (Windows) Version 8.1 SP1 Revision A User s Guide Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Secure Web Access Solution

Secure Web Access Solution Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Internet Banking Two-Factor Authentication using Smartphones

Internet Banking Two-Factor Authentication using Smartphones Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania

More information

Managed Portable Security Devices

Managed Portable Security Devices Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of

More information

A brief on Two-Factor Authentication

A brief on Two-Factor Authentication Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

More information

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

RSA Authentication Manager 8.1 Help Desk Administrator s Guide RSA Authentication Manager 8.1 Help Desk Administrator s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

Welcome Guide for MP-1 Token for Microsoft Windows

Welcome Guide for MP-1 Token for Microsoft Windows Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com

More information

Deploying Smart Cards in Your Enterprise

Deploying Smart Cards in Your Enterprise www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

Secure Authentication Managed Service Portfolio

Secure Authentication Managed Service Portfolio Secure Authentication Managed Service Portfolio Combating Corporate Identity Theft Signify Managed Authentication Services Signify offers a complete range of Secure Authentication and Identity Management

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on

More information

VMware Virtual Desktop Manager User Authentication Guide

VMware Virtual Desktop Manager User Authentication Guide Technical Note VMware Virtual Desktop Manager User Authentication Guide VMware Virtual Desktop Manager The purpose of this guide is to provide details of user authentication in VMware Virtual Desktop Manager

More information

Authentication Tokens

Authentication Tokens State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS

More information

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government. END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010

More information

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With

More information

ADVANCE AUTHENTICATION TECHNIQUES

ADVANCE AUTHENTICATION TECHNIQUES ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client Version 1.1 1/15/2013 This remote access end user reference guide provides an overview of how to install Citrix receiver (a required

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1 RSA Authentication Manager 8.1 Help Desk Administrator s Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

CRYPTOCard. Strong Two Factor Authentication

CRYPTOCard. Strong Two Factor Authentication CRYPTOCard Strong Two Factor Authentication CRYPTOCard Solutions Overview Cybercrime is a serious, real, and all-to-prevalent threat to networked assests. With the abundance of deployed workers requiring

More information

USER GUIDE WWPass Security for Windows Logon

USER GUIDE WWPass Security for Windows Logon USER GUIDE WWPass Security for Windows Logon December 2015 TABLE OF CONTENTS Chapter 1 Welcome... 3 Introducing WWPass Security for Windows Logon... 4 Related Documentation... 4 Presenting Your PassKey

More information

RSA Authentication Manager 8.1 Administrator s Guide

RSA Authentication Manager 8.1 Administrator s Guide RSA Authentication Manager 8.1 Administrator s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks

More information

Two-Factor Authentication Making Sense of all the Options

Two-Factor Authentication Making Sense of all the Options Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

French Justice Portal. Authentication methods and technologies. Page n 1

French Justice Portal. Authentication methods and technologies. Page n 1 French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication

More information

etoken Single Sign-On 3.0

etoken Single Sign-On 3.0 etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to

More information

Copyright Giritech A/S. Secure Mobile Access

Copyright Giritech A/S. Secure Mobile Access Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

A new Secure Remote Access Platform from Giritech. Page 1

A new Secure Remote Access Platform from Giritech. Page 1 A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

NASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)

NASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s) Frequently Asked Questions (FAQ s) November, 2013 This list of FAQs is a subset of a larger list derived by the Agency. This list is tailored to meet the needs of users at Headquarters. If you do not find

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

Apache Server Implementation Guide

Apache Server Implementation Guide Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042

More information

RSA SecurID Software Token 1.0 for Android Administrator s Guide

RSA SecurID Software Token 1.0 for Android Administrator s Guide RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

CA ArcotOTP Versatile Authentication Solution for Mobile Phones PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

Compliance and Security Challenges with Remote Administration

Compliance and Security Challenges with Remote Administration Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges

More information

Multi-Factor Authentication FAQs

Multi-Factor Authentication FAQs General FAQs What is Multi-factor Authentication (MFA)? Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Multi-Factor Authentication

Multi-Factor Authentication Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Mobile Admin Architecture

Mobile Admin Architecture Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile

More information

ViSolve Open Source Solutions

ViSolve Open Source Solutions ViSolve Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services ViSolve Inc. ViSolve Securing Digital Assets Contents Security Overview Security Concerns Security Needs

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

SafeNet Authentication Client (Mac)

SafeNet Authentication Client (Mac) SafeNet Authentication Client (Mac) Version 8.2 SP2 Revision A Administrator s Guide 1 Copyright 2014 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document

More information

The Security Behind Sticky Password

The Security Behind Sticky Password The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

More information

CASQUE SNR Presentation 16 th April 2015

CASQUE SNR Presentation 16 th April 2015 Presentation 16 th April 2015 What is it Distributed Management Systems Innovative Methodology from UK owned company with accompanying Protocol that allows Key Generation, Key Distribution and Key Change

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

www.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Secure Windows and Mac login by USB key www.rohos.com Rohos Logon Key Secure two-factor

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

MIGRATION GUIDE. Authentication Server

MIGRATION GUIDE. Authentication Server MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

White Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007

White Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007 White Paper Options for Two Factor Authentication Authors: Andrew Kemshall Phil Underwood Date: July 2007 Page 1 Table of Contents 1. Problems with passwords 2 2. Issues with Certificates (without Smartcards)

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015 Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction

More information

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012 Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal

More information

Alternative authentication methods. Niko Dukić/Mario Šale CS Computer Systems

Alternative authentication methods. Niko Dukić/Mario Šale CS Computer Systems Alternative authentication methods Niko Dukić/Mario Šale CS Computer Systems Table of contents: Authentication and why is it important Authentication methods RSA SecureID solutions for authentication Implementation

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

Allianz Global Investors Remote Access Guide

Allianz Global Investors Remote Access Guide Allianz Global Investors Remote Access Guide Web Address: http://remote.allianzgi-us.com/ Page 1 of 34 pages Please contact the Service Desk at Table of Contents 1. Introduction to the Remote Access Page

More information