Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have"
|
|
- Dulcie Tate
- 8 years ago
- Views:
Transcription
1 Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have" DIGIPASS Embedded Solutions White Paper DIGIPASS Embedded Solutions White Paper Page 1 of VASCO Data Security. All rights reserved.
2 DISCLAIMER Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express or implied, including but not limited to warranties of merchantable quality, merchantability of fitness for a particular purpose, or those arising by law, statute, usage of trade or course of dealing. The entire risk as to the results and performance of the product is assumed by you. Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect, incidental, special or consequential damages whatsoever, including but not limited to loss of revenue or profit, lost or damaged data of other commercial or economic loss, even if we have been advised of the possibility of such damages or they are foreseeable; or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers and suppliers shall not exceed the amount paid by you for the Product. The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term, or a fundamental breach. Some states/countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you. Copyright No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security Inc. Trademarks DIGIPASS & VACMAN are registered trademarks of VASCO Data Security. All other trademarks or trade names are the property of their respective owners. VASCO reserves the right to make changes to specifications at any time and without notice. The information furnished by VASCO in this document is believed to be accurate and reliable. However, VASCO may not be held liable for its use, nor for infringement of patents or other rights of third parties resulting from its use. DIGIPASS Embedded Solutions White Paper Page 2 of 14
3 CONTENTS Abstract Overview What is Authentication? The Factors of Authentication Multi factor Authentication Why Multi factor Authentication? The Authentication Dilemma VASCO Data Security and its philosophy The Need for Change Digipass Embedded Solutions Enabling a New Paradigm Why and How? Within the Computer Platform Within the Mobile Platform Within Existing Security Credentials and Smart Cards Within USB/SD/MMC/SIM (or any other) Memory Devices or Cards Within (or Packaged With) Security Software Conclusion DIGIPASS Embedded Solutions White Paper Page 3 of 14
4 ABSTRACT This paper outlines the need for improved security on a variety of Internet transactions such as ebanking, ecommerce, egaming, and egovernment. The proposed Digipass Embedded Solutions outlines a shift in multi-factor authentication (MFA): eliminating the need to distribute a specific device for security. Digipass Embedded Solutions proposes to enable a variety of devices to support MFA as a part of or in addition to their normal functions; leveraging the processing power and storage capacity that is now found in a multitude of ubiquitous devices. This solution approach improves customer adoption, enhances application security, and lowers the cost of the solution DIGIPASS Embedded Solutions White Paper Page 4 of 14
5 1. OVERVIEW There is a fundamental problem with exchanging sensitive information or performing valuable transactions over the Internet. In order to perform these tasks, we must have a high degree of confidence that the information being exchanged is passing to the proper individuals. This process is referred to as authentication and it is the critical first step in the exchange of any information via any network or the Internet. This paper will define authentication and discuss the problems that exist in the current environment and illustrate the need for improved and stronger authentication for access sensitive information. It will also cover some of the existing solutions implemented in a variety of markets and will outline, in detail, a new approach to delivering authentication solutions suitable for all markets and all geographies and applications. 1.1 WHAT IS AUTHENTICATION? Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Worth noting in that definition is that there is nothing about technology; authentication has been used long before the computer, the Internet, online banking, or mobile banking. For the purpose of this paper, we will assume that authentication is being used in the virtual realm, i.e. the Internet or a computer network of some kind. But, it is important to keep the basic premise of authentication in mind as we discuss technology options as all we are really attempting to do is identify someone or something. 1.2 THE FACTORS OF AUTHENTICATION With the basic definition of authentication established, we can discuss the varying factors used in verifying identity. They are: SOMETHING YOU KNOW this is normally a password or personal identification number (PIN) of some sort. This can also be answers to questions (e.g. what is your mother s maiden name, what color car did you learn to drive on, etc.). SOMETHING YOU HAVE this factor is commonly a bank card, driver s license, or hardware token or even car keys. SOMETHING YOU ARE this is biometric information such as a fingerprint, voice print, or the patterns in your eyes, to name a few. DIGIPASS Embedded Solutions White Paper Page 5 of 14
6 1.3 MULTI FACTOR AUTHENTICATION Of course, if there are three factors of authentication, there exists the possibility to combine these factors when verifying the identity of a user online. The use of more than one of the factors of authentication is called multi-factor authentication (MFA). Note: using more than one of the same factors does not constitute multi-factor authentication. Multi-factor authentication is not new, by any stretch. In fact, it predates the Internet by a long shot and every consumer has experienced it in some form or other. The most common example for all is your ATM card (something you have) and PIN (something you know). You must possess both of these factors to withdraw cash at an ATM. Or, your driver s license (something you have) and your face matching the picture on it (something you are). The catch in either scenario is that the issuing authority (your bank or your state) must identify you in some way to issue you the credentials; they are only as strong as that first identification. 1.4 WHY MULTI FACTOR AUTHENTICATION? In the vast majority of online experiences and logins, users are granted access to web sites and [often] confidential information based on the successful verification of a user ID and password. This access/approval method is referred to as a shared secret, meaning that, in order to prove you are who you say you are you must share a secret code with the verifying party. The problem with this methodology is that once you share the secret, it s not a secret anymore. This shared not-so-secret is also used for each authentication; providing for a very high number of occasions when the secret can be compromised. Multi-factor authentication is built on the premise of reducing the importance of the shared secret. The strength of the authentication becomes based not on the complexity of the shared secret password but rather on the strength of the second (or third) factor. In this model, instead of sharing the secret, we provide evidence that we are in possession of the secret. For VASCO, this means the generation of a one-time password, derived from the secret, verified by the authenticating party as matching the response that could only have come from that secret at that time or for that use. However, improving security has, historically, come with a trade-off. DIGIPASS Embedded Solutions White Paper Page 6 of 14
7 1.5 THE AUTHENTICATION DILEMMA Obviously, the pinnacle of security would be the combination of all three factors of authentication. However, if you had to swipe your fingerprint, insert a card, and type a password for every transaction or log-on you accomplish throughout the day, the frustration experienced would outweigh the security benefits. Further, such a system User would be cost prohibitive. Figure 1 illustrates the Convenience previously accepted security conflict. The figure shows that, as you design a system that is more secure (and therefore more costly), it will impact user convenience. Conversely, as you create a solution that is more convenient for the user, you will decrease the security of the solution (but likely drive down the solution cost). Security & Cost FIGURE 1: THE SECURITY CONFLICT DIGIPASS Embedded Solutions White Paper Page 7 of 14
8 2. VASCO DATA SECURITY AND ITS PHILOSOPHY VASCO s philosophy is to provide a solution (or solutions) that will place this system in balance for every customer. Figure 2 represents VASCO s Digipass authentication solutions as they exist today, a family approach to authentication all designed to work on one single infrastructure. Any VASCO customer can add or deploy any/all of our solutions without having to make any changes to their existing set-up. The solutions are designed to provide a broad range of alternatives that can satisfy the demands of any customer ranging from the most secure (higher cost, lower user convenience), to the most user friendly (lower cost, lower security). Traditionally, these solutions have been delivered via the use of onetime password hardware tokens. FIGURE 2: VASCO S FAMILY OF AUTHENTICATION SOLUTIONS DIGIPASS Embedded Solutions White Paper Page 8 of 14
9 Hardware Digipass are amazingly practical when used for securing customer-facing applications where the user-base is non-transient; meaning they stick around for a while. If the customer remains a customer for years (not days, weeks, or months), the authenticating party can distribute hardware Digipass to the user base and justify the cost of the solution over a period of years. VASCO s success to-date has been primarily, in the worldwide online banking market having deployed solutions to more than 1,700 banks and 100+ million end-users worldwide. 2.1THE NEED FOR CHANGE VASCO s impressive success also reveals a need to expand beyond the traditional authentication business. While 100+ million end-users is an impressive statistic, taken in the context of the actual penetration rate into those banks, there is dramatic room for growth. Assuming that most banks average 500k customers VASCO s success reveals a need to expand beyond traditional business online (most of larger banks have tens of millions of customers) that equates to a potential banking base of 600+ million. Or, in other words, we have roughly 20% penetration. There is a specific reason why that base has not been served yet: they are not practical candidates for hardware Digipass. Yet, the remaining base of banking clients still merits additional authentication; an alternative is needed to deliver security to the remainder of that base. Additionally, other channels require strengthened authentication like: ecommerce, egaming, egovernment, to name a few. Many of these customers are transient or are at such large scale that the traditional hardware Digipass model will not suffice to penetrate deeply into those markets. DIGIPASS Embedded Solutions White Paper Page 9 of 14
10 3. DIGIPASS EMBEDDED SOLUTIONS Digipass Embedded Solutions (DES) represents the latest evolution of VASCO s continued market leadership and vision. In recognizing the evolution of the worldwide authentication market and the demand for more convenient, portable, and cost-effective methods of adding security to all online applications and functions, VASCO has embarked on a mission to add authentication on any platform, at any time, for any application. The mission The purpose of DES is to transform multi factor authentication from something you have to something you already have. statement of DES is to work to Digipass Enable as many client devices as possible by targeting industry-leading partners with user bases exceeding 1,000,000 deployed individuals; the objective being to create such a wealth of enabled devices that VASCO becomes the de facto worldwide standard for authentication. This enabling changes the authentication process from one that involved the distribution of a device to the end-user to one that simply provisions the security to a device they have. Again, all of this is to be accomplished in such a way as to ensure the interoperability of these embedded solutions for existing VASCO customers. DIGIPASS Embedded Solutions White Paper Page 10 of 14
11 4. ENABLING A NEW PARADIGM As mentioned, the mission of DES is to Digipass Enable as many client devices as possible. In practical terms, DES will work with industry leaders to leverage the processing power and storage capacity of consumer electronics that have become ubiquitous such as mobile phones, smart cards, software applications, computer components, USB drives, etc. In figure 3, we see the typical hardware Digipass. This device is merely a container for a few elements: the activation button, the display, the secret, and the encryption technology. By extension, any device that has the ability to securely contain information can be enabled to perform the same functionality. Of course, at some point, interaction with a display is also required to show the one-time password to the end-user. In essence, the FIGURE 3: HARDWARE purpose of DES is to transform multi-factor authentication from something you have to something you already have. 3.1WHY AND HOW? Digipass Embedded Solutions challenges the previously accepted beliefs with regard to security. As mentioned earlier, the premise has been that, as you improve user convenience, you decrease the cost of the solution as well as the security. With an embedded approach, costs are inherently lower: there is nothing physical to deploy (in most cases). Therefore, the equation changes from having to sacrifice security for the sake of cost or convenience to one where security can become the cornerstone of any online application (fig.4). Also noteworthy in figure 3 is that user convenience is removed from the equation: with authentication deployed on a device that they have shown they want to carry. ecommerce egov't Security ebanking egaming FIGURE 4: SECURITY AS CORNERSTONE OF EMARKETS The following sections outline a few examples where embedding an authentication credential is practical and the pros and cons of each type of offering. Note: this is not intended to be a comprehensive listing but rather a basis upon which to build. DIGIPASS Embedded Solutions White Paper Page 11 of 14
12 WITHIN THE COMPUTER PLATFORM Considering that the vast majority of end-users around the world still connect to the Internet via their laptop or desktop, the first place that comes to mind for embedding an MFA credential is within the computer that individual is using. Pros: resident on the computer, potential for seamless use by user, device has large storage capacity and can support complex operations, can be used to authenticate virtually all channels Cons: not portable, connected to Internet (potential exposure to attack and remote misuse), cannot authenticate mobile channel, requires multiple profiles for users that have/use multiple PCs. WITHIN THE MOBILE PLATFORM Embedding the MFA credential in the mobile platform can take two different routes to completion. The credential can be embedded within the components of the phone/mobile device itself (similar to the example above) or, the credential can be embedded within an application that is resident on the mobile phone. Perhaps the best example of this model is Mobile Banking or Mobile Commerce/Wallet. Pros: can be used to authenticate all channels (mobile, traditional Internet, VPN, etc.), portable, convenient, not connected to Internet Cons: operating systems are currently limited in functionality, not all users have mobile technology or are willing to put authentication on their device. WITHIN EXISTING SECURITY CREDENTIALS AND SMART CARDS Excepting the United States, smart cards have become the accepted standard for banking cards (credit/debit). For a number of years, these cards have had the capability to include MFA credentials working with market leaders allows for the deployment of MFA credentials to be proactive and included as a standard offering. In many corporate environments, users carry access cards or credentials of some sort that grant them physical access to particular areas, buildings, etc. These cards are now leveraging smart card technology whereby a smart card chip (visible or not) is embedded within the plastic. For several years now, the technology has existed to embed an authentication credential on these chips for allowing physical AND logical access to employees. Pros: already carried by employees/staff, convenient style (fits in wallet), low cost and high security DIGIPASS Embedded Solutions White Paper Page 12 of 14
13 Cons: requires a reader of some sort to be used to display the one-time password, backward compatibility (most physical access cards in circulation today do not have the chip yet) WITHIN USB/SD/MMC/SIM (OR ANY OTHER) MEMORY DEVICES OR CARDS Another source of storage/security that has become so commonplace they often go unnoticed. A high percentage of mobile devices, laptops, desktops, cameras, even MP3 players have the ability to expand their on-board memory using a variety of methods. The emerging trend for these memory devices is to be able to have an element within them that is secure; a perfect place to embed an MFA credential. Pros: ultra portable, inexpensive, used in a multitude of devices, sold commercially Cons: diversity of marketplace, must be inserted into something for use, users don t typically remove a SD (or other) card portability would depend on the device used, backward compatibility with deployed devices WITHIN (OR PACKAGED WITH) SECURITY SOFTWARE Again, the aim of DES is to embed a security credential in something the user has. Most users have some sort of security software installed on their platform to protect it from misuse. This is another logical place to include an MFA credential both from a security perspective but also from the standpoint of user comprehension. Pros: user education is minimal, security software is updated regularly (allowing for updates to the MFA credential) Cons: not all users have security software, diversity of marketplace, potential exposure to Internet and attacks DIGIPASS Embedded Solutions White Paper Page 13 of 14
14 5. CONCLUSION Clearly, the Internet is here to stay. However, there is a fundamental problem with attempting to do business over the Internet: the need to positively identify the parties involved. To date, most attempts at verifying consumers and customers fall woefully short of the needed security, relying heavily on one single factor of authentication: the password. The problem with using the password is that, once it is learned by an unauthorized party, it is nearly impossible to distinguish the proper individual from a criminal. Multi-factor authentication (MFA) is one effective method for disrupting this type of crime. MFA diminishes the importance of the user s password and adds a second layer of security to the online experience. Until now, VASCO s offering in the MFA arena has been via the use of one-time password (OTP) tokens. In response to the increased need of MFA in a variety of online channels (egaming, egovernment, ecommerce), VASCO has launched an initiative of Digipass Embedded Solutions. Under this initiative, VASCO intends to Digipass Enable a variety of devices that consumer and customers already have. This removes the burden of distributing a physical device to the end-user and, instead, places security on something that they have purchased (or have been given), increasing adoption, usage, and customer acceptance while lowering the cost of the solution to ensure high scalability for Internet markets of today and beyond. For more information about Digipass Embedded Solutions visit intel_itp.aspx DIGIPASS Embedded Solutions White Paper Page 14 of 14
User Authentication for Software-as-a-Service (SaaS) Applications White Paper
User Authentication for Software-as-a-Service (SaaS) Applications White Paper User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 1 of 16 DISCLAIMER Disclaimer of Warranties
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationMIGRATION GUIDE. Authentication Server
MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationDIGIPASS Authentication for Citrix Access Gateway VPN Connections
DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer
More informationThe 4 forces that generate authentication revenue for the channel
The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and
More informationDIGIPASS Authentication for Check Point Connectra
DIGIPASS Authentication for Check Point Connectra With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 21 Disclaimer Disclaimer of Warranties and Limitations
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationIntel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
More informationDIGIPASS Authentication for Cisco ASA 5500 Series
DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations
More informationIdentikey Server Getting Started Guide 3.1
Identikey Server Getting Started Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without
More informationDIGIPASS Authentication for GajShield GS Series
DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and
More informationDigipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started
Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Getting Started Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of
More informationDIGIPASS Authentication for Windows Logon Getting Started Guide 1.1
DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or
More informationDigipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide
Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Installation Guide Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationSecure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security
Secure your business DIGIPASS BY VASCO The world s leading software company specializing in Internet Security Secure Your Business A secure and flexible work environment Today s workforce needs to use
More informationDIGIPASS as a Service. Google Apps Integration
DIGIPASS as a Service Google Apps Integration April 2011 Table of Contents 1. Introduction 1.1. Audience and Purpose of this Document 1.2. Available Guides 1.3. What is DIGIPASS as a Service? 1.4. About
More informationDIGIPASS Authentication for Check Point Security Gateways
DIGIPASS Authentication for Check Point Security Gateways With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 38 Disclaimer Disclaimer of Warranties and
More informationBlackBerry Enterprise Solution and RSA SecurID
Technology Overview BlackBerry Enterprise Solution and RSA SecurID Leveraging Two-Factor Authentication to Provide Secure Access to Corporate Resources Table of Contents Executive Summary 3 Empowering
More informationThe Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway
The Essentials Series: Enterprise Identity and Access Management Authentication sponsored by by Richard Siddaway Authentication...1 Issues in Authentication...1 Passwords The Weakest Link?...2 Privileged
More informationDIGIPASS Authentication for Windows Logon Product Guide 1.1
DIGIPASS Authentication for Windows Logon Product Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions,
More informationSafeNet Cisco AnyConnect Client. Configuration Guide
SafeNet Cisco AnyConnect Client Configuration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and
More informationHIPAA: THE CRITICAL ROLE OF STRONG AUTHENTICATION
WHITE PAPER HIPAA: THE CRITICAL ROLE OF STRONG AUTHENTICATION The goal of this white paper is to highlight the aspect of HIPAA that pertains to patient privacy and authentication and the technologies that
More informationDIGIPASS Authentication for SonicWALL SSL-VPN
DIGIPASS Authentication for SonicWALL SSL-VPN With VACMAN Middleware 3.0 2006 VASCO Data Security. All rights reserved. Page 1 of 53 Integration Guideline Disclaimer Disclaimer of Warranties and Limitations
More informationBlackShield Authentication Service
BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationIntel Identity Protection Technology (IPT)
Intel Identity Protection Technology (IPT) Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Steve Davies Solution Architect Intel Corporation 1 Copyright
More informationIndustry Briefing: Security of Internet Payments - Legislative Developments in Europe
Industry Briefing: Security of Internet Payments - Legislative Developments in Europe Copyright 2015 VASCO Data Security. All rights reserved. No part of this publication may be reproduced, stored in a
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationDIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access
DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations
More informationCA ArcotOTP Versatile Authentication Solution for Mobile Phones
PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding
More informationIDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape
IDENTITY & ACCESS BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape Introduction How does your enterprise view the BYOD (Bring Your Own Device) trend opportunity
More informationCopyright 2005-2007 MyPW LLC.
Simple & Secure Authentication It's common knowledge that most people use the same or similar passwords wherever they have an online account. Because of this, it can only take one security breach for Identity
More informationTake the cost, complexity and frustration out of two-factor authentication
Take the cost, complexity and frustration out of two-factor authentication Combine physical and logical access control on a single card to address the challenges of strong authentication in network security
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationHow Secure is your Authentication Technology?
How Secure is your Authentication Technology? Compare the merits and vulnerabilities of 1.5 Factor Authentication technologies available on the market today White Paper Introduction A key feature of any
More informationSecure the door to your business
Secure the door to your business Extranet Portal Security Summary Page 1 - Secure the door to your business Page 2 - Case Study Bebat Page 3 - Case Study SD Worx Page 4 - Case Study YOB Page 5 - Case Study
More informationStrong Authentication for Juniper Networks
Strong Authentication for Juniper Networks SSL VPN SSO and OWA with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright
More informationGrow revenues and profits while securing online subscription accounts
APPLICATION NOTE Grow revenues and profits while securing online subscription accounts www.vasco.com Copyright 2013 VASCO Data Security. All rights reserved. No part of this publication may be reproduced,
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationINTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass
INTEGRATION GUIDE DIGIPASS Authentication for F5 FirePass Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data Security
More informationBuilding Secure Multi-Factor Authentication
Building Secure Multi-Factor Authentication Three best practices for engineering and product leaders Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, 94107 info@okta.com I 1-888-722-7871 Introduction
More informationStrong Authentication for Microsoft TS Web / RD Web
Strong Authentication for Microsoft TS Web / RD Web with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationDIGIPASS Authentication for Sonicwall Aventail SSL VPN
DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties
More informationProtect Your Customers and Brands with Multichannel Two-Factor Authentication
SAP Brief Mobile Services from SAP SAP Authentication 365 Objectives Protect Your Customers and Brands with Multichannel Two-Factor Authentication Protecting your most valuable asset your customers Protecting
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationApplication Note. Intelligent Application Gateway with SA server using AD password and OTP
Application Note Intelligent Application Gateway with SA server using AD password and OTP ii Preface All information herein is either public information or is the property of and owned solely by Gemalto
More informationStrong Authentication for Juniper Networks SSL VPN
Strong Authentication for Juniper Networks SSL VPN with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationWHITE PAPER. Identikey Server 3.1 Strong Authentication solution for On-Demand Applications and SaaS
WHITE PAPER Identikey Server 3.1 Strong Authentication solution for On-Demand Applications and SaaS Emerging trend: SaaS and Online Applications for every market Software deployments are shifting from
More informationAuthentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationMulti-Factor Authentication
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationTwo-Factor Authentication
Chen Arbel Vice President, Strategic Development Authentication Unit & Software DRM Aladdin Knowledge Systems Two-Factor Authentication The key to compliance for secure online banking Legal Notice Copyright
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationIdentikey Server Windows Installation Guide 3.1
Identikey Server Windows Installation Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,
More informationSafeNet Authentication Service
SafeNet Authentication Service Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep
More informationVASCO Consulting Services
VASCO Consulting Services OVERVIEW OF ALL VASCO CONSULTING SERVICES 1. VASCO Consulting Services BEFORE your implementation S trong authentication for e-banking: overview and best practices Two-factor
More informationIdentikey Server Performance and Deployment Guide 3.1
Identikey Server Performance and Deployment Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is'
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationGuide to building a secure and trusted BYOID environment
e-healthcare e-gaming e-insurance e-commerce e-banking e-government Guide to building a secure and trusted BYOID environment Bring-Your-Own-Identity is not new. People have been using their social media
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationRohos Logon Key for Windows Remote Desktop logon with YubiKey token
Rohos Logon Key for Windows Remote Desktop logon with YubiKey token Step-by-Step Integration Guide. Tesline-Service S.R.L. 10 Calea Iesilor str., Chisinau, MD-2069, Moldova. Tel: +373-22-740-242 www.rohos.com
More informationMulti-Factor Authentication Core User Policy and Procedures
Multi-Factor Authentication Core User Policy and Procedures Core Users with access to other people s sensitive or restrictive information must use one-time passwords (OTP) generated from approved fobs
More informationSafeNet Authentication Service
SafeNet Authentication Service All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the sole right to
More informationIDENTIKEY Server Windows Installation Guide 3.2
IDENTIKEY Server Windows Installation Guide 3.2 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationWhat the Future of Online Banking Authentication Could Be
Universal Banking Solution System Integration Consulting Business Process Outsourcing Banking on Internet and mobile is gaining popularity The Pew Internet & American Life Project Tracking survey of December
More informationEXECUTIVE VIEW MYDIGIPASS.COM. KuppingerCole Report. by Alexei Balaganski August 2013. by Alexei Balaganski ab@kuppingercole.
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski August 2013 by Alexei Balaganski ab@kuppingercole.com August 2013 Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges...
More informationSecuring end-user mobile devices in the enterprise
IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate
More informationHyper-V Installation Guide. Version 8.0.0
Hyper-V Installation Guide Version 8.0.0 Table of Contents 1. Introduction... 1 1.1. About this Document... 1 1.2. Documentation and Training... 1 1.3. About the AXS GUARD... 1 1.3.1. Introduction... 1
More informationSecurity Token User Guide
TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 FUNCTIONS OF THE TOKEN... 3 1.2 SECURITY FEATURES OF THE TOKENS... 3 1.3 TOKEN INTERFACE... 3 1.4 VASCO TOKEN REPLACEMENT... 4 1.5 DEFINITIONS AND ACRONYMS...
More informationStrong Authentication for Microsoft SharePoint
Strong Authentication for Microsoft SharePoint with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationCisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.
Cisco ASA Implementation Guide (Version 5.4) Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID,
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationHARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY
HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY INSTEAD OF A SECURITY PROBLEM, ENDPOINTS BECOME PART OF THE SECURITY SOLUTION SUMMARY The internet and mobility have made enterprise
More informationConfiguration Guide. SafeNet Authentication Service AD FS Agent
SafeNet Authentication Service AD FS Agent Configuration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationCOM Port Stress Test
COM Port Stress Test COM Port Stress Test All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording,
More informationIntroductions 1 min 4
1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes
More informationImplementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID
Implementation Guide for Juniper SSL VPN SSO with OWA with BlackShield ID Copyright 2009 CRYPTOCard Inc. http:// www.cryptocard.com Copyright Copyright 2009, CRYPTOCard All Rights Reserved. No part of
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationIDENTIKEY Server Product Guide 3.0 3.1
IDENTIKEY Server Product Guide 3.0 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without
More informationMaking Endpoint Encryption Work in the Real World
Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy
More informationConfidence in Commerce: Enabling e-banking and online services with two-factor authentication
Abstract The combination of online banking s rising popularity and the increasing number of online services offered by financial organizations indicates a bright future for e-banking. However, to maximize
More informationStrong Authentication for Cisco ASA 5500 Series
Strong Authentication for Cisco ASA 5500 Series with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationApplication Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista
Application Note Gemalto Access Client for windows smart card and EFS on Microsoft Windows Vista nicolas.bataille@gemalto.com hassen.frikha@gemalto.com November 2007 www.gemalto.com All information herein
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationIntegration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess
SafeNet Authentication Service Integration Guide SAS Using RADIUS Protocol with Microsoft DirectAccess Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet,
More informationMoving to Multi-factor Authentication. Kevin Unthank
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
More informationFrequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More information