3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

Size: px
Start display at page:

Download "3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company"

Transcription

1 3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company

2 Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented a wire that could quickly Wiegand is plain text. Wiegand data is not encrypted and switch its magnetic polarity when exposed to the magnetic follows a simple and well-known format, making it very easy information on wires embedded in a card and then accurately to copy. transmit this information electrically as a series of on and off signals through the wire to an electronic sensor. In a Wiegand system, the key is not the card, but the binary number magnetically written on the card and transmitted through the Wiegand reader and wires as a series of 0 s and 1 s. Attached to the other end of the Wiegand reader was a control device, which could check the number against authorized numerical keys for that door. In the 1970 s and 1980 s, this was the hottest technology in In the first decade of the 21st To better understand this, take out century, physical security your smart phone. You are holding technology, like other technologies, in the palm of your hand more has advanced at blinding speed. technology, more capabilities, more Physical access control, digital software, more memory, and more surveillance, building automation, computing power than the guidance and intrusion alarms now offer computers that sent Apollo 11 to the unprecedented features and moon and back in capabilities in security. 1 Contemporary access readers can In other words, if access control boast the same level of technological technology in the 20th century sophistication. The modern access was about opening doors, it means reader outpaces the average 1970 s something different in the 21st access reader in much the same way century. It means intelligent, as your smart phone surpasses the secure, and scalable biometric rotary phone. readers and data networks as well as open software platforms that can accommodate any number of business applications and changes in standards. However, the typical physical access reader, which is overflowing with impressive computing power, is still tethered to a technology the Wiegand interface that hasn t But despite this, most 21st century changed since the Apollo 11 went access control systems are still to the moon. wired into old technology. The Apollo Guidance Computers (AGC), years ahead of their time, boasted 12K read-only memory, 1K RAM, clocked in at 1 MhZ, and could perform 11 instructions simultaneously. Needless to say, a $20 cellphone handily beats the AGC in computing power. 1 access control. However by the late 1980 s, Wiegand reader technology had been replaced by better and more secure proximity readers such as encrypted credentials, smart cards, Radio Frequency Identification (RFID), and biometrics; all of which crowded out the older Wiegand reader technology. Yet the new technologies were still hard-wired into the old Wiegand communications rather than more sophisticated and secure data communications. The reason for this is that the Wiegand wiring was already installed in most people s walls and the majority of access readers still sent data upstream through the Wiegand interface. This is a mistake that has had economic impact in the security and usability of access control systems. Wiegand is easily intercepted. Wiegand IDs read from a Wiegand connection can be easily reproduced and replayed. Wiegand only uses one-way communication. Mutual authentication a cryptographic handshake never occurs between the reader and the access control system. As far as the control system is concerned, any Wiegand ID coming through the Wiegand wires must be from the reader. In the most simplified sense, the technology of secure access control relies on one or more basic components: What you have for instance, a key, a smart card, or a token. What you know as when you use a password or Personal Identification Number. What you are your unique biological characteristics that can be measured and compared, such as fingerprints, facial characteristics, or other biometric information. Technological innovations in access security reader systems over the decades have been designed to lock down the security of these three access control components. (continues on following page...)

3 For example, the latest Personal Identification These technologies make it nearly impossible for Verification (PIV) devices require the following: unauthorized people to hijack, copy, or use any combination Users must present a card that has been issued after they have been checked against an FBI database search. Each card must include encrypted data about the user such as PIN, PKI certification, and biometric information. Users must present the card to the device, input a PIN, and present one or two live fingerprints. The reader must be able to verify the card, match of these components in order to gain access to controlled areas unless the readers are wired into a legacy Wiegand system. When a smart card or biometric reader is wired to a Wiegand interface as most of them are then no matter what the input or how formidable the encryption, the reader will generate an open-format, unencrypted Wiegand ID from the match and send the old Wiegand ID to a controller. In other words, at the credential level, the reader can the fingerprint, and verify access with a Certifying function at the highest, most customizable, and most bullet- Authority. proof security level the technology permits. But once the reader starts communicating with the controller, the technology reverts to the most insecure, least adaptable, and most easily stolen and copied format possible. Wiegand Lives in a Gecko World At the 2007 Defcon 15 Hacker Conference, a local Bluetooth device, thus compromising biometric security hacker unveiled an easily and cheaply devices that do not use access cards. A mobile phone constructed device called the Gecko. This device enabled Gecko allows an attacker to control access required less than $10 worth of parts and 12 hours of systems from anywhere in the world through a cell labor. The Gecko was created and easily wired to the phone or any other cellular device, such as a tablet Wiegand through a card reader. Once connected, the computer. device recorded the unencrypted identification data transmitted through the wires. Using a magnetic stripe replay card, the hacker then signaled the Gecko device to replay the recorded data back into the Wiegand wires so the controller erroneously opened the door 2. Over the years, the Gecko has gained a number of terrifying new capabilities. A newer version of the Gecko includes a flash chip that allows the device to record data from multiple access cards for future download. A Bluetooth-enabled Gecko allows the attacker to access and replay reader data through any Zac Franken, a DefCon staffer, created a hacking device named Gecko at the conference in His presentation exposed the vulnerability of electromagnetic coupling, also known as Wiegand, involving security access control systems. ( 2 With such simple advances, the Gecko has ushered in the possibility that stolen Wiegand IDs may be traded on the Internet black market in the same way as stolen credit card information.

4 Alternatives to Wiegand The issues discussed above can be seen as the true cost of intelligent reader must provide a correct password for that legacy Wiegand systems. The system turns all readers, no challenge for the transmission to be accepted as valid. matter how intelligent, versatile, and secure, into dumb readers that are potentially no more secure than readers from forty years ago. So what is the impact if we dispose of the legacy Wiegand This means: a hacker cannot replay data from some other device and fool the controller or system. :: One Time Passcodes wires? The more advanced data lines such as ethernet, A One-Time Passcode validates a transmission between intelligent readers and access control systems deploy readers and controllers, but for one and only one transaction. technologies that are nearly impregnable to hacking or A new passcode is required for the next transmission or circumvention. This is detailed below: transaction the old one is obsolete as soon as it is used. :: Ethernet encryption This means: a hacker cannot record a passcode and replay Using intricate algorithms, readers and other devices can encrypt the data they transmit through the network and it to fool a controller or other device in the access control system. render the transmission unintelligible to anything but the By being connected to more advanced data lines, intelligent receiving device. readers also offer the promise of developing custom This means: a hacker cannot gain any meaningful information from the data transmitted by a reader over the Ethernet data line. :: Challenge-response protocols When a reader transmits data to a controller or other device, the reader can be authenticated through a challenge code the applications at the reader through software development kits (SDKs) and application programming interfaces (APIs). Therefore, integrators and customers can add, remove, Beyond Wiegand replace, or modify a reader s security functions without In access control, the concepts of intelligence sacrificing the security of the system. Most importantly, and security should apply to more than just the reader can adapt to evolving access control security readers and technologies so they encompass standards and improvements in technology. device connections and transmissions as well. To begin this process, the catalyst must come from new, more advanced and intelligent readers that exploit the full security potential of ethernet data connections. An example of this next generation of versatile, intelligent readers is 3M Cogent s Make It Yours (MiY) products, a complete line Connections between devices using Wiegand or of sophisticated and customizable multi-factor similar connections, such as RS232, are simply biometric access control terminals. unintelligent electrical connections. Data network connections, such as ethernet, are logical and intelligent connections. Thus, the same high level of security that is built into smart cards, biometrics, and access control readers can be logically configured into Ethernet transmissions as well. Each 3M Cogent MiY reader provides the highest level of security and fully realizes the security capabilities of ethernet reader connections. The MiY reader communicates over TLS-encrypted Ethernet, has full PKI-compliant solutions, and uses the highest NIST-approved encryption standards. The Wiegand has been a standard in access control but data transmitted from the MiY reader is protected it does not mean that this method should become and secure. a permanent speed bump on the access control landscape. Instead, the Wiegand method as the standard should devolve when customers realize the vulnerability of Wiegand, and Wiegand wires should be replaced with intelligent and secure data lines. These advances require an upgrade from the Wiegand standard. This means that accelerating technological improvements and evolving security requirements from the standard must be the only real change.

5 Security Systems Division 3M Cogent, Inc. 639 North Rosemead Boulevard Pasadena, CA U.S.A Please recycle. Printed in the U.S.A. 3M is a trademark of 3M. Cogent logo is a trademark of 3M Cogent. 3M Cogent, Inc v.αx All rights reserved. a 3M Company

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Entrust IdentityGuard

Entrust IdentityGuard +1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's

More information

Longmai Mobile PKI Solution

Longmai Mobile PKI Solution Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2

More information

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Frequently Asked Questions and Answers 2011 CardLogix Corporation. All rights reserved. This document contains information

More information

Smart Cards and Biometrics in Physical Access Control Systems

Smart Cards and Biometrics in Physical Access Control Systems Smart Cards and Biometrics in Physical Access Control Systems Robert J. Merkert, Sr. Vice President of Sales Americas Biometric Consortium 2005 Conference September 21, 2005 All Company and/or product

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Biometrics in Physical Access Control Issues, Status and Trends White Paper Biometrics in Physical Access Control Issues, Status and Trends White Paper Authored and Presented by: Bill Spence, Recognition Systems, Inc. SIA Biometrics Industry Group Vice-Chair & SIA Biometrics Industry

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

W.A.R.N. Passive Biometric ID Card Solution

W.A.R.N. Passive Biometric ID Card Solution W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

More information

SYMMETRY PRODUCT OVERVIEW

SYMMETRY PRODUCT OVERVIEW ACCESS CONTROL The Symmetry Security Management Systems provides powerful integrated solutions for organizations requiring Access Control and Integrated Security. Solutions are available for organizations

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview DATASHEET ACCESS CONTROL Product Overview SYMMETRY The AMAG Technology range of Security Management Systems provides powerful integrated solutions for organizations requiring Access Control and Integrated

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

More effective protection for your access control system with end-to-end security

More effective protection for your access control system with end-to-end security More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

More information

A Security Survey of Strong Authentication Technologies

A Security Survey of Strong Authentication Technologies A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Audio: This overview module contains an introduction, five lessons, and a conclusion. Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules

More information

RFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

RFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY INSTEAD OF A SECURITY PROBLEM, ENDPOINTS BECOME PART OF THE SECURITY SOLUTION SUMMARY The internet and mobility have made enterprise

More information

Access Control in Commercial Applications. Is the future of commercial building security built in, or bolted on? A discussion paper

Access Control in Commercial Applications. Is the future of commercial building security built in, or bolted on? A discussion paper Access Control in Commercial Applications Is the future of commercial building security built in, or bolted on? A discussion paper Author: Damian Marsh, Managing Director UK, ASSA ABLOY Access Control

More information

3M Cogent, Inc. White Paper. Facial Recognition. Biometric Technology. a 3M Company

3M Cogent, Inc. White Paper. Facial Recognition. Biometric Technology. a 3M Company 3M Cogent, Inc. White Paper Facial Recognition Biometric Technology a 3M Company Automated Facial Recognition: Turning Promise Into Reality Once the province of fiction, automated facial recognition has

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

More information

How TraitWare TM Can Secure and Simplify the Healthcare Industry

How TraitWare TM Can Secure and Simplify the Healthcare Industry How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability

More information

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table

More information

True Identity solution

True Identity solution Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright

More information

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1

More information

US Security Directive FIPS 201

US Security Directive FIPS 201 Security US Security Directive FIPS 201 Compliance Strategies Learn about compliance strategies for governmental agencies in meeting requirements of Homeland Security Presidential Directive 12 (HSPD-12),

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

L-1 Fingerprint Reader Solutions. V-Flex 4G

L-1 Fingerprint Reader Solutions. V-Flex 4G L- Fingerprint Reader Solutions V-Flex 4G 4G Biometric Performance Redefined with a Flexible and Powerful Device to Secure any Size Premises Advanced Features Large Template Storage Capacity (0,000 in

More information

Alarm over IP. What is Alarm over IP? How does Alarm over IP work? Intrusion Systems White Paper Series Alarm over IP

Alarm over IP. What is Alarm over IP? How does Alarm over IP work? Intrusion Systems White Paper Series Alarm over IP Intrusion Systems White Paper Series Alarm over IP Alarm over IP What is Alarm over IP? Alarm over IP is the ability for security and fire alarm systems to transmit alarm signals over IP networks such

More information

AD-Series. Selection Guide

AD-Series. Selection Guide AD-Series Selection Guide The first step in our design process: Listening. We wanted to know exactly what you needed in a security solution. So we asked. We asked hundreds of questions and received thousands

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,

More information

Remote Access Security

Remote Access Security Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Strong Authentication. Securing Identities and Enabling Business

Strong Authentication. Securing Identities and Enabling Business Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions

More information

Advanced Biometric Technology

Advanced Biometric Technology INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring A White Paper from the Experts in Business-Critical Continuity TM Executive Summary With continued efforts to reduce overhead,

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

Today, there are three major initiatives for cards and credentials. Every security

Today, there are three major initiatives for cards and credentials. Every security What s the Near Future Hold for ID Cards & Credentials? Jeremy Earles, Ingersoll Rand Security Technologies Portfolio Marketing Manager-Credentials & Readers Today, there are three major initiatives for

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

solutions Biometrics integration

solutions Biometrics integration Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability

More information

22 nd NISS Conference

22 nd NISS Conference 22 nd NISS Conference Submission: Topic: Keywords: Author: Organization: Tutorial BIOMETRICS - DEVELOPING THE ARCHITECTURE, API, ENCRYPTION AND SECURITY. INSTALLING & INTEGRATING BIOMETRIC SYSTEMS INTO

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Testing Overview [Document subtitle]

Testing Overview [Document subtitle] 10/16/2015 ZigBee Penetration Testing Overview [Document subtitle] PURE INTEGRATION Introduction Penetration testers have been focusing on wireless technologies for over a decade now, and industry researchers

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity

More information

Secure communications via IdentaDefense

Secure communications via IdentaDefense Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital

More information

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00 PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

How did Wiki Leaks happen?

How did Wiki Leaks happen? How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201. PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Problems of Security in Ad Hoc Sensor Network

Problems of Security in Ad Hoc Sensor Network Problems of Security in Ad Hoc Sensor Network Petr Hanáček * hanacek@fit.vutbr.cz Abstract: The paper deals with a problem of secure communication between autonomous agents that form an ad hoc sensor wireless

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

Device-Centric Authentication and WebCrypto

Device-Centric Authentication and WebCrypto Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the

More information

Securing Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly

Securing Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order

More information

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement

More information

Protect Your Customers and Brands with Multichannel Two-Factor Authentication

Protect Your Customers and Brands with Multichannel Two-Factor Authentication SAP Brief Mobile Services from SAP SAP Authentication 365 Objectives Protect Your Customers and Brands with Multichannel Two-Factor Authentication Protecting your most valuable asset your customers Protecting

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006 HSPD-12 Implementation Architecture Working Group Concept Overview Version 1.0 March 17, 2006 Table of Contents 1 PIV Lifecycle... 3 2 High Level Component Interaction Diagram... 4 3 PIV Infrastructure

More information

Self-Encrypting Hard Disk Drives in the Data Center

Self-Encrypting Hard Disk Drives in the Data Center Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

The Benefits of an Industry Standard Platform for Enterprise Sign-On

The Benefits of an Industry Standard Platform for Enterprise Sign-On white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed

More information

Time Clocks for Employee Attendance Tracking

Time Clocks for Employee Attendance Tracking Time Clocks for Employee Attendance Tracking InfoTronics, Inc. Whitepaper Time clocks record employee attendance information including start, end, and lunch break times. This information is then shared

More information

Best Practices in Access Control

Best Practices in Access Control Best Practices in Access Control Table of Contents Introduction...1 Choosing the Right Reader and Card Technology...2 Relative Security of Commonly Used Card Technologies...2 Use Proper Key Management...3

More information

Chapter 15 User Authentication

Chapter 15 User Authentication Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric

More information

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee Marquee Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Securing the Workplace Executive Summary OPTIMIZE TODAY S WORKPLACE Protecting

More information

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page

More information

Tailored integration to suit you

Tailored integration to suit you UTC Fire & Security Integrated Systems Platforms Tailored integration to suit you We listened to you A majority of the Fortune 100 companies have chosen UTC Fire & Security for their integration needs.*

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed

More information

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Multi-Factor Authentication

Multi-Factor Authentication Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on

More information

Symposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda

Symposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda 2010 Finance & Business Operations Symposium (FBOS) PCI Compliance Cort M. Kane COO, designdata Judy Durham CFO, NPES Kymberly Bonzelaar, Sr. VP Capital One Richard Eggleston, Sr. Project Director, TMAR

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Closing Wireless Loopholes for PCI Compliance and Security

Closing Wireless Loopholes for PCI Compliance and Security Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop

More information

Smart Card: The Computer in Your Wallet

Smart Card: The Computer in Your Wallet Smart Card: The Computer in Your Wallet MIPS Technologies, Inc. June 2002 Smart cards, credit-card-size pieces of plastic incorporating a silicon chip, comprise the highest volume computing platform. Roughly

More information