Entrust Secure Web Portal Solution Livio Merlo Security Consultant September 25th, 2003 1
Entrust Secure Web Portal Solution Only the Entrust Secure Web Portal solution provides Security Services coupled with Security Management to enable a high-value web portal Ł Builds the foundation for stronger relationships with customers, partners, and employees through personalization Ł Extends portal ROI by broadening integration of content, apps and services 2
Entrust Secure Web Portal Solution = Web Portal + Security Services + Security Management Personalized access and security management for a broad range of content, services & transactions 3
Entrust Security Services Security Management Authentication Authenticating and Protecting identity to enable personalized relationships and accountability for transactions Authorization Providing Personalized Access and Authorization to transactions and information based on Rights & Privileges Encryption Enforcing Privacy and Confidentiality of transactions and relationship information Digital Signatures Ensuring transactions and information are Authentic, Accountable, and have Integrity 4
Authentication & Web Single Sign-on End User Portal Enterprise Applications User authentication via one or more: Username / Password LDAP NTLM Tokens Digital ID Smart Cards Biometrics Microsoft Passport Liberty Alliance Mobile ID Server Single Sign-On Identity passed onto App Server for further personalization GA ID JSmith Legacy App Online Banking Trading Mortgage Legacy ID JSmith DayTradeKing SmithJ Identities can be mapped to legacy apps 5
Authentication: Digital ID Ł Ł Ł Involves the use of digital certificates & keys Use of secret, local information (that only the user has) to prove their identity Certified information from a third-party (a certificate ) to identify the user Passwords never sent over the Internet Only used to access secret, local information (that only the user has) Passwords are not stored anywhere, don t have to change, and can be short and easy to remember Can be enhanced with additional factors, such as smart cards & biometrics 6
Authentication: Finding the Right Return Highest Confidence in Authentication Value Value of Transaction Transaction Digital ID User Name / Password + Entrust Mobile ID Server Digital ID + Smart Card/Biometric Digital ID + Entrust Mobile ID Server Hard Tokens Additional Factors: Challenge & Response 3 rd party tokens Lowest Lowest User Name / Password Cost of Deployment Highest 7
Access Management & Authorization Ł Provide appropriate level of access for each individual, based on their relationship with the organization Enables personalization Lowers the cost, reduces development time and removes the pain of securing applications individually Manages risk as more services and applications are moved to the Web 8
Access Management & Authorization Ł Access Management for protecting access to sensitive information Ł Use of robust Roles and rules-based Access Control system so that only designated participants can access data Ł Standards leveraged (SAML) to ensure interoperability while still delivering privacy Web Servers App Servers ß Directory/ Database 9
Authorization Applications Rules Roles User Access New Products Location Customer John Smith Customer List Price List Time Authentication Method Sales Partner John Smith Single Sign-on New Products Price List Financial Reports Finance Customer List 10
Personalization End User Portal Enterprise Applications Web Servers App Servers Who is this? What is their role? Personalized data, content and services Personalization delivers: Ł Increased customer loyalty and retention Ł Targeted delivery of new services for greater up-take Ł Reduced administration costs 11
End-to-End Encryption Ł Higher value/sensitive transactions cannot be integrated if information is at risk of being exposed Ł Confidentiality and privacy protection through bidirectional encryption of data from browser to back-end Ł Protection against theft of customer data from web servers Ł Global Impact: Gramm-Leach- Bliley Act, HIPAA and EU directive on data security & privacy 12
End-to-End Encryption Bi-directional Encryption for end-to-end protection Use of public-key encryption so that only designated participants can access transaction contents Protection for stored data and messages on desktops, laptops, devices or servers End-to-end, Persistent Bi-directional Encryption Directory/ Database Web Servers App Servers 13
End-to-End Encryption Basic SSL Model: does not secure end to end Web Browser encrypt decrypt exposed Web Server encrypt decrypt exposed Back End Server Security ensures data is protected end-to-end Bi-directional encrypt still encrypted! decrypted only as required Web Browser Web Server Back End Server 14
Digital Signatures Ł Ł Ł Ł Verifies identities Users, applications or devices involved in the transaction Provides accountability through electronic proof of transactions Entire context of document can be signed Entire context of html page can be signed Time stamped receipts Ensures data integrity Any alteration of digitally signed data is easily detected Accelerates processes and reduces paperwork Complex transactions can be signed Compliance with Federal requirements 15
Digital Signatures Ease of Use Ł No user software installation Ł No dialog boxes for roaming Ł Security is transparent Ł Integrated into site s existing look and feel Ł User self-enrollment Ł User password resets 16
Entrust Security Management Transparent & Automatic Management ŁSelf-service 24x7 convenience ŁSupports automatic migration from existing usernames + passwords ŁSupports additional information requirements for registration ŁEliminates expensive password resets 17
Entrust Security Management Broad Transaction Support Ł Entrust solutions enable customers to extend and leverage their security investment across client/server, Web portal and Web services applications Client/Server Web Portal App-Specific Employee Partner Customer Web Portal Web services Enterprise Applications Web services Intra-organization Supplier Buyer 18
Let s See It v.1.0 19
In summary 20
Solution Components Security Service User Experience Business Benefits Authentication Single sign-on across multiple applications Increase user productivity Strengthen relationships Authorization Privacy Personalized access to content & services Access controls to sensitive information Improve user experience with personalization Improve confidentiality of data Provide value-add services Portal ROI Basic SSL Security Secure session (browser lock) Provide basic protection of data and transactions Complement additional security services (Entrust GetAccess, Entrust TruePass) 21
Solution Components Security Service User Experience Business Benefits Strong Authentication Personalized access to a broad range of high value content, services and transactions Tighten business processes online Drive competitive advantage Deliver new differentiated services Digital Signatures Encryption Accountability & integrity of transactions Confidence that personal and sensitive information is private (end-to-end encryption) Accelerate processes Comply with regulations Portal ROI Digital ID Lifecycle management Automated lifecycle management Centrally managed policies Self-service user admin Minimize administration costs Provide ease of use Increase ease and speed of deployment 22
Solution Components Security Service User Experience Business Benefits Web Services Security Server-based security abstracts requirement from individual applications to a central point of use and management Ease of integration Accelerate delivery of new services Minimize costs Authentication Authorization Personalized access to a broad range of high value content, services and transactions Personalized access to a broad range of high value content, services and transactions Enhance user experience and improve customer communication Tighten business processes online Drive competitive advantage Deliver new differentiated services Portal ROI Digital Signatures Accountability & integrity of transactions Accelerate business processes Encryption Confidence that personal and sensitive information is private (end-to-end encryption) Comply with regulations 23
Entrust Security Management Ł Modular deployment Addressing projects incrementally as needed Security Management Ł Extensible investment Leveraging the existing platform to increase ROI Ł Broad platform & application support Working with multiple environments Ł Transparent & automated management Lowering TCO through ease of deployment, use & admin Ł Broad transaction support Integrating with transactions today and tomorrow 24
Extensible Investment Ł Investment in Secure Web Portal is easily leveraged across additional applications thereby increasing ROI Secure Web Portal Secure Web Services Secure Desktop Applications Secure Identity Management Identity & Security Mgmt 25
The Value in Return Ł Improve ROI Lower the cost of providing access to core business functions for employees, partners and customers Reduce operating costs through streamlined processes online and greater efficiencies Increase revenue opportunities through greater up-sell cross-sell opportunities Ł Protect corporate assets Avoid financial losses and brand damage associated with theft of intellectual property, strategic information, customer records, etc. Binding Audit record corporate governance, legislation 26
www.entrust.com Livio.Merlo@entrust.com