Authentisierungslösungen von Safenet: Das Beste aus beiden Welten On-Premise und Cloud Insert Your Name Insert Your Title Bernd Stamp Insert Date HSM & Authentication Presales Consultant IT-Security 28. August 12 Quelle: google.de
Legal Notice 2010 SafeNet, Inc., and/or Aladdin Knowledge Systems Ltd. All rights reserved. Information provided is confidential and proprietary to SafeNet, Inc. ( SafeNet ) and Aladdin Knowledge Systems, Ltd. ( Aladdin ). Neither SafeNet nor Aladdin assume any responsibility or liability for the accuracy of the information contained in this presentation.
Agenda etoken Modulares-Konzept Neuigkeiten und Ausblick SafeNet / CryptoCard SafeNet Authentication Service
etoken Modulares-Konzept
SafeNet Data Protection Portfolio Übersicht Authentisierungslösungen Transaktions- und Identitätsschutz - HSM Datenverschlüsselung- und Kontrolle Data Secure Kommunikationssicherheit High-Speed Network Encryption Offering the broadest range of authenticators, from smart cards and tokens to mobile phone auth all managed from a single platform The most secure, and easiest to integrate application & transaction security solution for enterprise and government World s first and only unified platform that delivers intelligent data protection and control for ALL information assets SafeNet high-speed network encryptors combine the highest performance with the easiest integration and management. > The industry s only unified authentication platform offering customers the freedom to adapt to changing environments > The market leader in certificate-based token authentication > Unique technology offerings with client-less tokens, high-assurance solutions, and more > Market leader in enterprise-grade HSMs > Industry innovator in payment HSMs > Widest portfolio of platforms and solutions > Delivered over 75,000 HSMs the most in the industry > Only leading HSM with the option of keys ALWAYS in Hardware > Data-centric, persistent protection across data centers, endpoints, and into the cloud > Centralized policy, key management, logging, and auditing > Integrated perimeter data leakage prevention > Appliance-based, proven scalability, and high performance > Solutions for Ethernet, SONET up to 10Gb > Best-in-class Security Management Center > Zero bandwidth loss, low- latency encryption > Unparalleled leverage across classified and COTS communication protection (FIPS 140-2 Level 3)
Mix&Match um auf individuelle Anforderung des Benutzers ein zu gehen!
SafeNet & CryptoCard
Product Line Strategie Investition in Mobile Authentisierung Context MobilePASS Enterprise Authentication aas & on-premise Platform Konvergenz SafeNet Authentication Service (SAS) SafeNet Authentication Manager (SAM) 8
etoken Modulares-Konzept
etoken Hardware
etoken Hardware
etoken SmartCard - Bauformen etoken 5100 / etoken Virtual USB SmartCard etoken 4100 etoken 5100 im SmartCard Formfaktor etoken 7000 Hybrid Device bestehend aus: One-Time Password und SmartCard etoken 7100 Hybrid Device bestehend aus: Verschlüsseltem Flash-Speicher und SmartCard
OTP Authentikatoren etoken 3000/3010 Compact and portable OTP token Event Synchronous & Time Synchronous etoken 3400 MobilePass Tokens Windows Mobile devices SMS - Short Message Service SMTP - Simple Mail Transport Protocol BlackBerry / Android iphone J2ME-enabled devices Windows / Win Mobile Advanced OTP Tokens (i.e. Challenge/Response) etoken 3200 etoken 3300
Neuigkeiten und Ausblick
SafeNet etoken 7300 (aka NG-Flash) Features Kapazität bis zu 64GB Flash Driverless Flash Token für portable Applikationen Zentralisiertes Management (integriertes Pin - Policy Management für Flash und SmartCard) Basierend auf der Common Criteria zertifizierten SmartCard FIPS 140-2 (Level 2 and 3) Zertifizierung für Flash und SmartCard Innovatives Design Schedule Beta Q3 2012 GA Q4 2012
SafeNet etoken 5115, 5205, 4110 Features Mask 10 Extended memory Contactless ECC FIPS 140-2 Certification and Common Criteria SSCD EAL 4+ Neues SafeNet Branding (SafeNet Design Language) Performance Steigerung Schedule: H2 2013
SafeNet etoken 3000 & 3010 (aka etoken Pass) Features Neues Design 8 Digit support Batterie Indikator SafeNet Branding FIPS Zertifiziert Schedule: H2 2013
SafeNet etoken 7000 (aka NG-OTP) Features 8 Digit display Time-based support TOTP Neues Design Initialisierung durch SAM Common Criteria zertifiziert Schedule: GA Q2 2013
Management Systeme (on-premise)
Management Systeme
Was ist für mich das richtige System? SafeNet Authentication Manager SafeWord 2008 (i.p. SAM express) Multiple authentication solutions (PKI, OTP, credentials, Hybrid, Software) Extensive management with SAM Scalable in terms of management and authentication solutions Multiple security applications: digital signature, password management, VPN, Network access Available SDKs for specific solutions OTP only solution i.e. for Citrix, VPN remote access, Domain logon Easy integration with AD Simple plug and play deployment Managed through ActiveDirectory Users & Computers Specific OTP scenarios: SMS, SMTP, Challenge-Response, PIN protected OTP.. Upgrade path to SAM
SafeNet / CryptoCard
In 3 Schritten zur Cloud basierten Authentisierung Allgemeine Architekture und Komponenten My Blackshield Server in the cloud My Repository Access Point
Allgemeine Architekture und Komponenten Secure Gateway Directory Server/ Webserver/ Virtualization etc. LDAP Sync Agent
My Blackshield Server in the cloud Secure Gateway Directory Server/ Webserver/ Virtualization etc. LDAP Sync Agent
Einführung in SaaS Authentisierung BlackShield Cloud delivers authentication-as-a-service bringing organisations the cost reduction, simplicity and flexibility benefits of SaaS-style authentication It provides: A full virtual enterprise authentication server - ready to go in minutes and available 24*7 Powerful management portal with extensive choices Highly secure infrastructure and effective service delivery Unrivalled commercial models SafeNet Confidential and Proprietary
My Blackshield Server in the cloud Administrator Portal Administrator Portal Rules & Reporting Engines Rules & Reporting Engines North America PoP EMEA PoP Self-service portal Self-service portal Token Repository Provisioning Token Engine Repository User Repository User Repository Authentication Engine Provisioning Engine Authentication Engine Tier 4 DataCenter TIA-942 und BS27001 99,999 % Uptime Ready to go Einfache Anbindung Browser basiert Mandantenfähig Vielzahl an Funktionen Encrypted durch Kundenspezifischen Schlüssel Automatische Provisionierung Schnelle Integartion/Anbindung Detailliertes Berichtswesen SafeNet Confidential and Proprietary
Multi-Tier und Mandantenfähige Verwaltung Delegated Managed Subscriber Subscriber A Virtual Service Provider Subscriber B Enterprise Subscriber (Virtual Service Provider) Region 1 Region 2 Mandantenfähigkeit Verwaltung mehrere Organisationen/Kunden innerhalb eines Systems Sicherheit durch Encryption und Trennung von Berechtigungen Delegierung Administrativer Rollen Region 3
My Repository Secure Gateway Directory Server/ Webserver/ Virtualization etc. LDAP Sync Agent
Einfache Integration in Ihre Umgebung BlackShield Cloud supports any user store Manuel user creation bulk imported via.csv files created locally Corporate Network Sync my Repository Simple Agent installed on any server No hardware required SQL, LDAP, AD,ODBC, Lotus, Novell, Others via custom field mapping Secured using SSL links Read only / Non intrusive Multiple domains Full customisation Zero schema change LDAP / Active Directory / User Source Corporate Network LDAP / Active Directory / User Source Corporate Network LDAP / Active Directory / User Source SafeNet Confidential and Proprietary
Umfangreiche Token Vielfalt
Automatische Verarbeitung und Provisionierung OR SafeNet Confidential and Proprietary
Access Point Secure Gateway RADIUS Server Agent Migration Directory Server/ Webserver/ Virtualization etc. LDAP Sync Agent
Protect everything: Netzwerke, Applikationen und Cloud Dienste VPN Firewall Citrix USB Tokens JAVA Tokens BlackBerry Tokens SMS Tokens SSL VPN Citrix CAG, WI, AAC RADIUS Agents / API s Outlook Remote Web Workplace Terminal Services Smartphone Tokens IIS NPS/IAS Agents Web Apps Unix Logon Software Tokens Key Chain Tokens Grid Tokens Credit Card Tokens Apache Linux/Unix SAML LDAP Synchronisation Agent Migration Agent SafeNet Confidential and Proprietary
Protect everything: Netzwerke, Applikationen und Cloud Dienste Dedicated SP and subscriber admin portals SafeNet Confidential and Proprietary
Business and Product Consolidation Cloud Strategie Phased approach to bringing broad authentication capabilities to SafeNet s Cloud Service Phase 1 Integrate HSM in cloud service for OTP seed protection Unified hardware token support - SafeNet token support SafeNet Branding Phase 2: Beyond OTP - Context-based authentication support Unified mobile/software token support Intel IPT support for software token Enhanced Cloud SSO portal Phase 3: Support for certificate-based authentication Certificate lifecycle management of cards, tokens and mobiles Unified authentication solution for on-premise and service
Vielen Dank etoken - The missing link