1. Smart Card Forum Prague
Evolution of Authentication market & Beyond
New challenges for enterprises
Jérôme Soufflot
EMEA Channel Team
Marketing & Bus development

2. Gemalto: Security To Be Free
More than just a company tag line…it is why we exist
Communicate Shop Travel
In ways that are
convenient,
enjoyable and
Bank Work secure
2

3. Gemalto’s Secure Personal Devices
…are in the hands of billions of individuals worldwide
1.5 billion secure devices – Produced and personalized in 2009
200 million citizens – Received a Gemalto produced e-Passport
500 million people – Carry a Gemalto produced credit card
400 mobile operators – Connecting 2 billion subscribers
30 years experience – designing/producing secure personal devices
3

4. Global Leadership Position
Top producer of:
SIM cards and UICC (1)
Over-The-Air platforms(2)
Chip payment cards(4)
Chip-based corporate security solutions(1)
e-Passports (3)
Innovation leadership examples
Ezio optical reader for online banking
YuuWaa – Combines flash memory with online services
*Source: (1) Frost & Sullivan; (2) Gemalto (3) Keesing Journal of Identity ; (4) The Nilson Report
4

5. Entreprises
5

6. Since 2007 and Beyond
Even more devices and…
…more ways to run Applications

7. Security of mobile workforces:
Top Concern for end users and IT Managers
Source Cisco -2010
extract Cisco Connected World report
7

8. Enterprise & Employee Identity ?
“An identity is a set of claims one principal makes about another
principal in the context of an established relationship”
Username /PW Passport
Smartcards Picture
Name
Address
Telephone
IP-Address Mobile
Biometrics
Fax
Building
Room #

9. Security is a Balancing Act
Must balance between
Strength and Usability
10

10. Why Strong Authentication?
Protecting digital assets is a critical need for every business
Provides protection from unauthorized access
Provides audit trail of individual access activity
Increases security while being easy to use for the employee
Easy to deploy for the administrator
Enterprise computing infrastructures — on premise,
hosted, or in the cloud — demand rigorous attention to
who, what, where, when, and how a person or an entity
accesses data. Security solutions must verify and
provide assurance that those requesting access are
indeed who and what they say they are.
– Sally Hudson IDC 2010
11

11. Risk of Weak Authentication
Would you leave your house without locking the door?
Unauthorized access
Data theft of digital assets (Intellectual Property)
Loss of brand reputation and customer trust
No audit trail – compliance ramifications
Data breaches cost U.S. businesses an average of
$6.75 million per breach
- Ponemon Institute, 2009 Study
12

12. Online Security concerns reach the public domain
Increasing number of attacks and breaches
 Wikileaks – Thousands of secure documents obtained
and released due to unencrypted data transmission.
 Epsilon– Millions of email records were recently
compromised when a hacked was able to gain
unauthorized access to outsourced email marketer
Episilon’s data store.
 RSA – Security vendor RSA was victim of an advanced
persistent threat which resulted in compromising their
most valuable intellectual property.
 Sony Playstation Network –Fraudsters have obtained
data on around 70 million online video gamers. Details
including their names, addresses, dates of birth,
passwords, security questions and credit card details.
Web giants proposing now Strong Authentication options to
their users
13

13. Choose Authentication Appropriate
Security level
•Mix authentication
Biometry method on the same
device
•Select appropriate
Cost
Security level justified
PKI for specific enterprise
use case
•Complete IT security
already deployed by
OTP credentials protection
14

14. Protiva SA Server
The Heart of Protiva Strong Authentication
Validation server supporting OTP authentication
 Standards based technology
 Tokens - OATH event based or time based
 Mobile App – Time based with time stamping
Web based administrator interface for user management
User self-care portal for registration and password back-up
Easily integrates with existing infrastructure
 Established integrations with leading infrastructure technology
 Databases – MySQL, MS SQL, Oracle, IBM DB2, etc.
 User Data Repository – Microsoft AD, Novel eDirectory, Sun One, Open LDAP, etc.
 Authentication Service – HTTP/HTTPS, SOAP, SAML 2.0, XML, RADIUS, Microsoft
IAS/NPS, etc.
5/2/2011 16

15. First level Gemalto answer
Protiva Mobile OTP
2-factor authentication (OTP)
Application installed on the mobile
phone which allow users to
securely generate a One-Time
Password (OTP) using their mobile
phone as a token.
Out-of-band time based OTP
Combination of security and User ID: MyID
convenience of one time Password: ********
password generated on a
OTP: 189763
mobile device
Integrated in Protiva
SA Server for convenient
central administration
17

16. Why Protiva Mobile OTP?
Increasing part of Mobile usage (Smartphone..) in
Enterprise context
The true advantages of mobility with the appropriate
security level
Easy user adoption:
 Simple to use for enrolment and OTP generation
 No additional hardware to carry
Easy to deploy and manage by administrator
SA Server support large types of devices which allow
adapted security solution
Optimizing TCO of security
18

17. Gemalto SA Server Devices
OTP Sec
OTP OTP PKI Flash
SA Mobile-OTP
SA SMS-OTP Smart Guardian
OTP OTP on display
OTP OTP PKI
OTP
SA Server
OTP OTP connected
PKI
PKI support
Physical access
SA Easy OTP V3 SA .Net Dual Sec Secure storage
Flas
h
OTP PKI OTP OTP PKI
OTP PKI
.Net Card with
.Net Card OTP reader
.Net Key
19

18. Mobility & Cloud will accelerate market change
More Smartphones + Notebook than Desktop PCs
Q1/10: 54Mu 48Mu 32Mu
(IDC, Strategic Analytics)
With the same connectivity demand, whatever the
device
 I want to access my social network on my mobile
 I want to read my company’s encrypted emails while traveling
 I want to pay my parking with my handset
20

19. Market Drivers for SAAS security
Increase in Enterprise adoption of Hybrid model
Proliferation of SaaS and Federated SSO
Quick time to market/deployment
Differentiator for businesses
Helpdesk cost of supporting passwords
Regulatory Compliance
 FFIEC, PCI-DSS, European Data Protection Directive, HIPAA/HITECH, SOX
21

20. First level of Service in the Cloud
Ex : Device Administration Services (SAS)
 Issuance and Administration of Gemalto .NET based devices
 End User Gemalto .NET devices management
 Change PIN
 Remote PIN Unblock
 View device info (diagnose)
 View Certificate on device
 Delete Certificates, load P12 file Small Midmarket
 Modify PIN Policy (DAS 2.0) Business
<25 PCs 25-500 PCs
 Administrator .NET devices management 1-49 50-1,000
 Remote PIN Unblock employees employees
 Reset Gemalto .NET devices
 Activation and personalization of End User devices:
– End-user Administration Key diversification
– Default PIN Value
– Number of PIN attempts
22

21. Protiva - A Flexible Authentication Solution
Easily Implement Strong Authentication
Protiva Strong Authentication Service
 A Hosted OTP solution
Hosted Strong Authentication Service Provides:
 Complete On Boarding and Device Fulfillment
 Flexible billing solutions
 Web based portal for device management
 Option for complete management of authentication
servers (No CAPEX)
On Premise Authentication Option
 Complete fulfillment for token provisioning
 Protiva SA Server on premise for authentication
(managed by company IT)
 Web based portal for user maintenance
5/2/2011 23

22. Hosted Strong Authentication Service
Corporate Network Protiva Strong
Authentication Service
Corporate Data Resources/
Applications
LDAPS
Identity Store Device Database
(LDAP/AD)
Gemalto
Agent HTTPS
RADIUS Tunnel Authentication
Attempt Validated
VPN or
Secure Gateway
RADIUS Server
Protiva
Complete OTP Fulfillment
Service Features
(Mobile App or Token) • Complete Authentication
User OTP
Authentication Management
Request
• Easy On Boarding
• OTP Credential
Fulfillment
• Easy Billing/Licensing
• Custom Webstore
Remote or Local User
5/2/2011 24

23. User On Boarding
Easy, Fast, Simple
For Existing Users
 SA Server automatically pulls LDAP information
from directory store
For New Users
 Web based management portal
 Administrators can quickly and easily add new users
User Self Care
 For token ordering
 Webstore option for user self registration and token ordering
 For mobile app OTP
 Hosted Application Gateway
– Directs to appropriate mobile app store based on phone type.
5/2/2011 25

24. User On Boarding
Custom Webstore – User Direct Token Ordering
Gemalto Webstore
Features:
• Customized web
interface
• Direct user billing
• User self-registration
• Automates OTP
device fulfillment
5/2/2011 26

25. Strong authentication Service - Fulfillment
End User Initiated Fulfilment
Fulfillment Process
Order Receive Use
Two Factor Auth 2FA credential or User can start using
(2FA) credential or token is shipped or strong 2FA to
token ordered by made available to protect access to
end user end user cloud resources
5/2/2011Jan 27, 2010 27

26. Benefits of Hosted Authentication
Cloud Service Online
SMB Fortune 500
Providers Gaming
• Secure data • Meet regulatory • Secure • Secure access
resources without requirements for authentication as a ensures only
additional CAPEX data protection differentiator from authorized users
other cloud service transact within the
• Full authentication • Reduce the cost of providers game
management password
without additional management and • Little to no • Little to no
IT resources help desk calls authentication cost authentication cost
through direct user through direct user
billing billing
A Complete Authentication solution
• On Boarding, Fulfillment, Authentication Server Maintenance and Billing
Easy to integrate – Easy to manage
Flexible Licensing Models
No additional CAPEX
28

27. Welcome in Gemalto Partner Network
Gemalto has solid long-term relationships with its partners by
focusing on customers and skills
we offer solutions that are fully interoperable and configurable
to meet the requirements of our customers.
Gemalto partners are the leaders in their respective categories:
software, communications, security products, identity
management systems, data centers, logistics, …
29

28. Thank You
email : jerome.soufflot@gemalto.com