13. What devices can verify user identity? Plus one of these … (optional) + Potential Future Development
14. bioLock is compatible with over 80 laptops (with built-in fingerprint sensor) and over 50 independent devices like mice, keyboards, or PCMCIA Cards. is hardware independent Cherry ID Mouse Convenient Touch Sensor bioLock ID Mouse Powered by Secugen Leading Laptops 23% have Swipe Sensors Secugen Hamster FIPS 201 Compliant UPEK Eikon Low-cost Device Cherry Keyboard Smart Card Option Zvetco P5000 High End Device
15. SAP ® log-on & system access with Logon Logon authorized Logon blocked bioLock checks authentication rules bioLock user/ function bioLock prompts you for fingerprint Fingerprint comparison with table bioLock templates bioLock identifies unique points (minutiae) within a fingerprint and creates an encrypted, digital template – no images of fingerprints are ever stored! Note:
16. System Log-on Transaction Bulletproof security requires 5 Levels Any Field Perimeter Security - Level I Transactions – Level II Fields - Level III bioLock can control all 5 Levels using fingerprint scans! Financial Limits – Level IV Dual Approval – Level V
17.
18.
19. User selects the transaction “ME21N” to create a purchase order NOTE: This could be virtually any R/3 transaction such as SE16 or SE38 Example – what a user sees… User is prompted for a fingerprint scan to complete the activity (Security Level II)
20.
21.
22.
23. realtime North America, Inc. WORLD TRADE CENTER 1101 Channelside Drive, Tampa, FL 33602 T: 813-283-0070 F: 813-283-0071 Email: info@biolock.us Web: www.bioLock.us Martin Lum Director of Business Development, Northeast 813-310-7007 Please contact us for a demonstration or pilot installation: 1-877-bioLock [email_address]
Notes de l'éditeur
Welcome to realtime, developers of bioLock, the only fingerprint authentication software which is certified by SAP. With bioLock, BULLETPROOF security is at your fingertips !
Realtime was founded in 1986 by former SAP managers. Realtime is an SAP-certified software, services & special expertise partner, with a particular focus in governance, risk and compliance. Our clients span many sectors of industry and government, including food, pharmaceuticals, chemicals, automotive and many more. Realtime’s flagship software product, bioLocK, has been continuously certified by SAP since 2002.
Realtime’s client list includes Fortune Global 500 corporations, and names like Airbus, Bayer, Marathon Oil, Toyota. The list also includes government agencies and financial institutions that prefer to remain anonymous. In all, over 200 global clients are served by realtime, which is privately held, financially sound and based in Germany near SAP’s headquarters.
bioLock was developed in response to the needs of certain SAP users. For executives, true Sarbanes-Oxley compliance became possible by rigidly restricting access to financial data. Other clients wanted to achieve granular control of access to SAP data down to the transaction or field level. Some clients wanted to enforce true segregation of duties in financial transactions, while others focused on complying with HIPAA or other regulations. In some cases, sensitive data or intellectual property had to be protected from unauthorized access.
SAP is the market leader in the ERP space, and offers industry-standard security features that meet many users’ needs. However, your SAP data security can be taken to a whole new level with the addition of bioLock software. We like to call it “bullet-proofing”.
Whether we like it or not, fraud is here to stay. In fact it is a growth industry. The greatest risk may be not from external sources, but from insider fraud, which can be difficult to detect, and may originate from unsuspected first-time offenders. The Association of Certified Fraud Examiners tracks these trends, and reports that apprx. 5% of corporate revenues, globally are lost to fraud. Realtime believes that the risk of insider fraud and unauthorized data access can be significantly mitigated with the use of biometric authentication.
Since you are looking at this presentation, are concerned about protecting your organization from insider fraud? Are your HR practices in full compliance with HIPAA? Do your executives worry about their exposure to Sarbanes-Oxley issues? Does your SAP system store sensitive financial data, secret formulas, or vulnerable intellectual property which should not be seen by unauthorized eyes?
Maybe you are considering the potential impact of a security breach or incident? What would the direct financial cost be? How would negative publicity in traditional and social media affect your organization and your stock price? How about the cost of defending lawsuits? Would a loss of intellectual property be significant?
Any type of system security falls into one of 3 categories: The first is “what you know:, ie. A password that you are supposed to have memorized The 2 nd is “what you have:, i.e. something in your possession like a swipe card, smart card or common access card. The 3 rd type is called “what you are”, - this is a biometric credential that is just part of you.
Passwords are the most rudimentary form of protection. Think about the passwords you use in daily life, lets say for your ATM card. A password is “something you know”. Most people would agree that these are easily guessed, circumvented and not too robust. Often they are written down in plain view on somebody’s desktop or a Post-it note. Smart-cards offer some extra protection because the user has to carry a device. The protection consists of “something you have”, but the device can be borrowed, stolen, or misused. Industry experts and academics agree that the highest degree of security requires biometrics. The user does not have to remember anything, nothing is written down, and there is no device to keep track of. A biometric identity is “who you are” and can’t be transferred or borrowed.
The question is, are you still relying only on passwords? The traditional SAP log-on process relies on passwords, which can be borrowed, stolen or misused. Many users write passwords down, making them especially vulnerable to insider fraud. The log-on password provides only perimeter protection, but no additional layers or granularity.
To bulletproof your SAP data, the first step is to enhance the log-on profile with a fingerprint scan. The traditional password is still entered, but then a simple message box pops up in front of the user and requests a fingerprint scan. There is no way to cancel or circumvent this step, and a user cannot be impersonated be someone else. It only takes a couple of seconds, is totally intuitive and requires no training. Various small hardware devices are available to capture the fingerprint scan for bioLock verification.
A standard scanner as shown above is the simplest approach, but some users prefer using more than one device. For example, you could add a smart card or common access card, which may also be used to open physical doors to your building. Potential future development could include iris scanning or other techniques as technology becomes available.
Many scanning devices can be used with bioLock, which has been tested and verified with a long list of manufacturers. For example, a mouse can contain a scanner on the top or side. Many laptops now have swipe sensors. Keyboards are also available that offer fingerprint scanning, smart card access, or both. Many devices cost less than $100 and are easily installed.
How does SAP interact with bioLock? If a user is enrolled in bioLock, SAP will store a biometric template for that user. Each time the user logs on, their credentials are compared against that template. If the credentials don’t match, access will be denied. By the way, actual fingerprint images are never stored. bioLock creates an encrypted digital template from the minutiae, which are the unique defining points of a fingerprint, and your SAP users’ privacy is always protected.
Here is a graphic view of the 5 levels of control. For bulletproof security, you must have these 5 levels. 1 - perimeter control 2- transaction control 3- field level control 4- financial limits with those fields 5 – dual approval The key is that all these operations can be controlled using fingerprint verification, so that any critical activity in your SAP system is properly authorized and tracked
Here are more examples of actions that can be controlled using bioLock Maybe you want to prevent someone from printing a list of vendors? Did you want to prevent a user from executing a certain process? In the screen example, certain fields are masked, meaning the data is made invisible, so that an unauthorized user cannot view them.
The close relationship between realtime and SAP ensures ongoing seamless integration of bioLock Your existing SAP passwords and profiles are unchanged. bioLock is compatible with all versions of SAP from 4.x onwards User profiles can be customized as much, or as little, as your business rules and management policies require.
In this example, the user works in purchasing, and is trying to select the ME21N transaction to create a purchase order. Since purchasing is considered a critical function, the bioLock message box pops up and requires the user to provide a fingerprint scan. After successful authentication, the prompt disappears and the user continues working as usual. Please note that this could have been any other transaction type, not just purchasing.
Here is an example of the automatically generated audit file. Note the distinction between the SAP User column and the bioLock User column. The log file will identify suspect events such as failed log-on attempts or attempts at unauthorized actions. Events such as viewing of financial data provide a strong Sarbanes-Oxley audit trail. Any attempt to share passwords, as in this example, will be prevented.
Here are some examples of success stories. 1- HR data was protected while ensuring HIPAA compliance 2- Senior management achieved control of purchasing to prevent unauthorized use of funds. 3- Internal fraud risk was mitigated by the use of data masking and financial controls 4- Payroll and expense account fraud were controlled after years of abuse 5- A nuclear power plant protects and controls mission-critical workflow components
Let’s summarize a few key points: Installation and configuration of bioLock can be done very rapidly, with minimal IT support and very little impact on users. Ongoing SAP compatibility is assured. Very quickly, your organization can achieve dramatically increased SAP security capability The cost of installing a bioLock 100-license starter package is less than a typical single fraud incident
Please contact us if you would like more information, or to arrange a demonstration. Thank you for time.