Cidway Corporate Access 06 2009 Full

DISCOVER CIDWAY – CORPORATE ACCESS
STRONG AUTHENTICATION FROM THE MOBILE PHONE

Discover the future of security onwww.cidway.com

Table of content

• CORPORATE BACKGROUND
 Facts & History
 Industries

• PRODUCT PRESENTATION
 Product Line
 Tokens Features
 Server Features
 Key differentiators

• BUSINESS CASES
 Corporate Access

Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
2

CIDWAY – Background

Cidway Partners and Customer Services
 Created in December 2005  Global presence via partners & resellers
 Head Quarters in Lausanne, CH  Support center 24/7
 Sales Offices in Switzerland & UK  Support portal available for partners
 Internal R&D& Patent Office  Consulting services

CIDWAY’s Vision
Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime

This vision is fuelled by:
 Meeting virtually all authentication requirements
 Making Authentication & Transactions simple, easy, accessible, secure and user friendly
 Addressing virtually unlimited vertical applications from one platform
 Providing the next generation mobile software security solution for identity, transaction and
data protection

4

Secure Identity, Authentication & Transactions

Banking& Finance
E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud…

Mobile Application’s Providers
Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…)

Mobile Money & Payment
P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment…

Enterprise resource access
Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail…

Homeland Security
Airline pilot & vehicle identification
physical security solutions (guard exchange id., biometric implementation, etc.)

Telecommunications
Mobile Top-up, resources access, ASP authentication solution, SIM based OTP…

E-Government services
Citizens authentication & transaction security, electronic & mobile voting, bill payment…

Enable new channels - Improve client’s confidence & loyalty – Lower TCO

5

CIDWAY Authentication products

One server for multiple tokens

SESAMI Mobile SESAMI Slim
Time based OTP Software token for Time based OTP Hardware token
mobile phones

GAIA Server
Authentication platform

GAIA SDK
Authentication platform SDK

SESAMI Mobile SDK SESAMI SMS
Token SDK for mobile phones SMS based OTP for mobile phones

7

CIDWAY SESAMI SMS

FEATURES & CHARACTERISTICS

• Strong two-factor authentication
• No need for software installation or activation in the mobile
• No secret stored in the mobile
• User convenience – no need to carry any other device
• User can change his mobile phone time zone or time
• Easy management – no need to maintain stock and distribute hardware tokens
• Easy deployment, no need for tokens maintenance
• Works with any SMS enabled mobile phone or PDA

OTP FEATURES
• 8 decimal digits (or optionally 8 hex-digits)
• Time-based combined with challenge-response
• SHA-1 algorithm • Easy deployment
• Validity of few seconds (server parameter)
• Automatic time management by the server
• No stock management
• Low on-going cost

8

CIDWAY SESAMI Slim


• Portable, personal and robust (3.2 mm thickness – credit card size)
• 2 line clear LCD display
• Replaceable battery
(token’s data is not erased during battery replacement)
• Time based OTP – new OTP every second
• 8 characters length OTP (hex-decimal or decimal)
• Initialization through a secure two way IR protocol using the SESAMI initialization
set
• Device protected by user-selected PIN (configurable parameter [0-15 tries])
• Protection against token physical attacks (temper evidence)
• Protection against user physical attacks (stress PIN)
• Customizable operational parameters
• 12 operational buttons • Robust and user-friendly
• No need for reader or other equipment
• Customizable front panel • Secure
• Low on-going cost
9

CIDWAY SESAMI Mobile

Security
• Time based OTP with time stamping, Digital Signature
• OTP time management to the second

• Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted,
neither stored on the server (patented solution)
• PIN Code selected by the User (no need for temporary PIN sent to the User)

Compatibility
• Large handset coverage (Symbian, Java, WinCE, Brew, Blackberry, iPhone*)
• Automatic time synchronization (support of any clock change on the mobile)
• Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…)

Functionalities
• 2-factor authentication (User authenticated by the Server)
• 2-way authentication (server is authenticated by the User)
• Transaction’s signature (guarantee the integrity of transactions, against MitM)
• Automated registration
• Time Traceability
• Mobile SDK for integration into any existing mobile application
(*) S1-2009
10

CIDWAY Deployment Strategy (Sesami Mobile)

Deployment Strategy
• Push:the Client initiates the download by pushing the mobile
application to the end-user (requires to have the mobile
phone numbers)
• Pull: the end-user will initiate alone the download of the
mobile application (for example by accessing the Company’s
Intranet)

1. User downloads the Mobile application on his mobile phone
Deployment Communication Channels
• Other the Air – wireless communication (gprs, umts…) using
methods such as sms-link, wap push, url…
• Computer Download – downloading the mobile application
2. Customer registers the Sesami Mobile application on the User’s computer to be synchronized with the Mobile
phone.
• eMail – sent to the User as an email attachment (assuming
User has email access from his mobile)
• Com Ports – the mobile application can be transferred to the
mobile by any of its communication channels
3. Registration successful (bluetooth, IrDA, usb…)

Deployment Platform
• Gaia Deployment tools – Gaia server includes a set of tools
and templates to manage mobile application’s
deployment, by push or pull, including web pages
templates, sms gateway scripts (link to ClickaTel&Tyntec
gateways)…

11

CIDWAY GAIA server

• Protocols:
• HTTP, RADIUS, WSDL, SOAP
(XML Web Services Description Language)

• SW Requirements:
• Windows 2003/8 & SQL 2005 Server / SQL express
• SQL 2005 server for real failover solution
with Principal, Mirror and Witness

• Integration Options:
• Runs also on VMWare
• Interface with MSAD & any LDAP

• Administration:
• Web based & Role Based

• Configuration:
• Web based under IIS

• Reporting:
• SQL Reporting Services, Web based ,
• Export & Statistics

12

CIDWAY key differentiators

Flexibility
• Hardware, sms& Software tokens
• Multi-purpose solution (transaction, authentication, document/email corroboration)
• One single server for multi-channel communication

Cost Optimization
• 1 solution secures all remote-access
• Low acquisition, deployment and maintenance costs
• No need for inventory (sms& soft)
• Transaction’s cost reduction and customer retention

Convenience
• 1 device & 1 PIN for any access or transaction
• Familiar and user friendly experience
• No need to carry many tokens

Security
• Time based OTP algorithm (One Time Password is “not predictable”)
• Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.)
• Secrets are not stored in the Cell-phone (soft token)

Integration
• Easy to integrate within existing infrastructure
• Scalable solution

13

Corporate Access - CIDWAY

1. Remote Access / VPN (using a PC or a PDA)
2. Desktop login (in the corporate network)
3. Remote access using Citrix plugin from Cidway
4. Webmail access using plugin from Cidway
5. Application Access (SAP, Oracle, etc.)

SSL VPN Gateway

radius

PDA CIDWAY SERVER
&Cidway OTP

15

Corporate Access – CidWebPlugin

• CIDWeb ISAPI filter and extension enables IIS secure Web login for any web site, by using
One Time Password.

• CIDWeb can be used for both Form Based Authentication and Basic Authentication sites.

• No need to redesigned login form!

• For each Web access, CIDWeb intercepts the OTP entered by the user in the password field
of the Form or Basic Authentication. The CIDWeb sends to the CIDWAY GAIA server the OTP
for verification. Upon success, the user is granted access to the web page.

• Examples of Web access: Organization Boundry

5. Web Site is opened
to user
- Microsoft Exchange / OWA 4. On successful
1. User Enter OTP
authentication, static
password passed back Into Login Form
- Citrix (Web Interface). to IIS

Cidway GAIA

- Any Web pages / sites. Server

3. CidWeb passing OTP
to Cidway server for
authentication Organization IIS Server
with CidWeb
2. OTP & User
Name
passed to IIS

16

CIDWAY Some of our Clients, Partners & on-going initiatives

17

THANK YOU FOR YOUR ATTENTION

For more information, contact:

Laurent FILLIAT
Mob. +41 78 842 11 47
Tel. +41 21 331 27 00
Fax +41 21 331 27 09

Email: laurent.filliat@cidway.com

Cidway Corporate Access 06 2009 Full

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (16)

En vedette

En vedette (20)

Similaire à Cidway Corporate Access 06 2009 Full

Similaire à Cidway Corporate Access 06 2009 Full (20)

Cidway Corporate Access 06 2009 Full