Contenu connexe
Similaire à Cidway Corporate Access 06 2009 Full
Similaire à Cidway Corporate Access 06 2009 Full (20)
Cidway Corporate Access 06 2009 Full
- 1. DISCOVER CIDWAY – CORPORATE ACCESS
STRONG AUTHENTICATION FROM THE MOBILE PHONE
Discover the future of security onwww.cidway.com
- 2. Table of content
• CORPORATE BACKGROUND
Facts & History
Industries
• PRODUCT PRESENTATION
Product Line
Tokens Features
Server Features
Key differentiators
• BUSINESS CASES
Corporate Access
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
2
- 4. CIDWAY – Background
Cidway Partners and Customer Services
Created in December 2005 Global presence via partners & resellers
Head Quarters in Lausanne, CH Support center 24/7
Sales Offices in Switzerland & UK Support portal available for partners
Internal R&D& Patent Office Consulting services
CIDWAY’s Vision
Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime
This vision is fuelled by:
Meeting virtually all authentication requirements
Making Authentication & Transactions simple, easy, accessible, secure and user friendly
Addressing virtually unlimited vertical applications from one platform
Providing the next generation mobile software security solution for identity, transaction and
data protection
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
4
- 5. Secure Identity, Authentication & Transactions
Banking& Finance
E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud…
Mobile Application’s Providers
Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…)
Mobile Money & Payment
P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment…
Enterprise resource access
Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail…
Homeland Security
Airline pilot & vehicle identification
physical security solutions (guard exchange id., biometric implementation, etc.)
Telecommunications
Mobile Top-up, resources access, ASP authentication solution, SIM based OTP…
E-Government services
Citizens authentication & transaction security, electronic & mobile voting, bill payment…
Enable new channels - Improve client’s confidence & loyalty – Lower TCO
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
5
- 7. CIDWAY Authentication products
One server for multiple tokens
SESAMI Mobile SESAMI Slim
Time based OTP Software token for Time based OTP Hardware token
mobile phones
GAIA Server
Authentication platform
GAIA SDK
Authentication platform SDK
SESAMI Mobile SDK SESAMI SMS
Token SDK for mobile phones SMS based OTP for mobile phones
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
7
- 8. CIDWAY SESAMI SMS
FEATURES & CHARACTERISTICS
• Strong two-factor authentication
• No need for software installation or activation in the mobile
• No secret stored in the mobile
• User convenience – no need to carry any other device
• User can change his mobile phone time zone or time
• Easy management – no need to maintain stock and distribute hardware tokens
• Easy deployment, no need for tokens maintenance
• Works with any SMS enabled mobile phone or PDA
OTP FEATURES
• 8 decimal digits (or optionally 8 hex-digits)
• Time-based combined with challenge-response
• SHA-1 algorithm • Easy deployment
• Validity of few seconds (server parameter)
• Automatic time management by the server
• No stock management
• Low on-going cost
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
8
- 9. CIDWAY SESAMI Slim
FEATURES & CHARACTERISTICS
• Portable, personal and robust (3.2 mm thickness – credit card size)
• 2 line clear LCD display
• Replaceable battery
(token’s data is not erased during battery replacement)
• Time based OTP – new OTP every second
• 8 characters length OTP (hex-decimal or decimal)
• Initialization through a secure two way IR protocol using the SESAMI initialization
set
• Device protected by user-selected PIN (configurable parameter [0-15 tries])
• Protection against token physical attacks (temper evidence)
• Protection against user physical attacks (stress PIN)
• Customizable operational parameters
• 12 operational buttons • Robust and user-friendly
• No need for reader or other equipment
• Customizable front panel • Secure
• Low on-going cost
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
9
- 10. CIDWAY SESAMI Mobile
FEATURES & CHARACTERISTICS
Security
• Time based OTP with time stamping, Digital Signature
• OTP time management to the second
• Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted,
neither stored on the server (patented solution)
• PIN Code selected by the User (no need for temporary PIN sent to the User)
Compatibility
• Large handset coverage (Symbian, Java, WinCE, Brew, Blackberry, iPhone*)
• Automatic time synchronization (support of any clock change on the mobile)
• Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…)
Functionalities
• 2-factor authentication (User authenticated by the Server)
• 2-way authentication (server is authenticated by the User)
• Transaction’s signature (guarantee the integrity of transactions, against MitM)
• Automated registration
• Time Traceability
• Mobile SDK for integration into any existing mobile application
(*) S1-2009
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
10
- 11. CIDWAY Deployment Strategy (Sesami Mobile)
Deployment Strategy
• Push:the Client initiates the download by pushing the mobile
application to the end-user (requires to have the mobile
phone numbers)
• Pull: the end-user will initiate alone the download of the
mobile application (for example by accessing the Company’s
Intranet)
1. User downloads the Mobile application on his mobile phone
Deployment Communication Channels
• Other the Air – wireless communication (gprs, umts…) using
methods such as sms-link, wap push, url…
• Computer Download – downloading the mobile application
2. Customer registers the Sesami Mobile application on the User’s computer to be synchronized with the Mobile
phone.
• eMail – sent to the User as an email attachment (assuming
User has email access from his mobile)
• Com Ports – the mobile application can be transferred to the
mobile by any of its communication channels
3. Registration successful (bluetooth, IrDA, usb…)
Deployment Platform
• Gaia Deployment tools – Gaia server includes a set of tools
and templates to manage mobile application’s
deployment, by push or pull, including web pages
templates, sms gateway scripts (link to ClickaTel&Tyntec
gateways)…
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
11
- 12. CIDWAY GAIA server
• Protocols:
• HTTP, RADIUS, WSDL, SOAP
(XML Web Services Description Language)
• SW Requirements:
• Windows 2003/8 & SQL 2005 Server / SQL express
• SQL 2005 server for real failover solution
with Principal, Mirror and Witness
• Integration Options:
• Runs also on VMWare
• Interface with MSAD & any LDAP
• Administration:
• Web based & Role Based
• Configuration:
• Web based under IIS
• Reporting:
• SQL Reporting Services, Web based ,
• Export & Statistics
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
12
- 13. CIDWAY key differentiators
Flexibility
• Hardware, sms& Software tokens
• Multi-purpose solution (transaction, authentication, document/email corroboration)
• One single server for multi-channel communication
Cost Optimization
• 1 solution secures all remote-access
• Low acquisition, deployment and maintenance costs
• No need for inventory (sms& soft)
• Transaction’s cost reduction and customer retention
Convenience
• 1 device & 1 PIN for any access or transaction
• Familiar and user friendly experience
• No need to carry many tokens
Security
• Time based OTP algorithm (One Time Password is “not predictable”)
• Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.)
• Secrets are not stored in the Cell-phone (soft token)
Integration
• Easy to integrate within existing infrastructure
• Scalable solution
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
13
- 15. Corporate Access - CIDWAY
1. Remote Access / VPN (using a PC or a PDA)
2. Desktop login (in the corporate network)
3. Remote access using Citrix plugin from Cidway
4. Webmail access using plugin from Cidway
5. Application Access (SAP, Oracle, etc.)
SSL VPN Gateway
radius
PDA CIDWAY SERVER
&Cidway OTP
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
15
- 16. Corporate Access – CidWebPlugin
• CIDWeb ISAPI filter and extension enables IIS secure Web login for any web site, by using
One Time Password.
• CIDWeb can be used for both Form Based Authentication and Basic Authentication sites.
• No need to redesigned login form!
• For each Web access, CIDWeb intercepts the OTP entered by the user in the password field
of the Form or Basic Authentication. The CIDWeb sends to the CIDWAY GAIA server the OTP
for verification. Upon success, the user is granted access to the web page.
• Examples of Web access: Organization Boundry
5. Web Site is opened
to user
- Microsoft Exchange / OWA 4. On successful
1. User Enter OTP
authentication, static
password passed back Into Login Form
- Citrix (Web Interface). to IIS
Cidway GAIA
- Any Web pages / sites. Server
3. CidWeb passing OTP
to Cidway server for
authentication Organization IIS Server
with CidWeb
2. OTP & User
Name
passed to IIS
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
16
- 17. CIDWAY Some of our Clients, Partners & on-going initiatives
Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com
17
- 18. THANK YOU FOR YOUR ATTENTION
For more information, contact:
Laurent FILLIAT
Mob. +41 78 842 11 47
Tel. +41 21 331 27 00
Fax +41 21 331 27 09
Email: laurent.filliat@cidway.com