Las organizaciones necesitan evolucionar más allá del nombre de usuario y contraseña básico y asegurar las transacciones en línea con un abanico de opciones de autenticación segura.
5. We Provide Identity-Based Security for: Consumers Enterprises Citizens Web Sites Online banking users, e-commerce site customers Travelers, and those accessing government services, in person or online Web servers (external and internal), email servers and code being distributed online Business and government employees, contractors, first responders, and devices
7. Consumer Auth Problems Ongoing attacks against FI’s Corporate accounts being targeted Malware growing fast, hard to detect with Anti-Virus End-users often resist strong auth Source: Anti-Phishing Working Group, July/09 Man in the Middle Attacker Man in the Browser Malware
8. Consumer Authentication: Entrust Solution Flexible range of authenticators Across spectrum of security / usability Zero-touch fraud detection to spot unusual activity and stop malware Man in the Middle Attacker Man in the Browser Malware Username & Password Mutual Authentication IP Geolocation Device Fingerprint Knowledge-Based Authentication Grid Card / eGrid One-Time Password Tokens Out of Band Auth via SMS or Email Digital Certificates Smart Cards
10. Enterprise Identities: Problems Protect access to intellectual property and customer data Work from anywhere Stay out of employees’ way Audit access to resources Reduce transaction costs by moving online Employees Partners Contractors Other Businesses Mobile Devices Other internal Servers & Devices # of IDs 2000 2010
11. Enterprise Identities: Entrust’s Solution Broad range of authentication credentials For users, servers, devices Enables encryption and digital signature with strong identity Employees Partners Contractors Other Businesses Mobile Devices Other internal Servers & Devices
13. Web site authentication: Problems Phishing attacks and other fraud often involve counterfeit websites Users cannot easily detect fake sites Numerous servers for IT staff to keep track of, ensuring no certificate expiries Expense of certs for numerous servers Customers, Employees Mobile Users Web servers, Exchange, Applications
14. Web site authentication: Entrust Solution SSL certificates for web sites, MS Exchange, code signing, Adobe PDF Stringent verification to prevent brand theft Helps user verify they are at correct site Enables browser to provide some automated protection Powerful certificate management tools Customers Mobile Users Entrust Verification
21. Multiple Identities, one device Mix of Soft token only and Transaction Notification Independent activation and control Customizable branding per identity Mobile Authentication & Transaction Notification
22. OATH compliant Time-based soft token 30 second time window Brandable interface IDG Mobile – Soft Token
23. IDG Mobile - with Transaction Notification OATH Time-based Soft Token Transaction details confirmed out of band on mobile device No data entry OATH signature of transaction contents User confirms transaction or acts on suspect details
24.
25.
26.
27.
28.
29.
30.
31. Policy & User Management Web based Administration
32.
33. Integrating IdentityGuard Remote Access Applications Microsoft Windows Servers End User Web Authentication Applications Enterprise Applications & Data Repository
40. Integrating IdentityGuard Remote Access Applications Microsoft Windows Servers End User Web Authentication Applications Enterprise Applications & Data Repository
41. Integrated with Leading Technology Partners Applications Application / Infrastructure Remote Access Platform
46. Remote Access Authentication Flow VPN Client or Web Browser Remote Access Gateway 1. User enters authentication credentials 2 . User credentials sent to IdentityGuard 4 . IdentityGuard challenge requested & presented 5. IdentityGuard response sent to IG server 6. IdentityGuard server returns accept/reject to VPN Client Repository 7. Success allows user entry 3 . User credentials validated against directory
BUILDS: It’s a layered approach to protection, because there is no silver bullet, no one technique that meets threats today or going forward. First, you use an authentication platform that lets you mix and match a wide range of authenticators, to meet the cost, usability and security demands. [click] then that platform manages the lifecycle of these credentials, issuing them to people and machines [click] and, as those credentials are used, the banks constantly monitor transaction activity and step-up authentication as required
Any standard x.509 certificate (Entrust, Microsoft, Verisign…)
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management
Easy to use and support Standards-based (Radius, J2EE, Web Services) Integrated with leading applications & environments Full web management