1. Smart Card Forum – Prague
IIIII
Secured Access for entreprise
Jérôme Soufflot
Bus dev EMEA Channel Manager
May 20 , 2010

2. Agenda
Gemalto Presentation
Overview Gemalto IAM offer
Update on Smart Card & components technology
Share expertise with Use cases
2

3. Gemalto key figures
 € 1.65 billion revenue 2009
 Innovation:
 11 R&D centers worldwide
 1,400 engineers
 103 inventions first filed in 2009
 Over 4,500 patents/applications
 Global footprint: Regional revenue
 18 production centers
 30 personalization facilities
 77 sales & marketing offices North & South Europe, Asia
America Middle East, € 331m
€ 394m Africa 20% of
 Experienced team: 24% of revenue € 929m
revenue
56% of revenue
 10,000 employees
 90 nationalities
 42 countries % of FY ’09 revenue
March 2010 3

4. Gemalto’s secure personal devices are in the
hands of billions of individuals
 Producing and securely personalizing over 1.5 billion devices in 2009
 Serving 450 mobile operators worldwide with some 1.8 billion SIM cards
addressable by our solutions
 Supplying over 350 banks worldwide with banking cards in the hands of
over 800 million people
 Supplying ePassports to countries with some 600 million citizens
 30 years experience in designing and producing secure personal devices
March 2010 4

5. Strategic alliances and partners
 Alliances with major industry players in all Business
Units telecommunications, ID and security
 Joint initiatives with leading payment associations
 Network of 400 partners with worldwide coverage
 Business partners: VARs, resellers, distributors,
systems integrators
 Solution and technology partners
– Increase Gemalto solutions portfolio
– Ensure interoperability with leading solution providers
March 2010 3

6. BU Security - IAM Enterprise Offer Cards, Tokens
Smart Card
Readers & OTP Readers
Services,
Fulfillment and Operated Drivers, applications and
support services authentication servers
6

7. What is the Role of the Smart Card?
PKI
 Hosts digital certificates
 Hosts user PIN
Secure chip
 Computes encryption /
signing cryptography  Tamper-proof
 Resistant from
hardware attack
OTP  Resistant from
Hosts the One-Time-Password software attack
application
Hosts the OTP secret keys and
(can) protect them with a PIN
Computes the OTP

8. Example of Smart Card Use in Enterprise
Entreprise Data
Physical
Access
Controls
Secure access to buildings PKI Certificates
Secure access to Entreprise networks
Secure access to Entreprise
applications Passwords and
OTP
Authenticate employees digitally
and physically Barcode &
Magnetic encoding
Data Photos
Management
Applications
Web
server
E-signer Software
Verification
server
•email •Digital signature

9. Strong authentication for Enterprises
3 factor
authentication
2 factor
authentication
Security
PKI Certificates +
MS Base CSP
•Certificate based logon
•Digital Signature
•Encryption
•Secure Storage
OATH OTP on card +
Gemalto SA Server
User
name and
password
Feature set
9

10. CARDS & MIDDLEWARE
10

11. Card Families
.NET
TPC TOP
Regional Offer: IAS, CNS, SetAccess
11

12. Differentiation & Positioning
Differentiating features Core Message Target Customers
Minidriver PKI architecture
Microsoft integration
OTP OATH onboard MS-centric F500
Easy to deploy / Low TCO
.NET Bio solution SMEs through
Versatility (form factors, OTP)
.NET dev. environment Channel
Mainstream offer
FIPS 140-2 level 3
CC certified for legally
Common Criteria EAL 4+ Fortune 500
TPC binding signature
certification Direct or through SIs
Javacard,
Global Platform Multiplicative Cryptographic
TOP System Integrators
Dual Interface Javacard Platform
FIPS 140-2 level 3
Regional (France,
IAS ECC Compliant Emerging european Europe?)
IAS
CC EAL4+ certification regulatory compliance Government
Healthcare
12

13. Middleware, Management & Competition
Middleware Management systems
Gemalto DAS
Microsoft ILM
None for Windows
.NET Intercede myID
Libraries for Linux & MacOS
Opentrust SCM
Versatile vSEC:CMS
Microsoft ILM
TPC Classic Client V 6.0 Opentrust SCM
Intercede myID
TOP n/a n/a
Classic Client V6.0 Opentrust SCM
IAS
Microsoft ILM
13

14. Features, Value Proposition & Mgmt. options
 Main Features
 PKI and OTP authentication
 Minidriver for Windows XP, Vista, W7
 Diversity of form factors
 PKCS#11 libraries for Windows, Linux, Solaris and Mac
 Wide integration in the IAM ecosystem
 .NET development platform
 Value Proposition
 Ease of deployment, reduced Total Cost of Ownership
 Versatility (2 authentication mechanisms, variety of form factors)
 Ease of integration (wide ecosystem integration)
 Management Options
 SME: Gemalto DAS, Versatile VSEC:CMS
 Large Enterprise: Microsoft ILM, Intercede myID and Opentrust SCM
14

15. CONNECTED PKI & SECURE
FLASH TOKENS
15

16. Features & Value Proposition
Unique feature Use
USB eSeal token v2
pki
Java Smart Card based Classic client
USB Shell Token v2 +
NET CCID .NET based
pki
USB Shell Token v2 +
TPC IM CC CC EAL4+ / Pki
PPSSCD Classic client
SA .NET Dual
connected / non
Mobility & security
connected
pki + OTP
16

17. Features & Value Proposition
Unique
Use
feature
SEG
CCID .NET pki + secure
MS CAPI & CSP storage
SG
HID secure storage +
pkcs#11 P11
SG FIPS
Fips 140-2
secure storage
level 3
HID =Human Interface Device
17

18. READERS Prox
Product Launch
May 2010
Prox-DU
Prox-DU with Stand
Prox-SU
18

19. SOFTWARE
19

20. What is SA Solutions?
Gemalto SA Solutions is the product offer for
Strong Authentication (SA) relying on One Time Password (OTP).
This offer is made of
A validation server and some software components:
Gemalto SA Server (version 4)
SA Server authentication agent software
SA Server Sconnect plug-in
Authentication tokens:
Easy OTP Token
.Net smart card or
.Net smart card plug-in format embedded in a GemPC Shell reader to build an USB
token
.Net Display card
.Net Dual token
Smart Enterprise Guardian
Authentication is targeted for every company with:
Mobile workers who want to access to their enterprise resources: network, mail,
web pages, etc.
Employees accessing to private data through the Internet, an Intranet, etc.
20

21. Token Management System
Managed by Managed by
End User Enterprise
“Self” Smart TMS
Main Use:
Centralized Deployment and Token
Control
Remote Pin Unblock
Resize partitions
Update for maintenance
Report Token lost for data dest.
Applicative content management
Token recovery
Security Policy management
Usage reporting
Token Issuance workflows
21

22. SOFTWARE .NET Bio
Features & Value Proposition
 Main Features
 Middleware and cards available for Window XP, Vista and 7
 Up to 10 Fingerprints (FP) stored and matched on card
 Support of Base CSP and PKCS#11 architectures
 Windows 7 version
 Support of the Windows Biometric Framework (WBF)
 PKI and Non PKI version support
 Value Proposition
 Security: 2 or 3 Authentication Factors
 Device + PIN and / or FP
 No need to manage PINs or Passwords
 Cost saving, convenience, security
 Privacy, compliance to regulations
 Non repudiation
22

23. CUSTOMER CASE STUDIES
www.gemalto.com/enterprise
23

24. Axa Technology Services (France)
Situation: A subsidiary of the AXA Group providing IT
infrastructure services and support to most of the group’s
companies.
Challenge: Equipped end-user hardware (6K Agents , brokers)
project with a smart card-based strong authentication platform that
also supports biometrics & provide convenience
Solution: .NET Bio (strong authentication with a biometrics-
enabled smart card)
Benefits
Rapid solution development and implementation at
customer level
Multi-authentication modes (PIN only, fingerprint only,
PIN & fingerprint)
Converged badge solution for physical and logical
access reduces data loss network attacks, password
sharing and badge swapping
Enhanced end-user experience, convenience and
flexibility for secure network access
.Net solutions

25. Ministry of Defense (European country)
Situation
10 K users in locations
around the world
Military and civilian staff
Challenges:
Need for Strong Remote
authentication to online
services
Combining OTP and PKI
for 2 different security
clearance access levels
Ecosystem
Partners: Microsoft, EDS,
BT, CAP Gemini
Solution
.NET Card with PKI & CAP
OTP
20K cards delivered.

26. Telenor Hungary -Pannon
(Compuworx)
Situation: Population: 1500 employees.
Challenge: New HQ building ; new system for
authentication & access control
Solution: A converged .NET badge (Hybrid
with Mifare technology),
Applications:
PC log on
Ecosystem :
Microsoft ILM
Benefit:
1 single badge, higher security, easiest
management
26

27. Petroleum Development Oman (PDO)
(GBM)
Situation:
PDO is the main exploration company in Oman
Population: 9000 employees & subcontractors working in
9 majors location across Sultanate of Oman
Challenge:
Unify logical & physical access in one card
Implement Microsoft CA
User smart cards for SSO
Solution:
A converged .NET badge (Hybrid with HID technology),
Applications:
PC log on
Physical Access
Ecosystem :
Microsoft ILM
Benefit:
1 single badge for multiple accesses
Cost saving: .Net lowest TCO
Better governance
Improve control
27

28. University of Macedonia
(Intec partner)
Situation: Population: 7000 users (Students and staff).
Challenge: Have a solution offering security, services
and automation for staffs & students
Solution : A multiapplication student smart badge (.Net card,
GTO readers)
Applications on the student smart badge solution:
Identification,
Access control
Computer Login
VPN
Esignature
Wifi
Ecosystem
Microsoft MSC as system integrator
Microsoft FIM for identity management & certificate
Microsoft CRM Dynamics
Benefits:
Simplicity & Security: With easy and secure applications access control
Self service : The student takes care of the enrolment “certificate “ himself
Improved student population database management
28

29. Welcome in Gemalto Partner Network
Gemalto has solid long-term relationships with its partners by
focusing on customers and skills
we offer solutions that are fully interoperable and configurable
to meet the requirements of our customers.
Gemalto partners are the leaders in their respective
categories: software, communications, security products,
identity management systems, data centers, logistics, …
29

30. Questions?
Jérôme Soufflot@gemalto.com: Channel Bus dev EMEA
Tel. : +33 (0)1 55016148