Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
SmartCard Forum 2010 - Secured Access for enterprise
1. Smart Card Forum – Prague
IIIII
Secured Access for entreprise
Jérôme Soufflot
Bus dev EMEA Channel Manager
May 20 , 2010
2. Agenda
Gemalto Presentation
Overview Gemalto IAM offer
Update on Smart Card & components technology
Share expertise with Use cases
2
3. Gemalto key figures
€ 1.65 billion revenue 2009
Innovation:
11 R&D centers worldwide
1,400 engineers
103 inventions first filed in 2009
Over 4,500 patents/applications
Global footprint: Regional revenue
18 production centers
30 personalization facilities
77 sales & marketing offices North & South Europe, Asia
America Middle East, € 331m
€ 394m Africa 20% of
Experienced team: 24% of revenue € 929m
revenue
56% of revenue
10,000 employees
90 nationalities
42 countries % of FY ’09 revenue
March 2010 3
4. Gemalto’s secure personal devices are in the
hands of billions of individuals
Producing and securely personalizing over 1.5 billion devices in 2009
Serving 450 mobile operators worldwide with some 1.8 billion SIM cards
addressable by our solutions
Supplying over 350 banks worldwide with banking cards in the hands of
over 800 million people
Supplying ePassports to countries with some 600 million citizens
30 years experience in designing and producing secure personal devices
March 2010 4
5. Strategic alliances and partners
Alliances with major industry players in all Business
Units telecommunications, ID and security
Joint initiatives with leading payment associations
Network of 400 partners with worldwide coverage
Business partners: VARs, resellers, distributors,
systems integrators
Solution and technology partners
– Increase Gemalto solutions portfolio
– Ensure interoperability with leading solution providers
March 2010 3
6. BU Security - IAM Enterprise Offer Cards, Tokens
Smart Card
Readers & OTP Readers
Services,
Fulfillment and Operated Drivers, applications and
support services authentication servers
6
7. What is the Role of the Smart Card?
PKI
Hosts digital certificates
Hosts user PIN
Secure chip
Computes encryption /
signing cryptography Tamper-proof
Resistant from
hardware attack
OTP Resistant from
Hosts the One-Time-Password software attack
application
Hosts the OTP secret keys and
(can) protect them with a PIN
Computes the OTP
8. Example of Smart Card Use in Enterprise
Entreprise Data
Physical
Access
Controls
Secure access to buildings PKI Certificates
Secure access to Entreprise networks
Secure access to Entreprise
applications Passwords and
OTP
Authenticate employees digitally
and physically Barcode &
Magnetic encoding
Data Photos
Management
Applications
Web
server
E-signer Software
Verification
server
•email •Digital signature
9. Strong authentication for Enterprises
3 factor
authentication
2 factor
authentication
Security
PKI Certificates +
MS Base CSP
•Certificate based logon
•Digital Signature
•Encryption
•Secure Storage
OATH OTP on card +
Gemalto SA Server
User
name and
password
Feature set
9
12. Differentiation & Positioning
Differentiating features Core Message Target Customers
Minidriver PKI architecture
Microsoft integration
OTP OATH onboard MS-centric F500
Easy to deploy / Low TCO
.NET Bio solution SMEs through
Versatility (form factors, OTP)
.NET dev. environment Channel
Mainstream offer
FIPS 140-2 level 3
CC certified for legally
Common Criteria EAL 4+ Fortune 500
TPC binding signature
certification Direct or through SIs
Javacard,
Global Platform Multiplicative Cryptographic
TOP System Integrators
Dual Interface Javacard Platform
FIPS 140-2 level 3
Regional (France,
IAS ECC Compliant Emerging european Europe?)
IAS
CC EAL4+ certification regulatory compliance Government
Healthcare
12
13. Middleware, Management & Competition
Middleware Management systems
Gemalto DAS
Microsoft ILM
None for Windows
.NET Intercede myID
Libraries for Linux & MacOS
Opentrust SCM
Versatile vSEC:CMS
Microsoft ILM
TPC Classic Client V 6.0 Opentrust SCM
Intercede myID
TOP n/a n/a
Classic Client V6.0 Opentrust SCM
IAS
Microsoft ILM
13
14. Features, Value Proposition & Mgmt. options
Main Features
PKI and OTP authentication
Minidriver for Windows XP, Vista, W7
Diversity of form factors
PKCS#11 libraries for Windows, Linux, Solaris and Mac
Wide integration in the IAM ecosystem
.NET development platform
Value Proposition
Ease of deployment, reduced Total Cost of Ownership
Versatility (2 authentication mechanisms, variety of form factors)
Ease of integration (wide ecosystem integration)
Management Options
SME: Gemalto DAS, Versatile VSEC:CMS
Large Enterprise: Microsoft ILM, Intercede myID and Opentrust SCM
14
16. Features & Value Proposition
Unique feature Use
USB eSeal token v2
pki
Java Smart Card based Classic client
USB Shell Token v2 +
NET CCID .NET based
pki
USB Shell Token v2 +
TPC IM CC CC EAL4+ / Pki
PPSSCD Classic client
SA .NET Dual
connected / non
Mobility & security
connected
pki + OTP
16
17. Features & Value Proposition
Unique
Use
feature
SEG
CCID .NET pki + secure
MS CAPI & CSP storage
SG
HID secure storage +
pkcs#11 P11
SG FIPS
Fips 140-2
secure storage
level 3
HID =Human Interface Device
17
18. READERS Prox
Product Launch
May 2010
Prox-DU
Prox-DU with Stand
Prox-SU
18
20. What is SA Solutions?
Gemalto SA Solutions is the product offer for
Strong Authentication (SA) relying on One Time Password (OTP).
This offer is made of
A validation server and some software components:
Gemalto SA Server (version 4)
SA Server authentication agent software
SA Server Sconnect plug-in
Authentication tokens:
Easy OTP Token
.Net smart card or
.Net smart card plug-in format embedded in a GemPC Shell reader to build an USB
token
.Net Display card
.Net Dual token
Smart Enterprise Guardian
Authentication is targeted for every company with:
Mobile workers who want to access to their enterprise resources: network, mail,
web pages, etc.
Employees accessing to private data through the Internet, an Intranet, etc.
20
21. Token Management System
Managed by Managed by
End User Enterprise
“Self” Smart TMS
Main Use:
Centralized Deployment and Token
Control
Remote Pin Unblock
Resize partitions
Update for maintenance
Report Token lost for data dest.
Applicative content management
Token recovery
Security Policy management
Usage reporting
Token Issuance workflows
21
22. SOFTWARE .NET Bio
Features & Value Proposition
Main Features
Middleware and cards available for Window XP, Vista and 7
Up to 10 Fingerprints (FP) stored and matched on card
Support of Base CSP and PKCS#11 architectures
Windows 7 version
Support of the Windows Biometric Framework (WBF)
PKI and Non PKI version support
Value Proposition
Security: 2 or 3 Authentication Factors
Device + PIN and / or FP
No need to manage PINs or Passwords
Cost saving, convenience, security
Privacy, compliance to regulations
Non repudiation
22
24. Axa Technology Services (France)
Situation: A subsidiary of the AXA Group providing IT
infrastructure services and support to most of the group’s
companies.
Challenge: Equipped end-user hardware (6K Agents , brokers)
project with a smart card-based strong authentication platform that
also supports biometrics & provide convenience
Solution: .NET Bio (strong authentication with a biometrics-
enabled smart card)
Benefits
Rapid solution development and implementation at
customer level
Multi-authentication modes (PIN only, fingerprint only,
PIN & fingerprint)
Converged badge solution for physical and logical
access reduces data loss network attacks, password
sharing and badge swapping
Enhanced end-user experience, convenience and
flexibility for secure network access
.Net solutions
25. Ministry of Defense (European country)
Situation
10 K users in locations
around the world
Military and civilian staff
Challenges:
Need for Strong Remote
authentication to online
services
Combining OTP and PKI
for 2 different security
clearance access levels
Ecosystem
Partners: Microsoft, EDS,
BT, CAP Gemini
Solution
.NET Card with PKI & CAP
OTP
20K cards delivered.
26. Telenor Hungary -Pannon
(Compuworx)
Situation: Population: 1500 employees.
Challenge: New HQ building ; new system for
authentication & access control
Solution: A converged .NET badge (Hybrid
with Mifare technology),
Applications:
PC log on
Ecosystem :
Microsoft ILM
Benefit:
1 single badge, higher security, easiest
management
26
27. Petroleum Development Oman (PDO)
(GBM)
Situation:
PDO is the main exploration company in Oman
Population: 9000 employees & subcontractors working in
9 majors location across Sultanate of Oman
Challenge:
Unify logical & physical access in one card
Implement Microsoft CA
User smart cards for SSO
Solution:
A converged .NET badge (Hybrid with HID technology),
Applications:
PC log on
Physical Access
Ecosystem :
Microsoft ILM
Benefit:
1 single badge for multiple accesses
Cost saving: .Net lowest TCO
Better governance
Improve control
27
28. University of Macedonia
(Intec partner)
Situation: Population: 7000 users (Students and staff).
Challenge: Have a solution offering security, services
and automation for staffs & students
Solution : A multiapplication student smart badge (.Net card,
GTO readers)
Applications on the student smart badge solution:
Identification,
Access control
Computer Login
VPN
Esignature
Wifi
Ecosystem
Microsoft MSC as system integrator
Microsoft FIM for identity management & certificate
Microsoft CRM Dynamics
Benefits:
Simplicity & Security: With easy and secure applications access control
Self service : The student takes care of the enrolment “certificate “ himself
Improved student population database management
28
29. Welcome in Gemalto Partner Network
Gemalto has solid long-term relationships with its partners by
focusing on customers and skills
we offer solutions that are fully interoperable and configurable
to meet the requirements of our customers.
Gemalto partners are the leaders in their respective
categories: software, communications, security products,
identity management systems, data centers, logistics, …
29