• No results found

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant"

Copied!
36
0
0

Loading.... (view fulltext now)

Download now ( 36 Page )

Full text

(1)

Entrust IdentityGuard

Versatile Authentication Platform for Enterprise Deployments

Sam Linford

Senior Technical Consultant [email protected]

(2)

Entrust is a World Leader in Identity Management and Security Software

• Best-in-class technology, service and support – industry pioneer

• Over 2000 customers in 50 countries – global reach • Geographic presence: U.S., Canada, UK, China,

Germany, India and Japan

• 411 employees and 110+ patents • 2008 Revenue: ~$100.0 million

(3)

© Copyright Entrust, Inc. 2009

Securing Digital Identities and Information…

3

Fraud Detection & Risk Based Authentication

Platform

Public Key Platform

(4)

The need for stronger enterprise authentication…

• Globalization and growing mobile workforce • Unmanaged devices and locations

• De-perimeterization of networks • Growing compliance regulations

Enterprise • Email • Applications Mobile Workers Mobile Devices Partners

(5)

© Copyright Entrust, Inc. 2009 5

Factors to consider in deploying 2

nd

Factor

• Risk – Sensitivity of resources – Cost of breach • Usability – User expertise – Solution flexibility • Cost – Initial cost – Ongoing maintenance – Future changes

(6)

Entrust IdentityGuard

• Single open platform, centralized policy management • User self administration

• Deploy based on Risk, Usability, Cost

Grid Versatile Authentication Platform Scratch Pad Digital Certificates OTP Tokens Smartcards & USB Tokens IP-Geolocation Machine/ Device Auth Mobile Knowledge-Based

(7)

© Copyright Entrust, Inc. 2009

IP Geolocation

• Authentication based on users physical location

• Register common access

points & record logon profiles • Leverage IP black/white lists

(8)

Machine Authentication

• Captures machine parameters

• No user interaction

• With or without cookies

IP: 216.191.253.108 Browser: IE 7.0

Screen Depth: 1024 ….

(9)

© Copyright Entrust, Inc. 2009

Digital Certificates

• X.509 certificate support • Existing certificates or

leverage Entrust Managed Service Offering

• Standard SSL client or

application-based signature-based authentication

• Stored in software, on smart cards, or USB tokens

(10)

Multiple Identities, one device Mix of Soft token only and Transaction Notification

Independent activation and control

Customizable branding per identity

(11)

© Copyright Entrust, Inc. 2009 11

OATH compliant

Time-based soft token 30 second time window Brandable interface

(12)

IDG Mobile - with Transaction Notification

OATH Time-based Soft Token Transaction details confirmed out of band on mobile device No data entry

OATH signature of transaction contents

User confirms transaction or acts on suspect details

(13)

© Copyright Entrust, Inc. 2009

Soft Token Mobile Authentication

• Single or multiple one-time passcodes to mobile device

– SMS, email, voice

• Authenticate while out of cell range

• Out-of-band transaction detail confirmation and authentication OTP

(14)

Knowledge Authentication

• Configurable number of

questions

• User defined or imported

• Define number of correct

answers

(15)

© Copyright Entrust, Inc. 2009

• Each grid card unique

• Inexpensive to produce and deploy

• Innovative eGrid in graphic or PDF format

• Easy to use and support

C 2 3

(16)

Mini Tokens

Mini OT

• Time-Synchronous • OATH Compliant

Mini AT

• Time & Event-Synchronous • Standards Based Algorithm

(17)

© Copyright Entrust, Inc. 2009

Pocket Tokens

• Time & Event-Synchronous • Pin unlock, Response,

Challenge + Response

(18)

DisplayCard Tokens

• Credit card format • OATH based OTP

generation

• Multi-functional card including optional on-board chip (PKI and/or EMV chip)

(19)

© Copyright Entrust, Inc. 2009 19

Mutual Authentication

• End user validation of

site

• Personalized for user

• Increased user

confidence

Serial Number Replay

Extended Validation Certificates Image & Message Replay

(20)

Application: Remote Access

End User

Remote Access Applications

• Integrates with leading remote access solutions

(21)

© Copyright Entrust, Inc. 2009 2121

Application: Enterprise Desktops & Servers

End User

• Integrated 2nd factor authentication

• Easy to use & deploy

• Leverages common security infrastructure

Any user **** 1 6 3 Enterprise Servers Microsoft Windows Desktops Administrators

(22)

Application: Extranet Access

End User

• Range of authenticators • Inexpensive to deploy • Easy to use and support

(23)

© Copyright Entrust, Inc. 2009 23

Integrating IdentityGuard

Remote Access Applications Microsoft Windows Servers End User Web Authentication Applications Enterprise Applications & Data Repository

(24)

Policy & User Management

• Web based

Administration

(25)

© Copyright Entrust, Inc. 2009 25

Reporting

• Web based reporting

• User and

authentication

(26)

Self-Service Server

• User self administration of Entrust IdentityGuard accounts

– User self-enrollment, assignment, activation, change and reset of authenticators – Authentication credential or personal information modification

– Account status information

• Customizable web-based user interface • Anytime, anywhere access

New User

(27)

© Copyright Entrust, Inc. 2009

Self-Service Server

• Administrator control of options and permissions

• Web front end to existing IdentityGuard implementation

– No replication of data required

• Benefits

– Reduces help desk and administrator costs and effort

– Improves usability and acceptance by customers of strong authentication

New User

New User

Existing User

(28)

Self-Service Server

Manage authenticators and account information in a single,

(29)

© Copyright Entrust, Inc. 2009

Self-Service Server

Facilitate entering or

changing of specific required information for

(30)

Self-Service Server

Send or save an electronic grid…

(31)

© Copyright Entrust, Inc. 2009 31

Industry Recognition

Named Leader in “Excellence in Security Solution for

Credit Unions” Information Security Products Guide, June

2006

Gartner “Leader”

Gartner Magic Quadrant, Feb. 2009

“Industry Innovators 2007”

SC Magazine, December 2007

SC Magazine “Recommended” in

(32)
(33)

© Copyright Entrust, Inc. 2009 33

Customer Deployment Scenarios

U.S. Treasury Department

Customer Challenge:

• Provide secure access for 530,000 plus employees and customers

• Strong 2nd factor security

• Easy to use with minimal training and maintenance

Solution:

• Leveraging grid authentication option

• Addressing issue of visually impaired with Braille grids

(34)

Customer Deployment Scenarios

Xerox

Challenge:

• Provide secure remote access for 80,000 plus employees & third-party partners

Key Attributes

• Strong 2nd factor authentication for entire user population (vs. current subset)

• Replace current high priced tokens with usable, inexpensive alternative

• Alternative authentication choices

• Seamless integration with leading VPNs

Solution:

• Juniper SSL and IPSEC VPN solution

‘Xerox was most pleased with the operational flexibility and ease of

(35)

© Copyright Entrust, Inc. 2009 35

Entrust IdentityGuard

• Single Open Platform

• Centralized Policy Management

• Deploy based on Risk, Usability, Cost

Username & Password Grid Versatile Authentication Platform Scratch Pad Digital Certificates OTP Tokens Smartcards & USB Tokens Mutual Auth IP-Geolocation Machine/ Device Auth Mobile Out-of-Band Knowledge-Based

(36)

References

Download now ( PDF - 36 Page - 2.19 MB )

Related documents

A Basic Design Guide for Clean Room Applications

“British Standard 5295” defines a clean room as a room with control of particulate contamination, constructed and used in such a way as to minimize the introduction, generation

Hard vs. Soft Tokens Making the Right Choice for Security

But this is where soft tokens are at a disadvantage when it comes to security: because the digital certificate or one- time password (OTP) application is stored on the device

2 factor + 2. Authentication. way

Deepnet DualShield is an open, unified authentication platform that enables multi-factor strong authentication across diverse applications, users and security

Using Entrust certificates with VPN

Both digital certificates and one-time password (OTP) tokens are often used for second factor authentication (often with user name and password as the first factor

Student Guide

Students completing the Diploma could complete one semester of bridging modules and complete the final one and half years of BEng in Computer Systems Engineering to obtain the

Brand Authorisation Certificate For Flipkart

Got the brand certificate for flipkart are required to claim through the image runners, for online sellers of the seller. Criterias for brand flipkart for this website

The University of Tennessee College of Social Work BSSW Program Fall Social Work 315: Social Work with Groups, Organizations and Communities

Students will also address other course content in the IARs as the semester progresses, including aspects of community intervention (CC 3), diversity-related dynamics in

The Convenient and Compact CR System for Veterinary Practices

For example, the included professional image processing software dicomPACS ® DX-R can be adapted very easily to the veterinarians specific wishes or requirements for each