CRYPTOCard. Strong Two Factor Authentication

(1)

CRYPTOCard

(2)

CRYPTOCard Solutions

Overview

Cybercrime is a serious, real, and all-to-prevalent threat to networked

assests. With the abundance of deployed workers requiring network access

from a variety of devices, and the sheer value and volume of online assets,

the need for strong reliable network protection has never been greater.

The CRYPTOCard Solution

CRYPTOCard provides an authentication solution that can offer peace of mind when it comes to the protection of your organizations valuable materials. Two-factor authentication is a critical element in successful identity management. It allows you to let in the good and keep out the bad. CRYPTOCard’s authentication options provide the most flexible two-factor authentication solution on the market to eliminate password theft and protect your organization. The following outlines the flexibility of the CRYPTOCard solution for use in conjunction with today’s leading technology.

VPN and SSL VPN

In today’s deployed workforce employees need the ability to keep in contact with networked resources and services away from the office. Relying on SSL VPN when protected by only typical username and password leaves your Virtual Private Network vulnerable and easily compromised by outsiders. CRYPTOCard’s award winning technology can easily protect your online assets by utilizing two-factor authentication: a user combines their security Personal Identification Number, something only they know, with a one-time password,

newly generated by their unique token for each logon.

Outlook Web Access

Email is regarded as the most important component of business. The value and volume of information that travels back and forth on the internet is staggering. This is an appealing target and your email communications may be at risk. CRYPTO-Logon for windows OWA 2003 agent delivers strong two-factor authentication for the Microsoft OWA 2003 Logon form to ensure Outlook resources are protected. Once implemented CRYPTO-Logon replaces static passwords with a one-time password and the user enjoys a simple and consistent logon procedure with no need to worry about remembering passwords. Citrix

All of the enterprise capabilities that the Citrix Access Platform brings to an organization require a strong authentication solution. CRYPTO-Shield can provide strong two-factor authentication for Citrix that uses one-time passwords to identify users attempting logon and authenticate them. The ease of use and flexibility of Citrix solutions make them more vulnerable to password theft.

Authentication Solutions

• Two-Factor Authentication using One-Time Passwords adds a layer of security that makes a system near foolproof.

• CRYPTO-Shield is an all-in-one, end to end solution. It includes everything you need to secure every access point to your network.

• CRYPTO-Shield protects VPNs, SSL VPNs, Apache, LANs and IIS.

(3)

CRYPTOCard’s Citrix Access Suite (protecting Presentation Server, Web Interface, Access Gateway, MetaFrame Secure Access Manager, MetaFrame Password Manager) provides strong two-factor authentication to secure confidential corporate applications. Apache and IIS Web Portals

Web servers and portals may be at the hub of your organizations communications strategy. These are used to provide access to information for customers, vendors, business partners and employees. To provide strong security for the information located on these servers CRYPTOCard has developed a unique and effective authentication solution that provides the capability to maintain granular control over access to restricted areas and content on web sites powered by Apache or IIS. CRYPTO-Web is an Apache module or ISAPI filter (on IIS) for Web servers that sits in the data stream between the user’s browser and the Web application residing on the Web server where it intercepts all resource requests. When a user requests access to a resource CRYPTO-Web checks if the resource is protected and access is granted only after the user is authenticated and access is verified. It can be configured to protect domain name-based and IP address-name-based virtual hosts.

Administrator Access

If a system administrator’s password is compromised the consequences to an organization could be huge. Every user could be locked out if the password is changed and important data could be stolen or destroyed. In order to protect each individual administrator’s account passwords must be changed immediately after they leave an organization. This constant changing of passwords will create notification/logon problems for all the other administrators. It also makes it difficult to track security breaches as multiple users

share a common password. CRYPTOCard’s CRYPTO-Shield product suite eliminates static passwords and offers a comprehensive authentication solution for securing valuable corporate resources against intentional and unintentional compromise.

Managed Authentication Service-CRYPTO-MAS

Many companies recognize the need for strong authentication to protect their data and other digital assets but lack the requisite manpower, infrastructure, skills or budget to implement the needed two-factor authentication solution. CRYPTOCard’s Managed Authentication Service offers the benefits of strong two-factor authentication without the need to implement the

infrastructure in house. CRYPTO-MAS requires no additional investment in infrastructure nor does it require employees to have technical skill in two-factor authentication. It provides all the security benefits of CRYPTOCard’s strong authentication solution in an easy to implement manner.

CRYPTOCard North America 340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: 800-307-7042 Tel: +1-613-599-2441 Fax: +1-613-599-2442 E-mail: [email protected] www.cryptocard.com CRYPTOCard Europe Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: +44 870 7077 700 Fax: +44 870 7077 711 E-mail: [email protected] www.cryptocard.co.uk

CRYPTOCard and CRYPTO-Server are registered trademarks or trademarks of CRYPTOCard Inc. in Canada, the U.S.A. and/ or other countries. Microsoft and Windows are registered trademarks or

(4)

Faster, smaller, better...

Faster, smaller and less of a drain on system resources, the newest release features M2M (Machine to Machine) architecture that uses only a tiny fraction of the client side resources of previous versions. With a footprint of just a few K and using minimal RAM, 6.4 is a greatly streamlined authentication solution.

NEW ST-1 Token for BlackBerry

The newest member of our software token family allows BlackBerry users to access their two-factor authentication protected network without carrying an extra device! A new home screen icon will, when selected, launch the password generating token application. You supply your PIN and away you go.

Disconnected Authentication

On the road? Unable to connect to the network (where the CRYPTO-Server resides)? You can still protect your laptop with a ‘local’ or disconnected authentication. Up to 100 logons (configureable) are possible until you must reconnect to the network to replenish your bank of one-time passwords. (The supply of passwords for disconnected authentication is, of course, safely encrypted!)

Enhanced CRYPTO-Logon

When logging on to your OS Domain, a static password may still be required (by the OS). You now can configure CRYPTO-Logon to automatically manage the OS logon (in one of two ways) after you are authenticated by the CRYPTO-Server. Or you can choose to enforce that users manually enter their static password following a successful CRYPTO-Logon.

Enhanced CRYPTO-Web

Improvements to CRYPTO-Web provide a Standalone Mode for protecting single web servers and a Web Farm Mode for customers who wish to implement CRYPTOCard technology amongst a group of web servers.

PAM 64-bit support on Linux

Speed daemons beware! Keeping pace with advancements on the Linux front.

Support for Intel-based Macintoshes

Our Universal Binary solution will run natively on either Intel or Power PC macs running OS X Tiger.

New Getting Started Documentation

Light reading to get you up and running QUICKLY!

Smaller. More flexible. More powerful. More options. The new upgrade

to CRYPTOCard’s award winning two-factor authentication (2FA) suite

is now shipping! An upgrade for users of CRYPTO-Shield 6.x (with active

support contract), our new solution extends our reach with “Disconnected

Authentication”, enhances existing services and delivers new tokens to make

it easier than ever to take full advantage of our powerful and adaptable

authentication and ID management tool.

Introducing

CRYPTO-Shield 6.4

CRYPTO-Shield 6.4 Includes:

• Full CRYPTO-Server software • CRYPTO-VPN

• CRYPTO-Logon • CRYPTO-Web • CRYPTO-Console • CRYPTO-Kit

It’s a Heterogeneous World!

CRYPTO-Shield 6.4 is the only two-factor authentication solution that will operate seamlessly in a real-world mixed OS network. Any Mac, Linux or WIndows server can serve any Mac, Linux or Windows clients. (See systems specifications for supported versions.)

(5)

Server Platform Coverage

• Windows 2000 Server SP4 • Windows 2003 Server SP1 • RedHat Linux Enterprise Server 3/4 • SuSe Linux Enterprise Server 9 • Mac OS X Tiger

Scalability

The solution encompasses internal users, standalone computers, Web servers, VPNs, and virtually every other form of network access. It is scalable up to 255 realms and hundreds of thousands of users. CRYPTO-Shield is designed for high availability to respond to peak demands as well as network outages through RADIUS load balancing, mirrored servers, and an authentication process that is not sensitive to time-synchronization or network transit delays. CRYPTO-Shield can be implemented as a stand-alone system or installed on existing RADIUS servers. It is designed for high availability to respond to peak demands, as well as network outages, with:

• RADIUS load balancing • Mirrored servers

• Authentication process is not sensitive to time synchronization or network transit delays

• Up to 250,000 users per system

Replication

Supports local and remote replica servers for hot standby/failover

Encryption Algorithms

• DES • 3DES

• AES 128-bit, 192-bit, 256-bit

Directory Support (user data storage)

• CRYPTO-Server internal • Active Directory • Open LDAP • Open Directory

Database Support (token data storage)

• Native MySQL • External MySQL • MS-SQL • Oracle

Reporting and Logging

• All activity is stored in logs and database tables

• Data is accessible via management consoles and external reporting tools • Multiple logging options, including output to HTML Authentication Protocols • PAP • MSCHAPv2 • RADIUS • CAP Interoperability

• CRYPTO-Shield includes a RADIUS server for maximum interoperability • Compatible with leading remote access servers, wireless access points, Web servers, firewalls, and VPNs (e.g. Microsoft, Nortel, Check Point, Cisco, Apache, Citrix)

• RSA token migration (DES tokens only)

Application Developer API

CRYPTO-Kit enables development of interfaces/authentication agents for specific environments or integration with existing applications/workflows.

CRYPTOCard North America

340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: 800-307-7042 Tel: +1-613-599-2441 Fax: +1-613-599-2442 E-mail: [email protected] www.cryptocard.com CRYPTOCard Europe

Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: +44 870 7077 700 Fax: +44 870 7077 711 E-mail: [email protected] www.cryptocard.co.uk

CRYPTOCard and CRYPTO-Shield are registered trademarks or trademarks of CRYPTOCard Inc. in Canada, the U.S.A. and/ or other countries. Microsoft and Windows are registered trademarks or

(6)

TOKEN TYPES:

Calculator-style Hardware Token (RB-1)

The RB-1 PIN Pad token is a highly configurable, multi-function device and is the most versatile of the hardware tokens. It is ideally suited to users that require the freedom to logon from any computer, running any operating system, in any location, or generate digital signatures for web-based forms. It is also ideal for applications that require the use of challenge/response mode. The RB-1 Key PIN Pad Token generates a new password each time the token is activated. The token is activated by entering a PIN using the keypad.

Key Chain Hardware Token (KT-1)

The KT-1 Key Chain token provides unparalleled convenience in a portable, independent computing environment. It’s simplicity makes it the ideal authentication token for users of virtually any skill level. The KT-1 Key Chain token generates a new password each time the token is activated.

Key Chain Hardware Token (KT-2)

The KT-2 Key Chain token is an economical alternative to the KT-1. It combines the same simplicity and durability with a lower price point when purchased in quantity. As with the KT-1, this token is ideal for users of any skill level and is particularly easy to use.

CRYPTOCard Tokens are an effective and economical solution for organizations

that want to eliminate the risks presented by static, shared, stolen or easily

guessed passwords. With two-factor authentication, protected resources can

only be accessed when a user combines their security Personal Identification

Number (PIN), something only they know, with a one-time password

generated by their unique authenticator for each logon.

One-time Password

Tokens

End Users:

• Only need a PIN and a token • Never need password changes • Eliminate the use of static passwords

Security Administrators:

• Control access of users • Configurable tokens add security • Web-based deployment of ST Tokens

Budgets:

• Tokens never expire • Reduced Help-Desk calls • One-time licensing fees

Flexibility:

• Wide range of tokens depending on what an organization requires

(7)

Smart Card Token (SC-1) (with USB or PCMCIA Reader)

The SC-1 Smart Card Token is a software implementation of the RB-1 hardware

token installed on a 64K Java smart card. It is the ideal multi-function token card for organizations that want the advantages of hardware tokens, the convenience and integration of software tokens and the additional security of photo ID and proximity door access.

USB Hardware/Smart Card Token (SC-3)

The SC-3 USB token is a software

implementation of the RB-1 hardware token installed on a USB packaged smart card. Ideal for organizations that want the advantages and flexibility of hardware tokens with the convenience and integration of software tokens. The SC-3 can also store digital certificates for PKI applications.

Software Token for PC, WinCE or BlackBerry

The ST-1 Token is a software implementation of the RB-1 hardware token for installation on computers and PDAs. It is the ideal token for organizations that want the strength of two-factor authentication without the overhead and cost of hardware distribution. For PC implementations, CRYPTOCard’s M2M functionality provides an interface between the token and various authentication mechanisms, providing “One-PIN-And-You’re-In” service.

ST-1 tokens can be installed on a PC hard drive, on a USB mass storage device, on a BlackBerry, or on a WinCE PDA.