Published on July 22, 2009
DISCOVER CIDWAY – CORPORATE ACCESS STRONG AUTHENTICATION FROM THE MOBILE PHONE Discover the future of security onwww.cidway.com
Table of content • CORPORATE BACKGROUND Facts & History Industries • PRODUCT PRESENTATION Product Line Tokens Features Server Features Key differentiators • BUSINESS CASES Corporate Access Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 2
CIDWAY – Background Cidway Partners and Customer Services Created in December 2005 Global presence via partners & resellers Head Quarters in Lausanne, CH Support center 24/7 Sales Offices in Switzerland & UK Support portal available for partners Internal R&D& Patent Office Consulting services CIDWAY’s Vision Authentication and transactions should be safe, reliable and easy for anyone, anywhere, anytime This vision is fuelled by: Meeting virtually all authentication requirements Making Authentication & Transactions simple, easy, accessible, secure and user friendly Addressing virtually unlimited vertical applications from one platform Providing the next generation mobile software security solution for identity, transaction and data protection Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 4
Secure Identity, Authentication & Transactions Banking& Finance E-Banking, Mobile-Banking, Transactions signature, Phone Banking, ATM & POS anti-fraud… Mobile Application’s Providers Securing access & transactions for mobile applications (e/m-Commerce, e/m-Gambling, sms authentication…) Mobile Money & Payment P2P mPayment, cardless ATM cash withdrawal, POS mPayment, Bill payment… Enterprise resource access Two-factor authentication to Login to the Desktop / VPN access / Applications / Citrix / Webmail… Homeland Security Airline pilot & vehicle identification physical security solutions (guard exchange id., biometric implementation, etc.) Telecommunications Mobile Top-up, resources access, ASP authentication solution, SIM based OTP… E-Government services Citizens authentication & transaction security, electronic & mobile voting, bill payment… Enable new channels - Improve client’s confidence & loyalty – Lower TCO Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 5
CIDWAY Authentication products One server for multiple tokens SESAMI Mobile SESAMI Slim Time based OTP Software token for Time based OTP Hardware token mobile phones GAIA Server Authentication platform GAIA SDK Authentication platform SDK SESAMI Mobile SDK SESAMI SMS Token SDK for mobile phones SMS based OTP for mobile phones Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 7
CIDWAY SESAMI SMS FEATURES & CHARACTERISTICS • Strong two-factor authentication • No need for software installation or activation in the mobile • No secret stored in the mobile • User convenience – no need to carry any other device • User can change his mobile phone time zone or time • Easy management – no need to maintain stock and distribute hardware tokens • Easy deployment, no need for tokens maintenance • Works with any SMS enabled mobile phone or PDA OTP FEATURES • 8 decimal digits (or optionally 8 hex-digits) • Time-based combined with challenge-response • SHA-1 algorithm • Easy deployment • Validity of few seconds (server parameter) • Automatic time management by the server • No stock management • Low on-going cost Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 8
CIDWAY SESAMI Slim FEATURES & CHARACTERISTICS • Portable, personal and robust (3.2 mm thickness – credit card size) • 2 line clear LCD display • Replaceable battery (token’s data is not erased during battery replacement) • Time based OTP – new OTP every second • 8 characters length OTP (hex-decimal or decimal) • Initialization through a secure two way IR protocol using the SESAMI initialization set • Device protected by user-selected PIN (configurable parameter [0-15 tries]) • Protection against token physical attacks (temper evidence) • Protection against user physical attacks (stress PIN) • Customizable operational parameters • 12 operational buttons • Robust and user-friendly • No need for reader or other equipment • Customizable front panel • Secure • Low on-going cost Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 9
CIDWAY SESAMI Mobile FEATURES & CHARACTERISTICS Security • Time based OTP with time stamping, Digital Signature • OTP time management to the second • Protection against theft or loss of mobile phone: PIN not stored on Mobile, neither transmitted, neither stored on the server (patented solution) • PIN Code selected by the User (no need for temporary PIN sent to the User) Compatibility • Large handset coverage (Symbian, Java, WinCE, Brew, Blackberry, iPhone*) • Automatic time synchronization (support of any clock change on the mobile) • Multiple transmission methods (Screen display, SMS, WAP, MMS, GPRS, Acoustic, NFC*…) Functionalities • 2-factor authentication (User authenticated by the Server) • 2-way authentication (server is authenticated by the User) • Transaction’s signature (guarantee the integrity of transactions, against MitM) • Automated registration • Time Traceability • Mobile SDK for integration into any existing mobile application (*) S1-2009 Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 10
CIDWAY Deployment Strategy (Sesami Mobile) Deployment Strategy • Push:the Client initiates the download by pushing the mobile application to the end-user (requires to have the mobile phone numbers) • Pull: the end-user will initiate alone the download of the mobile application (for example by accessing the Company’s Intranet) 1. User downloads the Mobile application on his mobile phone Deployment Communication Channels • Other the Air – wireless communication (gprs, umts…) using methods such as sms-link, wap push, url… • Computer Download – downloading the mobile application 2. Customer registers the Sesami Mobile application on the User’s computer to be synchronized with the Mobile phone. • eMail – sent to the User as an email attachment (assuming User has email access from his mobile) • Com Ports – the mobile application can be transferred to the mobile by any of its communication channels 3. Registration successful (bluetooth, IrDA, usb…) Deployment Platform • Gaia Deployment tools – Gaia server includes a set of tools and templates to manage mobile application’s deployment, by push or pull, including web pages templates, sms gateway scripts (link to ClickaTel&Tyntec gateways)… Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 11
CIDWAY GAIA server • Protocols: • HTTP, RADIUS, WSDL, SOAP (XML Web Services Description Language) • SW Requirements: • Windows 2003/8 & SQL 2005 Server / SQL express • SQL 2005 server for real failover solution with Principal, Mirror and Witness • Integration Options: • Runs also on VMWare • Interface with MSAD & any LDAP • Administration: • Web based & Role Based • Configuration: • Web based under IIS • Reporting: • SQL Reporting Services, Web based , • Export & Statistics Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 12
CIDWAY key differentiators Flexibility • Hardware, sms& Software tokens • Multi-purpose solution (transaction, authentication, document/email corroboration) • One single server for multi-channel communication Cost Optimization • 1 solution secures all remote-access • Low acquisition, deployment and maintenance costs • No need for inventory (sms& soft) • Transaction’s cost reduction and customer retention Convenience • 1 device & 1 PIN for any access or transaction • Familiar and user friendly experience • No need to carry many tokens Security • Time based OTP algorithm (One Time Password is “not predictable”) • Anti-fraud protection against common attacks (e.g. phishing, man in the middle, etc.) • Secrets are not stored in the Cell-phone (soft token) Integration • Easy to integrate within existing infrastructure • Scalable solution Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 13
Corporate Access - CIDWAY 1. Remote Access / VPN (using a PC or a PDA) 2. Desktop login (in the corporate network) 3. Remote access using Citrix plugin from Cidway 4. Webmail access using plugin from Cidway 5. Application Access (SAP, Oracle, etc.) SSL VPN Gateway radius PDA CIDWAY SERVER &Cidway OTP Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 15
Corporate Access – CidWebPlugin • CIDWeb ISAPI filter and extension enables IIS secure Web login for any web site, by using One Time Password. • CIDWeb can be used for both Form Based Authentication and Basic Authentication sites. • No need to redesigned login form! • For each Web access, CIDWeb intercepts the OTP entered by the user in the password field of the Form or Basic Authentication. The CIDWeb sends to the CIDWAY GAIA server the OTP for verification. Upon success, the user is granted access to the web page. • Examples of Web access: Organization Boundry 5. Web Site is opened to user - Microsoft Exchange / OWA 4. On successful 1. User Enter OTP authentication, static password passed back Into Login Form - Citrix (Web Interface). to IIS Cidway GAIA - Any Web pages / sites. Server 3. CidWeb passing OTP to Cidway server for authentication Organization IIS Server with CidWeb 2. OTP & User Name passed to IIS Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 16
CIDWAY Some of our Clients, Partners & on-going initiatives Copyright © 2009 CIDWAY Security SA. All rights reserved – www.cidway.com 17
THANK YOU FOR YOUR ATTENTION For more information, contact: Laurent FILLIAT Mob. +41 78 842 11 47 Tel. +41 21 331 27 00 Fax +41 21 331 27 09 Email: firstname.lastname@example.org
Sorry, you are not authorized to access this article. Already Registered? ... Integrity Research Associates, LLC. All Rights Reserved. ...
Exchange Impersonation vs. Delegate Access MSDN Blogs ... 15 Jun 2009 3:15 PM ... up to and including full mailbox access.
Get Started: Configure Windows Home Server Remote Access. Terry Walsh Jun 22, 2009, ... but now it is giving me full file access.
Full Circle Wellness; Health Coaching; Health Informatics; Blogs. Corporate Wellness Insights; 365 Days of Wellness; Careers; Contact; ... Posted by Fiona ...
... (full):: 2009-05-14 :: 33 ... 2009-06-27 :: 22 Microsoft officie 2015:: 2015-08-31 :: 87 ... Microsoft Windows XP Professional Corporate:: 2009-10-30 :: 52
By Sharlyn Lauby 2009-06-02 ... There are generally two approaches to social media policy ... etc. The Internet is full of varied ...
How to Sync Google Calendar With iPhone Calendar. By ... http://www.idownloadblog.com/2009/06/30/how-to-sync-google ... Email = full google ...
... In November 2009, YouTube launched a version of "Shows" available to UK viewers, offering around 4,000 full-length ... Access to YouTube was ...