SonicWALL

simplicity security freedom

Swivel Secure: Company

WorldwideWorldwide VARVAR

Licenses Licenses +1million+1million

WorldwideWorldwidePatentsPatents

ClientsClients+1000+1000

EstablishedEstablished20002000 UK BasedUK BasedPINsafePINsafe

20032003

AwardAwardWinningWinning

Customers

Vertical Success - NHS

NHS Largest single vertical customer base in UK Cost and usability driven/lower carbon footprint Primary use case is secure remote access for managers/clinicians through SSL

VPN

PINsafe Markets VPN Security

Corporate Remote Access

Web Application Security OWA/Sharepoint/Intranet

Cloud Security Google/Office365/Salesforce.com

Consultants, contractors, third parties and supplier access

DR/Pandemic Planning

Online Applications (B2B/B2C/G2C)

Existing Authentication clients – token users

Compliance – Coco/PCI

Windows GINA / Credentials provider access

PINsafe Interfacesthe product

Authentication Interfaces

Two Factor authentication: SMS text to mobile phone Multi-String delivery Mobile phone application

SMS J2ME iPhone/Android

Strong authentication: TURing on screen images

PINsafe Security String1 2 3 4 5 6 7 8 9 02 1 9 4 0 8 7 5 6 3

PINsafe Security String6 3 7 2 0 1

Message over-write, keeps inbox tidy

Receive a unique code to the mobile ‘Pre-Sent’ or ‘On Demand’

Multi String delivery Reduces SMS costs User has spare codes in hand

SMS delivery options SMS Internet gateway GSM Modem

If a mobile phone is lost or broken, users address the problem immediately

SMS Authentication

Single String Multi String

PINsafe Security String

PINsafe Protocol

PIN

Security String changes for each authentication

One Time Code One Time Code

1 3 8 0

8

5 0 3 4 278 1 96

6 4 2

① PINsafe creates a random PIN for each new user (1380).

② The user is presented with a random security by SMS, or on screen.

③ The user, using the PIN, determines a valid OTC (8642).

④ Security string changes for each attempt, making a different OTC each time.

Using the PINsafe protocol, enables an enhanced and more secure authentication string delivery.

SMS Authentication

o Security strings sent by SMS, are protected by the PINsafe protocol.

o The SMS contains a greeting, a line to help with the OTC extraction, and a security string.

o Simply use the guide line and PIN to determine a valid OTC.

o If the user PIN is 1380, the OTC will be 2953.

o Multiple Security strings sent by SMS, are protected by the PINsafe protocol

o PIN protection, prevents an unauthorised user using the security codes.

Single String

Multi String

Dual Channel: Phone App

Automatic OTC extraction from keyboard input

99 security strings

Registration and OTC top up through 3G or GPRS connection

Strong Authentication: Image

Unique Image user interface (TURing)

PIN is never typed during authentication process

Delivered in the browser or by taskbar application

Browser Integration Animated TURing

Browser IntegrationStatic TURing

SonicWALL VPN

********

2168 (OTC obscured in real use)

PINsafe protecting Citrix VPN

rallen

********9610

rallen

Single Channel: TURing

Web Application Security

Cloud authentication SalesForce, OWA, Google Mail, SharePoint, Intranet, Extranet, Portals etc.

Relevant authentication deployed based on risk intelligence of the application Most web applications are not relevant for 2FA

Very little choice for secure, non 2FA solutions TURing compelling and cost effective solution for these type of applications

Often deployed to entire workforce Moves opportunity from a tactical to a strategic deployment

Application Use PINsafe API to authenticate transactions, or electronically sign documents,

or Work Orders for regulatory compliance.

Coming Soon - Beta: Voice

Voice based authentication Call made to phone number, mobile or dedicated number

Authentication options Simply accept the call, and press ‘#’ Enter an OTC derived from a TURing image User enters PIN directly to keypad

Out of band authentication

Competition – Token Vendors

Token Vendors (RSA, Cryptocard, Aladdin, Vasco, Entrust, etc.) Captive Audience – clients know they need authentication High TCO – token replacement/renewal High cost of management/infrastructure Cumbersome/inconvenient for users Prohibitive for large scale B2B and B2C applications Difficult to manage short term/third party use No longer the only option for 2factor authentication Impractical for lower risk applications Non environmentally friendly solution

Integration

Cloud Authentication

PINsafeUsername :

Password :

One-Time-Code :

Host sign-in page, on local network, requesting username, password and OTC

Keep user credentials local and secure on your own network / domain

Authenticate using SAML to cloud based services, hosting data and applications

Integrated solution using Office 365, ADFS, and AD Proxy

Secure Cloud services, without compromising on user authentication or access

Support 2FA or image authentication depending on associated risk

Internet

Example SAML

SSLVPN

AD

User SAML

PINsafe IdP issues the tokenCloud App does not know or care how the assertion is created

AD remains single reference point.Cloud

App

PINsafeIdP

(RADIUS)

ADFSProxy

user

Office 365

Internet

PINsafe and Office 365 (Demo)

PINsafefilter

NB. PINsafe is not issuing token, ADFS is. Token can only be issued with AD credentials This is important!

ActiveDirectory

ADFSServer

PINsafe

Integrations

RADIUS AppGate Array Networks Aventail Bluecoat Checkpoint Cisco Citrix Co-Sign

RADIUS F5 Fortinet Juniper Netilla Nortel SonicWALL

RADIUS / XML API MS IAG / UAG MS IIS MS ISA Server MS Outlook Web Access

Integrate with Remote Access Products: RADIUS standards, PAP, EAP etc. Extended XML based API

Installation and Configuration

Integrates with existing business systems for user-management

Active Directory (Read only) (Multiple ADs, and Domains)

Other LDAP/SQL based directory servers, e.g. OpenLDAP, eDirectory etc.

Integration

Create Groups in Repository (AD, eDirectory etc.)

Browse the Repository from PINsafe and select the relevant groups

Add users to the Repository group, instantly deployed on PINsafe

Utilise user information from AD (email, SMS, etc.)

Remove users from the Repository to revoke their PINsafe access

Installation and Configuration

Associate AD groups to PINsafe using the FQDN within PINsafe

Security string maybe sent as numeric, alphanumeric, Uppercase, lowercase and mixed

Maximum logins attempts is definable

Inactive accounts, may be set to expire after a certain duration

Minimum PIN size, from 4 to 10 digits

PIN expiry time, before a user is forced to change their PIN

Options to prevent obvious PIN choices, such as 1234, 1111, 1966 etc

Options to force a user to change their PIN on first login, or after an Admin reset

Applications to allow users to change or reset their own PIN

PIN policies

Account Details

PIN Details

Self Help

Authentication appliance Stand alone HA Active/Active option on appliance HA Active/Active option with additional DR appliances

VM Image, or Software Only

Installation & Configuration

License options

One time perpetual license fee

Licensing on per user basis

PINsafe License includes all functionality (SMS, Java MIDlet, TURing, GINA)

Annual Software Support renewal fee Standard business hours 24x7

Hosted Service Offering

SaaS Model Coming soon…..

Thank you for your timeAny Questions ?