eToken TMS 5.0 CA

June 09

eToken TMS 5.0 Agenda

The challenge: Authenticator life-cycle management eToken TMS (Token Management System) eToken TMS 5.0 – Release Highlights

Authentication Management ChallengeThe management of an authentication solution in an enterprise involves a number of interrelated elements:

UsersIdentities in the organization

Organizational policiesAccess rights for user groups; required security measures

Security devicesAuthentication devices provided to users

Security applicationsApplications to be used by each user (e.g. Network Logon, disk encryption)

1. New employee gets token upon arrival

2. Employee performs token self-enrollment

3. Employee starts working

Organizational Policies

TokenManagementSystem

ERP System

VPN

Network Logon

Life With a Management System

And There’s Much More…

Why Use a Token Management System?

Reduce administrative errors (potentially costly!!) by streamlining processes

Reduce workload of your IT staff with automated processes and user self-service tools

Control your authenticator inventory and usage

Enhance user productivity

Fully audit token usage for regulatory compliance

With a management system in place you can:

Make your authentication solution a reality!

eToken TMSToken Management System

TMS Framework View Robust system for deploying, managing and using authenticators TMS links users, organizational policies, security devices & security

applications

Authenticator assignment

Authenticator enrollment

Authenticator revocation/ disablement

Authenticator update

Password reset/change

Authenticator replacement

Authenticator Life-Cycle Management with TMS

TMS Management Components

The following web sites/services installed on the TMS server:

eToken TMS Management Center: TMS management site, used by administrator & helpdesk

eToken TMS Self Service Center: Self service site, used by corporate end users

eToken TMS Remote Service: Self service site for end users- for employees on the road in case of lost authenticators or forgotten passwords)

TPO Management Web Service: A web service - used by the TPO editor for configuring TMS settings

TMS Key Features (1) Supports all eToken devices and applications

Integrated with Microsoft Active Directory, Microsoft SQL Server and OpenLDAP

Web-based user self-service, help desk, and administration tools

Open architecture Supports security applications with configurable connectors Supports solutions including: network logon, VPN, web access, secure email,

data encryption, boot protection, SSO, certificate management, IdM… Robust SDK

Secure solution for employees on the road who lose/forget their authenticators

TMS Key Features (2) Supports scalable, distributed administration

Management of multiple domains from a single web-based interface

Role-based administration

Different user data encryption keys for different domains

Full auditing and reporting capabilities

Supports clustering, redundancy, scalability – based on Microsoft Windows Server 2003 and IAS

Centralized client software deployment

Supports multiple client platforms: Windows, Linux and Mac OS

TMS Key Differentiators in the Market

A single life-cycle management system for your entire solution

Full integration with Microsoft Active Directory Familiar and intuitive usage for administrators

Direct link with user data – no need to replicate

Fully integrated with AD user rules and policies

All user data are located and managed in one place

No proprietary server

Integration with multiple security applications + SDK Flexibility to support current & evolving requirements

Designed for enterprises & managed service providers

TMS Business Value: MSSPs Easily manage your customers’ solutions

Manage multiple customer domains from a single web-based interface

Allow local customer site management with web-based user and admin tools

Enable your customers to view reports online

Control activities with role-based administration

Permissions can be assigned per domains, OUs, groups, & tasks

Keep your customers’ data secure

Built-in user data encryption capabilities

Different encryption keys for diverse customer domains

High availability, non-stop service

TMS Business Value: Compliance

Excellent reporting tools

Set of built-in reports including: token usage, connected tokens, token inventory and status, attendance reports

Support for external reporting tools to generate other reports you may need

Full auditing capabilities

Complete event logs

Fully customizable email alerts to track any irregular or problematic usage right when it happens

Enhanced internal data controls and protection of individuals’ privacy

Complete control over each administrator’s abilities

Advanced user data encryption capabilities

eToken TMS 5.0 Highlights

eToken TMS 5.0 - Highlights Support for eToken PRO Anywhere

Support for eToken Virtual and MobilePASS (SoftOTP) products

Card printing support

Multi Forest Active Directory support

Novell eDirectory user store support

Simplified licensing mechanism - cross domain

Simplified installation and configuration (OTP*)

Updated platform support (Windows 2003 64 Bit)

Support for TMS 5.0 user token management in Linux & MAC TMS Self service & TMS remote

Expanded TMS API

MS CA Based Key Archival support

Improved logging and error handling capability

Enhanced technical documentation

Authenticator Management

eToken TMS enables full life cycle management

Including TMSservice - End-user portal

The End-user site enables tasks such as: Enroll a new authenticator

Update the content of an enrolled authenticator

Change/Reset eToken password

Disable/Enable an eToken

Replace a Lost/Damaged authenticator (including revocation)

Manage OTP authenticator including MobilePASS

Enroll eToken Virtual and eToken Virtual Temp

Post-Enrollment Self Management

After successful authenticator

enrollment, self-management

options are added to the

TMSService site.

Maintenance

Recovery

OTP Management

Soft tokens

eToken Virtual Deployment– Administrator Use Case

Administrator enrolls eToken Virtual for a specific user from the TMS Manage. The only supported use case is enrollment to a removable flash device:

eToken TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.

eToken TMS is installed and all the required connectors are configured to enable eToken Virtual usage.

Administrator plugs in the user portable device and starts the enrollment process from the TMS Manage web site.

eToken Virtual is created on the portable device, locked and set with the initial user password.

Notification is sent to the user with the eToken Virtual password.

User receives the device and can use it for the authentication.

19

eToken Virtual – User Enrollment Use Case

User accesses the TMS Service web site and enrolls eToken Virtual:

TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.

TMS is installed and all the required connectors are configured to enable eToken Virtual usage.

User enters TMS Service web site to enroll eToken Virtual.

eToken Virtual is created on the user computer, locked and set with the user password OR user can enroll the eToken Virtual to a portable drive, based on the TMS TPO settings, configured by the administrator.

User can use the eToken Virtual for the authentication.

20

NOTE: Admin Rights Required for eToken PKI Client Installation

MobilePASS – Enrollment and Usage eToken TMS and MobilePASS license are acquired by the

company to enable OTP using software authenticators.

Administrator enrolls MobilePASS authenticator for the user in the TMS Manage.

The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc..

The user installs the MobilePASS software.

The user enters the activation code and activates the software.

OTP is generated using the received PIN.

Using the OTP, the user logs on.

Additional software solutions using TMS: eToken Virtual Temp

Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator

For each authenticator, the user can enrol one temporary virtual authenticator.

eToken Rescue

Users who lose their authenticators can create an eToken Rescue authenticator(default expiration 1 month, max 3 months)

Controlled Availability Release

For new prospects who wish to deploy eToken TMS 5.0 CA

CA Process Salesperson provides details of prospect and fills CA form,

available from Technical Support

Reviewed and approved by Authentication product management prior to approval

Receives extensive support and ongoing feedback

For details, contact: Opher Dubrovsky Opher.Dubrovsky@aladdin.com

Summary

eToken TMS and PKI Client make your authentication solution a reality!

Organization’s own user-repository utilized to handle full life-cycle token management

User administration of authentication devices is shifted from IT to HR and users

eToken solutions reduce identity and password management costs

eToken helps customers achieve regulatory compliance

Thank You

www.aladdin.comwww.safenet-inc.com