Trusted Identity & Access Management The Next Critical Step

People and Devices

Information and Transactions

IdentifyUsers and

Devices

Manage/Personalize

Access

EnsureIntegrity of

Transactions

EnsureIntegrity of

Information

AuthenticationAccess

Management Encryption Digital Signatures

Application Integration

Identity Provisioning

Management

RSA Market Presence

RSA Authentication SolutionsHigh-Level Differentiation

RSA Security Authentication

Solutions

Hardware Token

Software Token

Virtual Token

Smart Card / USB Token

Two-Factor Authentication

Yes Yes Yes Yes

Additional Client Requirements

None Software Seed record

SMS Service Agreement

Software Reader

Portability Works Anywhere Works Anywhere Works in Service Coverage Area

Infrastructure Required

Form Factors Standard Card Pin Pad Card Key Fob

PC (Windows) PDA (Palm, CE) Phone (Ericsson,

Nokia, DoCoMo) SDK (C++, Java)

Mobile Phone (phone =

display only) Various

Multiple Use No Host Device =

General-Purpose Platform

Mobile Phone & Authenticator

Corporate Badge Network Credentials Physical Access Stored Value

Distribution Requirements

Token Software Seed Record

Nothing

Smart Card Reader Software Certificate or Seed Record

+ PIN+ PIN

Two-Factor User Authentication

Building the Authentic User

• Certificates bind digital identities to transactions and provide data integrity

• Authentication binds people to their digital identities

“Let’s meet next week to discuss our merger. As you know our common stock allocation needs to be handled carefully. This is a critical time - any leakage of the Far East situation could be catastrophic”

“Let’s meet next week to discuss our merger. As you know our common stock allocation needs to be handled carefully. This is a critical time - any leakage of the Far East situation could be catastrophic”

“ ’

”

“ ’

”

Password

• Enablement of applications to securely process “real-world” business rules is achieved via Cryptography

• Authorization enables a digital identity access to services according to policy

Time-based Token Authentication

Login: JSMITHPasscode: 2468234836

PIN TOKENCODE

Token code: Changes every

60 seconds

Unique seed

Clock synchronized to UCT

PASSCODE = +PIN TOKENCODE

RSA SecurID Two-factor User Authentication

• Proven & pervasive— 12 million+ users in 8,000 companies

— 220 RSA SecurID-ready products from 100+ partners

• SecurID Express deployment service• Scalable to 3000,000s of users• Broad range of authenticators• RSA SecurID and hybrid PKI

— RSA SecurID, Web Agent and SSLprovide secure communication with no special client SW

Tokens do a Simpler Job...

• Identification &

Authentication

• No client software

required

• Very simple to use and

deploy

Firewall

RAS

IntranetInternet

Intranet

Mainframe

Enterprise

Unix

Web Server

ApplicationsApplications&&

ResourcesResources

RAS

RSA Agent

Remote AccessRemote Access

RSA ACE/Server

Internet

RSA Agent

Internet Internet AccessAccess

VPN or Firewall

E-BusinessE-Business

Enterprise Enterprise AccessAccess

How Customers Use RSA SecurID

RSA SecurID 5100

RSA Smart Badging

Building AccessProximity Mag-StripeBadgingAccess

RSA SecurID PassagePartners HID

PC AccessPC

NetworkWeb and

Web App.Access

CAC Approved

Windows-based Application SSO 1st Time Access

Step 2 Train Passage

1. User clicks “Learn”

2. User enters application information

1. User puts card in reader

2. Enters PIN

3. Clicks on application

Step 1 PC Login

3. User gains access to application

Introducing RSA Mobile

• Upon receiving a valid username and PIN, RSA Mobile sends a one-time access code to the user's portable device.

• Two-factor authentication • Leverages a device the user already has• Zero-deployment, zero-footprint• Intuitive, easy to use and highly portable

Userid + PIN

Web Server

Agent

RSA Mobile Authentication

Server

e-Mail Server or Gateway Server

TelcoNetwork

Access code+ Phone #

Access code294836

Access code294836 Text Message

Userid + PIN

How RSA Mobile works

Userid + PIN

Access code294836

Start here

User Authentication (IV)

Certificate Management Solutions

— RSA Keon Web Server SSL• Enabling cost-effective trusted server authentication

— RSA Secure e-Forms Signing• Enables trusted transactions for streamlined business processes

— RSA Secure e-Mail • Enables trusted messaging for streamlined business processes

— RSA Smart Badging• Combining physical and logical access for an enhanced ROI

RSA Keon Web Server SSLSolution

• Solution components include:• RSA Keon CA• RSA Keon Root Signing• RSA Professional Services

• Functions:— Enables organizations to issue & manage SSL certificates— Alternative to service-based SSL model

• Business Benefits:— Improved total cost of ownership— Rapid return on investment — Accelerated deployment and ease of use— Trusted foundation for deployment of secure e-business

RSA Secure e-Forms Signing Solution

• Solution components include:• RSA Keon CA• RSA e-Sign – Downloadable, zero-footprint applet• RSA Keon Web Passport optional

• Functions— Demonstrates intent— Authenticates the signer— Assures the integrity of signed data— Supports non-repudiation

• Benefits— Prevents “breakage” in e-business processes— Enhanced e-based revenue opportunities— Support for legislative compliance

INVISIBLE TO USER

RSA Secure e-Mail Architecture

e-Mail Client

Enroll for digital certificate RSA Keon CA with OneStep

Certificate issued & e-mail configuration scripted

e-Mail configuration script publishes certificate information into Microsoft Global Address List

G.A.L.

Agenda

• Identity Management

— Define the term

— Explore the value

— The evolution

• RSA Security’s role in Identity Management

— “Trusted Identity and Access Management”

• The Liberty Alliance project

• Summary

Let’s Define the Term

• “Identity management is a process, rather than a function, inclusive of provisioning new users, executing the work flows needed to grant access, and managing application use.”

• “…identity management needs to focus on the user’s entire security lifecycle.

AMR Research – June 2002

To succeed, it must also infuse TRUST.

Trusted Identities:Coupling Identity and Access Management

• An un-trusted identity won’t be of use to anyone

• How do you establish a trusted identity?

— Authentication

• Identity and access privileges are tightly coupled

— Who I am and what I can do

— Separate but related

• The line between authentication, proof of identity, and access management begins to blur

Automating Account Creation & Termination

Storage & Retrieval

Where’s the Real Value?

Enforcing Business Policy

Establishing Trust in Identity

InteroperabilityApplications, Networks

Trusted Identity & Access ManagementRSA Security’s View

• What it is

— Intelligent use of identity

— Ability to securely manage the full lifecycle of an on-line or digital identity

• What it is not

— It’s not simply the ability to store or provision digital identities

Trusted Identity & Access Management Benefits

• Enables cross-domain relationships

• Improved user experience

• Enables interoperability

• Reduced management costs

• Better policy enforcement / improved security

Putting the Value into PerspectiveAn Analogy

An ERP installation requires the SAP software and an underlying database engine like Oracle.

Both are required.

Which one provides the most business value to the organization?

Trusted Identity & Access Management The Evolution

Va

lue

De

liver

ed

Adoption Timeline

• Supply chain integration• Shared leads – CRM• Inventory and fulfillment• Channel optimization

• Real-time B2B negotiations and transactions

• Consumer single sign-on

• Shared security infrastructure

• Transaction context sharing

• Cost savings

• Ease of use/efficiency

Future Application

Immediate Application

Outward-facing

e-Commerce

Outward-facing

e-Commerce

Partner CommunityPartner Community

Within the EnterpriseWithin the Enterprise

Liberty Alliance Membership Partial List

www.projectliberty.org

RSA Security and Standards for Identity Management

• Liberty Alliance

• SAML

• .Net (Microsoft)

• Web Services RSA Security will bridge Identity

Management platforms by

providing higher level security and

integration across multiple,

heterogeneous environments.

Summary

• Identity management is a process

• Value is in establishing trust in identity and enforcing business policy

— “Trusted Identity & Access Management” is the intelligent use of identity and the ability to securely manage the full lifecycle of an on-line or digital identity

• RSA Security is uniquely positioned to provide Trusted Identity and Access Management solutions

— RSA Security will bridge all Identity Management platforms by providing higher level security and integration across multiple, heterogeneous environments

The Most Trusted Name in e-Security®

www.rsasecurity.com

Christopher May

A+ Technology Solutions, Inc.

Phone# 877-797-6197, ext. 2238