Trusted Identity & Access Management The Next Critical Step.
-
date post
15-Jan-2016 -
Category
Documents
-
view
217 -
download
0
Transcript of Trusted Identity & Access Management The Next Critical Step.
Trusted Identity & Access Management The Next Critical Step
People and Devices
Information and Transactions
IdentifyUsers and
Devices
Manage/Personalize
Access
EnsureIntegrity of
Transactions
EnsureIntegrity of
Information
AuthenticationAccess
Management Encryption Digital Signatures
Application Integration
Identity Provisioning
Management
RSA Market Presence
RSA Authentication SolutionsHigh-Level Differentiation
RSA Security Authentication
Solutions
Hardware Token
Software Token
Virtual Token
Smart Card / USB Token
Two-Factor Authentication
Yes Yes Yes Yes
Additional Client Requirements
None Software Seed record
SMS Service Agreement
Software Reader
Portability Works Anywhere Works Anywhere Works in Service Coverage Area
Infrastructure Required
Form Factors Standard Card Pin Pad Card Key Fob
PC (Windows) PDA (Palm, CE) Phone (Ericsson,
Nokia, DoCoMo) SDK (C++, Java)
Mobile Phone (phone =
display only) Various
Multiple Use No Host Device =
General-Purpose Platform
Mobile Phone & Authenticator
Corporate Badge Network Credentials Physical Access Stored Value
Distribution Requirements
Token Software Seed Record
Nothing
Smart Card Reader Software Certificate or Seed Record
+ PIN+ PIN
Two-Factor User Authentication
Building the Authentic User
• Certificates bind digital identities to transactions and provide data integrity
• Authentication binds people to their digital identities
“Let’s meet next week to discuss our merger. As you know our common stock allocation needs to be handled carefully. This is a critical time - any leakage of the Far East situation could be catastrophic”
“Let’s meet next week to discuss our merger. As you know our common stock allocation needs to be handled carefully. This is a critical time - any leakage of the Far East situation could be catastrophic”
“ ’
”
“ ’
”
Password
• Enablement of applications to securely process “real-world” business rules is achieved via Cryptography
• Authorization enables a digital identity access to services according to policy
Time-based Token Authentication
Login: JSMITHPasscode: 2468234836
PIN TOKENCODE
Token code: Changes every
60 seconds
Unique seed
Clock synchronized to UCT
PASSCODE = +PIN TOKENCODE
RSA SecurID Two-factor User Authentication
• Proven & pervasive— 12 million+ users in 8,000 companies
— 220 RSA SecurID-ready products from 100+ partners
• SecurID Express deployment service• Scalable to 3000,000s of users• Broad range of authenticators• RSA SecurID and hybrid PKI
— RSA SecurID, Web Agent and SSLprovide secure communication with no special client SW
Tokens do a Simpler Job...
• Identification &
Authentication
• No client software
required
• Very simple to use and
deploy
Firewall
RAS
IntranetInternet
Intranet
Mainframe
Enterprise
Unix
Web Server
ApplicationsApplications&&
ResourcesResources
RAS
RSA Agent
Remote AccessRemote Access
RSA ACE/Server
Internet
RSA Agent
Internet Internet AccessAccess
VPN or Firewall
E-BusinessE-Business
Enterprise Enterprise AccessAccess
How Customers Use RSA SecurID
RSA SecurID 5100
RSA Smart Badging
Building AccessProximity Mag-StripeBadgingAccess
RSA SecurID PassagePartners HID
PC AccessPC
NetworkWeb and
Web App.Access
CAC Approved
Windows-based Application SSO 1st Time Access
Step 2 Train Passage
1. User clicks “Learn”
2. User enters application information
1. User puts card in reader
2. Enters PIN
3. Clicks on application
Step 1 PC Login
3. User gains access to application
Introducing RSA Mobile
• Upon receiving a valid username and PIN, RSA Mobile sends a one-time access code to the user's portable device.
• Two-factor authentication • Leverages a device the user already has• Zero-deployment, zero-footprint• Intuitive, easy to use and highly portable
Userid + PIN
Web Server
Agent
RSA Mobile Authentication
Server
e-Mail Server or Gateway Server
TelcoNetwork
Access code+ Phone #
Access code294836
Access code294836 Text Message
Userid + PIN
How RSA Mobile works
Userid + PIN
Access code294836
Start here
User Authentication (IV)
Certificate Management Solutions
— RSA Keon Web Server SSL• Enabling cost-effective trusted server authentication
— RSA Secure e-Forms Signing• Enables trusted transactions for streamlined business processes
— RSA Secure e-Mail • Enables trusted messaging for streamlined business processes
— RSA Smart Badging• Combining physical and logical access for an enhanced ROI
RSA Keon Web Server SSLSolution
• Solution components include:• RSA Keon CA• RSA Keon Root Signing• RSA Professional Services
• Functions:— Enables organizations to issue & manage SSL certificates— Alternative to service-based SSL model
• Business Benefits:— Improved total cost of ownership— Rapid return on investment — Accelerated deployment and ease of use— Trusted foundation for deployment of secure e-business
RSA Secure e-Forms Signing Solution
• Solution components include:• RSA Keon CA• RSA e-Sign – Downloadable, zero-footprint applet• RSA Keon Web Passport optional
• Functions— Demonstrates intent— Authenticates the signer— Assures the integrity of signed data— Supports non-repudiation
• Benefits— Prevents “breakage” in e-business processes— Enhanced e-based revenue opportunities— Support for legislative compliance
INVISIBLE TO USER
RSA Secure e-Mail Architecture
e-Mail Client
Enroll for digital certificate RSA Keon CA with OneStep
Certificate issued & e-mail configuration scripted
e-Mail configuration script publishes certificate information into Microsoft Global Address List
G.A.L.
Agenda
• Identity Management
— Define the term
— Explore the value
— The evolution
• RSA Security’s role in Identity Management
— “Trusted Identity and Access Management”
• The Liberty Alliance project
• Summary
Let’s Define the Term
• “Identity management is a process, rather than a function, inclusive of provisioning new users, executing the work flows needed to grant access, and managing application use.”
• “…identity management needs to focus on the user’s entire security lifecycle.
AMR Research – June 2002
To succeed, it must also infuse TRUST.
Trusted Identities:Coupling Identity and Access Management
• An un-trusted identity won’t be of use to anyone
• How do you establish a trusted identity?
— Authentication
• Identity and access privileges are tightly coupled
— Who I am and what I can do
— Separate but related
• The line between authentication, proof of identity, and access management begins to blur
Automating Account Creation & Termination
Storage & Retrieval
Where’s the Real Value?
Enforcing Business Policy
Establishing Trust in Identity
InteroperabilityApplications, Networks
Trusted Identity & Access ManagementRSA Security’s View
• What it is
— Intelligent use of identity
— Ability to securely manage the full lifecycle of an on-line or digital identity
• What it is not
— It’s not simply the ability to store or provision digital identities
Trusted Identity & Access Management Benefits
• Enables cross-domain relationships
• Improved user experience
• Enables interoperability
• Reduced management costs
• Better policy enforcement / improved security
Putting the Value into PerspectiveAn Analogy
An ERP installation requires the SAP software and an underlying database engine like Oracle.
Both are required.
Which one provides the most business value to the organization?
Trusted Identity & Access Management The Evolution
Va
lue
De
liver
ed
Adoption Timeline
• Supply chain integration• Shared leads – CRM• Inventory and fulfillment• Channel optimization
• Real-time B2B negotiations and transactions
• Consumer single sign-on
• Shared security infrastructure
• Transaction context sharing
• Cost savings
• Ease of use/efficiency
Future Application
Immediate Application
Outward-facing
e-Commerce
Outward-facing
e-Commerce
Partner CommunityPartner Community
Within the EnterpriseWithin the Enterprise
Liberty Alliance Membership Partial List
www.projectliberty.org
RSA Security and Standards for Identity Management
• Liberty Alliance
• SAML
• .Net (Microsoft)
• Web Services RSA Security will bridge Identity
Management platforms by
providing higher level security and
integration across multiple,
heterogeneous environments.
Summary
• Identity management is a process
• Value is in establishing trust in identity and enforcing business policy
— “Trusted Identity & Access Management” is the intelligent use of identity and the ability to securely manage the full lifecycle of an on-line or digital identity
• RSA Security is uniquely positioned to provide Trusted Identity and Access Management solutions
— RSA Security will bridge all Identity Management platforms by providing higher level security and integration across multiple, heterogeneous environments
The Most Trusted Name in e-Security®
www.rsasecurity.com
Christopher May
A+ Technology Solutions, Inc.
Phone# 877-797-6197, ext. 2238