Ubisecure presentation short
-
Upload
charles-sederholm -
Category
Technology
-
view
465 -
download
5
description
Transcript of Ubisecure presentation short
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Your Partner in Identity and Access Management
IAM using UbisecureAuthentication, SSO, Federation,
Access control, Authorization and User management
UBISECURE SOLUTIONS, INC.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Ubisecure’s Vision
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Ubisecure’s vision
To be the preferred partner in providing authentication and authorization solutions, that enable secure business for the Extended Enterprise.
Extended Enterprise, see e.g. http://en.wikipedia.org/wiki/Extended_Enterprise
The Company
Partner
Partner
Partner
Customer
Customer
Customer
The The ExtendedExtended EnterpriseEnterprise
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Ubisecure’s mission
Ubisecure provides authentication and authorization solutions that securely unite partner companies, teams and content.
UNITINGBUSINESS
on theINTERNETSECURELY
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
UBISECURE SOLUTIONS, INC. Briefly
Ubisecure develops and markets software products for Identity and Access Management (IAM).
The Ubisecure product lines:Ubisecure CustomerID – providing Identity Management and Provisioning of the external users of the EnterpriseUbisecure SSO – providing Authentication and Access Control for Intranet, Extranet and Web ServicesUbisecure Trust – providing Federation for Intranet and Extranet Services
Current primary market area is Finland; Establishing market presence in Sweden;Other selected market areas are being investigated
Target customers are medium to large enterprises and government organizations
Established in 2002, products under development since 1999
Located in Espoo, Finland and Stockholm, Sweden
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Excellent Customer Relations is the heart of every company that wants to create profitable and durable relationswith its customers!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Smoothness and agility in creating new Business Concepts and new forms of co-operation is key to success for companies that want to create profitable and durable relations with its Business Partners!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Outstanding Business Performance
29% savings in developing each internet service-29%
500 times more cost efficient to register new customerx500
x100 100 times more cost efficient way to acquire new customer
UBISECURESSO
UBISECURECustomerID
UBISECURETrust
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Identities are Assets.
Don’t waste Your opportunity.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Grow your Business.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Effectivemanagement of
external identities
Automated user registration
Ubisecure Product Positioning: Business-Oriented IAM
Your Company
Low threshold foryour company to
developand launch
co-operation with selected
Business Partners
Business partners and Customers
SSOand federation
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Business Partners and Customers + Own organizationPublic Cloud + External Cloud + Internal Cloud
YourCompany
External Cloud
Public Cloud
Single Sign-On
Business Partners and Customers
AuthenticationFederationProvisioning
Out-of-band fed.JIT federation
User-driven federationSelf-registrationSelf-registration w. confirmation
Active DirectoryActive DirectoryActive DirectoryActive Directory
Internal Cloud
Own org
User-driven IAM-servicesWorkflow-driven IAM-services
Internal Services
External Services
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Customers in various segments
Public sector Industry, trade and service Finance and insurance
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Business challenge- Increase customer service- Increase admin efficiency- Reduce paper work- Improve control
CustomersPrivate & Companies
Local Insurance Group
Service 1
Service 2
Service 3
Lokalförsäkring – Improved self services
Local Insurance Group (Lokalföräkring)- The Local Insurance Group is Finland's 5th biggest non-life insurer in terms of premium income.
- Its market share is 9 per cent of Finnish direct insurance income.
- The Group has 545,000 customers and it has responsibility for almost 2 million policies.
- Customers are households, private individuals and SME companies in the expanding countryside and in urban area, especially in service industries. The group is the market leader for farm insurance.
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Service
Integration module
SolutionFunctionality: Self registration service, Delegated rights, Single-Sign-On, Authorization, Role based access, own AD/LDAP
Benefits: Secure and simple access to services 24/7 - Increased revenue
Outsourced identity management
Outsourced and flexible authorization between companies and people.
Reduce customer care costs
Improved customer satisfaction
Centralized audit capabilities of services
Standard based APIs for application integration
Easy and cost efficient deployment with Ubilogin Integration modules
Future: Prepared for business networking (federation)
Service
Service
Service
Integration module
Integration module
Integration module
Full automated self registration service
Local Insurance Group
CustomersPrivate & Companies
Lokalförsäkring – Improved self services
UbisecureSSO
UbisecureCustomerID
Delegating rights/mandates/power of attorney - Private & Company
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
Business challenge- Create a flexible means of issuing identities to customers,
organizations or citizens and authenticate them around the services.- Enable government agencies to reduce the cost of supporting
customers at the point-of-service and transfer services to the Internet.
Finnish societyPrivate & Companies
Finnish tax authority
Finnish Tax Authority – eGovernment service at its best
Service
Service
Service
Finnish Tax Authority- Finnish population is app. 5.3 million and the country have app. 370 000 registered companies.
- The Tax Administration collects approximately 2/3 of all taxes and tax-like payments in Finland.
- Business idea: The right tax at the right time. Secure and simple access to services 24/7.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Service
Integration module
SolutionFunctionality: Self registration service, Single-Sign-On, Authorization, Role based
access, Federation, own AD/LDAP
Benefits: 32+ millions transaction and ~760 M€ in savings per year!
Outsourced identity management - Reduced cost per transaction from 50€ to 0.1-0.15€.
More than 80% of the Finnish companies use the service every month.
More then 40% of the Finnish population use the service every month.
Secure and simple access to services 24/7. Effortless tax collection.
Automation of taxation data inflow.
Centralized audit capabilities of services
Outsourced and flexible authorization between companies and people.
Standard based APIs for application integration
Easy and cost efficient deployment with Ubilogin Integration modules
Service
Service
Service
Integration module
Integration module
Integration module
Automated self registration service - Company – Role based and delegating
Finnish tax authority
Finnish societyPublic & Private
UbiloginSSO+
Federation
UbilogineIDM
Finnish Tax Authority – eGovernment service at its best
The picture has been simplified, leaving out intermediate steps and messaging details for readers’ convenience!
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Case Retail: The Largest Retail Chain in Finland
LoyaltyPortal
Retail company
SAML SP
External authentication services
Active DirectoryActive DirectoryActive DirectoryActive Directory
Corporate IDP(hosted at
Service Provider)
User / Employee
using service
THE CHALLENGES THE SOLUTION THE BENEFITS
User authenticationSecurity with Ease of use Identity provisioning and
role-based access
Corporate Authentication and Federation w External AuthN
Automated Identity provisioning
Role-Based Access Control
Fast deployment of Strong Authentication
alternativesLow threshold to use services
New business concepts multiplying inflow of users
IntranetPortal
SAML SP
ExtranetPortal
SAML SP
Mul
tiple
cor
pora
te p
orta
ls a
nd s
ervi
ces
Thousands of external identitiesMillions of end-users (customers)
Active DirectoryActive DirectoryActive DirectoryActive Directory
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Case Itella: Postal and Information logistics services
LogisticsPortal
InformationLogistics company
SAML SP
External authentication services
Active DirectoryActive DirectoryActive DirectoryActive Directory
Corporate IDP(hosted at
Service Provider)
User / Employee
using service
THE CHALLENGES THE SOLUTION THE BENEFITS
User authenticationSecurity with Ease of use Identity provisioning and
role-based access
Corporate Authentication and Federation w External AuthN
Single Sign-OnDelegated and automated
Identity provisioning
Rapid service roll-out with no individual account provisioning
Low threshold to use secure services
New business concepts multiplying inflow of users
IntranetPortal
SAML SP
ExtranetPortal
SAML SP
Mul
tiple
cor
pora
te p
orta
ls a
nd s
ervi
ces
25 000 internal identitiesThousands of external identities
Millions of end-users (customers)
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Case Silta: HR-As-A-Service
HRAs-a-Service
SaaS provider
SAML SP
IAMAs-A-Service
External authentication services
Active DirectoryActive DirectoryActive DirectoryActive Directory
IAM-As-A-Service Provider
User / Employee
using service
THE CHALLENGES THE SOLUTION THE BENEFITS
User authenticationSecurity, Ease of use and
user acceptance of SaaS service
Intranet authentication +Windows-AD federation
-As-A-ServiceSSO from desktop to services
Rapid service roll-out with no individual account provisioning
Low threshold to use servicesSecure access to SaaS-services alsofrom outside the corporate network
Hundreds of customer organizationsThousands of customer identities
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Case eCraft: Collaboration Application-As-A-Service
THE CHALLENGES THE SOLUTION THE BENEFITS
User authenticationSecurity, Ease of use and
user acceptance of SaaS service
Intranet authentication +Windows-AD federation
-As-A-Service
SSO from the desktop to the cloudAuthorization information securelyZero user account administration
Collaboration AppAs-a-Service
SaaS provider
SAML SP
IAMAs-A-Service
Active DirectoryActive DirectoryActive DirectoryActive Directory
User / Employee
using service
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Integrator/Consultancy
Market strategy: The value chain
Ubisecure SaaS Provider
Customer
ProvidesUbisecure SSO and
Ubisecure CustomerIDAs-A-Service
User organization that has internal
apps and services as well as external
services for its external users
(Partners, Customers)
Implements and deploys the Service
in in Customer organization and
configuresUbisecure SSO and
Ubisecure CustomerID in the
customer environment
Develops and provides the
Ubisecure SSO and Ubisecure
CustomerIDproducts
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
The easy-to-deploy Single Sign-On
and Federation Solution
that provides Extensive Authentication and
Access Control for Intranet, Extranet and
Web Services.
Identify and Authorize.Enable secure business.
UBISECURECustomerID
UBISECURESSO
The identitymanagement solution
that enables outsourcing and delegation of
external user data managementto partners, customers and other
stakeholders.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
What problems does Ubisecure Single Sign-On solve?
1. USER AUTHENTICATIONInsufficient or unreliable user authentication
2. SINGLE SIGN-ON Multiple logon to applications during same session +Growing number of user IDs and passwords to memorize
3. APPLICATION-SPECIFIC ACCESS CONTROL Problems and flaws with multiple application-specific access control management and user management
4. KEY SECURITY ISSUES Security issues, e.g. strong user authentication require specialexpertise and experience and are typically difficult and expensive to deploy
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
What challenges does Ubisecure products solve?
“We needsecure
authenticationfor our
external users!We don’t wantour competitor
to accessour extranet!”
“We wantour partnersto have easy
Single Sign-Onaccess
to our extranetservices from
theirown domains
and their intranets!”
“We want to enable
new business conceptsspeedingup new
customer acquisition and
registration!”
“We wantto get rid of the identity
management hassle
with replication from multiple repositories!”
“We wantefficiency
in managementand accuracy
in accessby enabling delegated
managementof access
information, roles and attributes!”
UBISECURE
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
A complete set-up as SaaS for the Enterprise
YourCompany
External Cloud
Public Cloud
Single Sign-On
Business Partners and Customers
AuthenticationFederationProvisioning
Out-of-band fed.JIT federation
User-driven federationSelf-registrationSelf-registration w. confirmation
Active DirectoryActive DirectoryActive DirectoryActive Directory
Internal Cloud
Own org
User-driven IAM-servicesWorkflow-driven IAM-services
Internal Services
External Services
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
Ubisecure SSO is a Liberty Interoperable™ SAML 2.0 Product
The rigorous tests consisted of well-defined use-cases and test procedures
Confirm the security, trustworthiness and the interoperability of Ubilogin products
Proofs the security, flexibility and trust mechanisms also in networks of federated services from different parties
This test process was the technically the most demanding ever and the broadest in terms of use-cases
Many new requirements for the IdPand the SP were defined and tested
Ubisecure SSO passed interoptests in September 2008 as only European product!
Interop program arranged by Liberty Alliance
UBISECURESSO
UBISECURETrust
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. Confidential
UBISECURE SSO Authentication Methods
UBIKEYOTP MIDlet
UBIKEYSMS
UBIKEYOTP Printout
2316 53879899 42783320 89876539 84989848 2456
*)
SAML
CallSign
LDAP
*)
Active Directory
Mobile certificate
SQL
WS-Federation
RFID *)Biometric *)
*)
*)
*)
*)
*)
*)
*) Possible to use. Not readily available as Ubisecure SSO option.
Username+
password
One-TimePasswords
SMS-authentication
and others
Certificates, smartcardsand tokens
Operatorservices
Banks’ID-services
Federatedand other
UBISECURESSO
UBISECURETrust
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Example of federation
IDP-A
IDP-B
IDP-C
SP-B2
SP-C1
SP-C2
SP-A1
SP-A2
Federation ABC
SP-B1
SP-ABC
UBISECURETrust
This setup requires trust
relationship for SP-ABC with
all IDPsThis IDP-Proxy
setup only requires trust
relationship for SP-A2 with
IDP-A
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Federation with Cloud Services
IDP-M
SP-M3
SP-M4SP-M5
SP-M1
SP-M2
UBISECURETrust
Provides SSO user-experience from corporate intranet to all
Cloud-services used
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
Example of federation with ”The Works”
IDP-A
IDP-B
IDP-C
SP-B1SP-B2
SP-C1
SP-C2
SP-A1
SP-A2
Federation ABC+X
IDP-M+X
SP-M3
SP-M4SP-M5
SP-M1
SP-M2
IDP-RIDP-S
SP-S1
SP-S2
SP-R1
SP-R2
Federation RS+X
UBISECURETrust
Provides SSO user-experience from corporate
intranet to all services used, wherever they are
produced.Identities and well-managed
and used securely.
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
The CustomerID external identity lifecycle process
Initial registration:Self-service and/or
Delegatedentry of basic info
Identity verification
againstselected
Id-provider
Identity enrichmentusing
internal or externalattribute services/silos
Identity life-cycle management:Self-service
and/or Delegated
1 2 3 … …
UBISECURECustomerID
……
SQLActive DirectoryActive DirectoryActive DirectoryActive Directory
WebServices
www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com Copyright Ubisecure Solutions, Inc. All rights reserved. www.ubisecure.com © Copyright Ubisecure Solutions, Inc. All rights reserved.
THANK YOU!
Ubisecure Solutions, Inc.
www.ubisecure.com <firstname.lastname>@ubisecure.com
FINLAND: SWEDEN:Tekniikantie 14 WTC, Klarabergsviadukten 70, Box 70396 FIN-02150 Espoo S-10724 Stockholm
tel. +358-9-2517 7250fax +358-9-2517 7070
Registered in Espoo, Finlandreg. nr. FI1748721-4
Ubisecure paves the way for a smoother and safer Internet. Ubisecure software products enable new online business concepts and speed the growth of existing web-based operations by joining separate sites and services into larger trusted areas. The innovative products allow internet users to flexibly and securely move between online services – without encountering repeated login prompts. Ubisecure maintains an extensive network of partners that offer organizations advice, consulting and technical services; and provides high-level training in secure online business through the widely appreciated Ubisecure IAM Academy. Founded in 2002 in Finland, Ubisecure Solutions Inc. is a pioneering provider of standardized identity and access management solutions. For more information, please visit www.ubisecure.com.
Identify and Authorize.Enable secure business.