eToken TMS 5.0 CA June 09

eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken TMS 5.0 – Release Highlights

Authentication Management Challenge The management of an authentication solution in an enterprise involves a number of interrelated elements:  Users Identities in the organization  Organizational policies Access rights for user groups; required security measures  Security devices Authentication devices provided to users  Security applications Applications to be used by each user (e.g. Network Logon, disk encryption)

1. New employee gets token upon arrival 2. Employee performs token self-enrollment 3. Employee starts working Organizational Policies Token Management System ERP System VPN Network Logon Life With a Management System And There’s Much More…

Why Use a Token Management System?  Reduce administrative errors (potentially costly!!) by streamlining processes  Reduce workload of your IT staff with automated processes and user self-service tools  Control your authenticator inventory and usage  Enhance user productivity  Fully audit token usage for regulatory compliance With a management system in place you can: Make your authentication solution a reality!

eToken TMS Token Management System

TMS Framework View  Robust system for deploying, managing and using authenticators  TMS links users, organizational policies, security devices & security applications

 Authenticator assignment  Authenticator enrollment  Authenticator revocation/ disablement  Authenticator update  Password reset/change  Authenticator replacement Authenticator Life-Cycle Management with TMS

TMS Management Components  The following web sites/services installed on the TMS server:  eToken TMS Management Center: TMS management site, used by administrator & helpdesk  eToken TMS Self Service Center: Self service site, used by corporate end users  eToken TMS Remote Service: Self service site for end users - for employees on the road in case of lost authenticators or forgotten passwords)  TPO Management Web Service: A web service - used by the TPO editor for configuring TMS settings

TMS Key Features (1)  Supports all eToken devices and applications  Integrated with Microsoft Active Directory, Microsoft SQL Server and OpenLDAP  Web-based user self-service, help desk, and administration tools  Open architecture  Supports security applications with configurable connectors  Supports solutions including: network logon, VPN, web access, secure , data encryption, boot protection, SSO, certificate management, IdM…  Robust SDK  Secure solution for employees on the road who lose/forget their authenticators

TMS Key Features (2)  Supports scalable, distributed administration  Management of multiple domains from a single web-based interface  Role-based administration  Different user data encryption keys for different domains  Full auditing and reporting capabilities  Supports clustering, redundancy, scalability – based on Microsoft Windows Server 2003 and IAS  Centralized client software deployment  Supports multiple client platforms: Windows, Linux and Mac OS

TMS Key Differentiators in the Market  A single life-cycle management system for your entire solution  Full integration with Microsoft Active Directory  Familiar and intuitive usage for administrators  Direct link with user data – no need to replicate  Fully integrated with AD user rules and policies  All user data are located and managed in one place  No proprietary server  Integration with multiple security applications + SDK  Flexibility to support current & evolving requirements  Designed for enterprises & managed service providers

TMS Business Value: MSSPs  Easily manage your customers’ solutions  Manage multiple customer domains from a single web-based interface  Allow local customer site management with web-based user and admin tools  Enable your customers to view reports online  Control activities with role-based administration  Permissions can be assigned per domains, OUs, groups, & tasks  Keep your customers’ data secure  Built-in user data encryption capabilities  Different encryption keys for diverse customer domains  High availability, non-stop service

TMS Business Value: Compliance  Excellent reporting tools  Set of built-in reports including: token usage, connected tokens, token inventory and status, attendance reports  Support for external reporting tools to generate other reports you may need  Full auditing capabilities  Complete event logs  Fully customizable alerts to track any irregular or problematic usage right when it happens  Enhanced internal data controls and protection of individuals’ privacy  Complete control over each administrator’s abilities  Advanced user data encryption capabilities

eToken TMS 5.0 Highlights

eToken TMS Highlights  Support for eToken PRO Anywhere  Support for eToken Virtual and MobilePASS (SoftOTP) products  Card printing support  Multi Forest Active Directory support  Novell eDirectory user store support  Simplified licensing mechanism - cross domain  Simplified installation and configuration (OTP*)  Updated platform support (Windows Bit)  Support for TMS 5.0 user token management in Linux & MAC  TMS Self service & TMS remote  Expanded TMS API  MS CA Based Key Archival support  Improved logging and error handling capability  Enhanced technical documentation

Authenticator Management  eToken TMS enables full life cycle management  Including TMSservice - End-user portal  The End-user site enables tasks such as:  Enroll a new authenticator  Update the content of an enrolled authenticator  Change/Reset eToken password  Disable/Enable an eToken  Replace a Lost/Damaged authenticator (including revocation)  Manage OTP authenticator including MobilePASS  Enroll eToken Virtual and eToken Virtual Temp

Post-Enrollment Self Management After successful authenticator enrollment, self-management options are added to the TMSService site. Maintenance Recovery OTP Management Soft tokens

eToken Virtual Deployment– Administrator Use Case Administrator enrolls eToken Virtual for a specific user from the TMS Manage. The only supported use case is enrollment to a removable flash device:  eToken TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.  eToken TMS is installed and all the required connectors are configured to enable eToken Virtual usage.  Administrator plugs in the user portable device and starts the enrollment process from the TMS Manage web site.  eToken Virtual is created on the portable device, locked and set with the initial user password.  Notification is sent to the user with the eToken Virtual password.  User receives the device and can use it for the authentication. 19

eToken Virtual – User Enrollment Use Case User accesses the TMS Service web site and enrolls eToken Virtual:  TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators.  TMS is installed and all the required connectors are configured to enable eToken Virtual usage.  User enters TMS Service web site to enroll eToken Virtual.  eToken Virtual is created on the user computer, locked and set with the user password OR user can enroll the eToken Virtual to a portable drive, based on the TMS TPO settings, configured by the administrator.  User can use the eToken Virtual for the authentication. 20 NOTE: NOTE: Admin Rights Required for eToken PKI Client Installation

MobilePASS – Enrollment and Usage  eToken TMS and MobilePASS license are acquired by the company to enable OTP using software authenticators.  Administrator enrolls MobilePASS authenticator for the user in the TMS Manage.  The user receives the MobilePASS authenticator, an activation code and PIN via , SMS etc..  The user installs the MobilePASS software.  The user enters the activation code and activates the software.  OTP is generated using the received PIN.  Using the OTP, the user logs on.

Additional software solutions using TMS:  eToken Virtual Temp  Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator  For each authenticator, the user can enrol one temporary virtual authenticator.  eToken Rescue  Users who lose their authenticators can create an eToken Rescue authenticator (default expiration 1 month, max 3 months)

Controlled Availability Release  For new prospects who wish to deploy eToken TMS 5.0 CA  CA Process  Salesperson provides details of prospect and fills CA form, available from Technical Support  Reviewed and approved by Authentication product management prior to approval  Receives extensive support and ongoing feedback  For details, contact: Opher Dubrovsky

Summary  eToken TMS and PKI Client make your authentication solution a reality!  Organization’s own user-repository utilized to handle full life-cycle token management  User administration of authentication devices is shifted from IT to HR and users  eToken solutions reduce identity and password management costs  eToken helps customers achieve regulatory compliance

Thank You