CorporateInformationSecurity Corporate Information Security User Identification & Logical Access Control

Corporate Information Security Logical Access Control – Heart of Security Efficient Control Mechanisms  User identification, authentication & authorization  Centralized user rights management  Logging & auditing

Corporate Information Security Passwords: Security Bottlenecks Most Likely Security Breaches  Easy to guess passwords  Same password for all applications  Password sharing  Not keeping passwords secret

Corporate Information Security Security Stats  Half of help desk calls are password- related Source: Lenovo  $ 150 per user annually - operating expenses for managing user accounts Source: SC Magazine  $ average cost of processing a single help desk call Source: Compulenta

Corporate Information Security Biometrics: Efficient & Reliable  Identification of a person, not of a password, token or card  Intuitive & easy to use technology  Non-repudiation of biometrically confirmed actions  Users do not have to know or remember passwords  No password sharing

Corporate Information Security Integration CorporateData AD Integration Shared Resources Workstations VPN Physical Access Applications T&A Internet

Corporate Information Security IDenium Purpose  Safeguard data against unauthorized access  Replace a vulnerable password system with biometric IDs

Corporate Information Security IDenium Functions  User Access Control  A fingerprint is a single key to network data, applications, & Internet  Secure Standby & screensaver modes  Support for Windows & Novell  Logging Access Events

Corporate Information Security IDenium Functions  Centralized User Management  One-time enrollment of users & credentials  Domain controller interaction  Network access from any network PC

Corporate Information Security Architecture User Account of a Specific Application Novell User Account Windows User Account CITRIX User Account Workstations Windows Domain Controller Applications & Web-applications Workstations and/or Clients CITRIX Server Novell Server Workstations Identification of Windows Users User Identification in Applications Identification of CITRIX Users Identification of Novell Users

Corporate Information Security IDenium for AD Windows Domain Controller Workstation 1234 Identification Server Microsoft Windows AD Database 1 Digital Fingerprint Template 2 Data Required for User Authentication 3 4 Synchronization

Corporate Information Security AD Integration IDenium is fully integrated into Active Directory (AD):  Centralized storage, protection & transfer of user ID data via AD tools  Centralized user rights management  BioLink tabs in ADUC BioLink - Enroll Tab

Corporate Information Security IDenium Components  Client SW  IDenium Windows Logon  Password Vault  Admin SW  Admin Pack  Synchronization Agent  Password Changer

Corporate Information Security IDenium Windows Logon  Verifying user identity when logging on to the OS or applications  User verification in other applications compliant with IDenium Windows Logon & Authenteon Server  Workstation unlocking by a fingerprint Workstation Unlocking

Corporate Information Security Password Vault  Replacing passwords with biometric IDs in applications & Internet  Script recording to replace a password  Several scripts for an application  Automated script execution upon successful fingerprint identification List of Scripts

Corporate Information Security Admin Tools  Admin Pack  Centralized enrollment of users & fingerprint data  Setting-up identification policies & other administrative tasks  Synchronization Agent  Synchronization of AD catalogue data & biometric ID data stored on Authenteon

Corporate Information Security Admin Tools  Password Changer  Generation of random passwords  Attaching new passwords to relevant user accounts & biometric IDs  Admin-defined generation frequency  No access to unauthorized users by stolen passwords

Corporate Information Security IDs Enrollment “Windows Security” window for users to enroll their fingerprint identifiers  Biometric IDs can be enrolled while adding a new user account in AD - when hiring a new employee, at administrator’s workplace.  Biometric IDs can be enrolled by users themselves at their workplaces when deploying IDenium.

Corporate Information Security Selection of Identification Policies Selecting an Identification Policy  User identification only by fingerprints is recommended for most users  User identification by a fingerprint OR password is recommended for administrators and security staff  Two-factor identification by a fingerprint AND password is recommended for the most sensitive data

Corporate Information Security Customization & Management Options Окно настройки сервиса IDenium Settings window  Add users (or user accounts), edit properties & delete  Enable/disable ID data caching  Hide the actual fingerprint image while scanning  Generate random passwords for Windows user accounts

Corporate Information Security Identification Servers  BioLink Authenteon  Software-and-hardware server  Hot swappable  Unlimited number of users  BioLink Authenteon Software Appliance (ASA)  Software server for MS Windows  Number of users – up to  Scalable

Corporate Information Security Biometric Scanners Scanning MethodOptical Scanning Window Size25.5 x 18 mm Scanning Speed15 fingerprints per second Resolution508 dpi False Acceptance Rate (FAR) (1 out of ) InterfaceUSB 2.0/1.1, Plug&Play, 2 m cable included

Corporate Information Security Biometric Scanners  Compact & ergonomic  Cost-effective & durable  Quickly attached to a computer  Ready for operation upon installation of BioLink IDenium  Used to secure corporate networks & stand-alone PCs

Corporate Information Security Biometric Scanners BioLink U-Match BioLink U-Match USB Scanner for Office Use  Dimensions (length x width x height): 45 x 63 x 26 mm  Weight: 120 g BioLink U-Match BioLink U-Match USB Scanner with a Card Reader  Supported smart card standards: ISO 7816, EMV 2000  Smart card power supply: 5 V, 3 V & 1.8 V  Transmission speed: up to 119 Kbps  Card type detection: automatic

Corporate Information Security IDenium Benefits  Data security increase  Cost-effectiveness  Scalability  Fault-tolerance  Ease of use

Corporate Information Security Data Security Increase  Reliable, accurate & quick user identification by distinct parameters  Eliminated threat of identification by lost/stolen identifiers  Multi-factor identification for sensitive data  Integration options for logical & physical access & T&A systems

Corporate Information Security Cost-Effectiveness  Faster access to protected resources  Biometric IDs never fail  Reduced admin load  Decreased access infrastructure management expenses

Corporate Information Security Scalability  Unlimited number of users  Server clusters & load balance options  Centralized installation & management  Seamless integration into legacy corporate systems

Corporate Information Security Fault-Tolerance  Hot swappable biometric ID servers  Data replication options  Local cache options in case of failed LAN

Corporate Information Security Ease of Use  One-time enrollment of users’ biometric data  Identification by any enrolled fingerprint  A fingerprints is a single key to resources & applications  User-friendliness

Corporate Information Security CorporateInformationSecurity Corporate Information Security User Identification & Logical Access Control Thank You!