Download presentation
1
eToken PKI Client Overview
August 2009
2
Topics Covered in This Presentation
Certificate-Based Authentication – Your business enabler Introducing eToken What is the eToken PKI Client? Supported platforms
3
PKI Enables Business 24x7 secure access to sensitive business information Compliance with regulations Enhanced online services Digital signing of transactions Secure PCs and laptops
4
Growing Enterprise Usage
PKI is changing – from complex to practical Increasing usage of certificate-based applications SSL VPN Smart card logon Digital signing Data encryption “The original public-key infrastructure (PKI) vision is changing, moving key management functions ... to be close to applications that use the keys and to apply PKI technology to Web services security.” - Gartner, June 2007
5
The Key To a Successful PKI
PKI is based on a key pair assigned to an entity by a trusted authority: A private key A public key (digital certificate) The private key must be kept secret The PC environment is simply insecure!
6
The Solution: Smart Tokens
By using smart-card-based tokens you gain: Security – the private key never leaves the token Mobility – use your certificates and keys anytime, anywhere A broad platform - infrastructure for a broader solution “Gartner projects that [smart tokens] will become the single most common strong authentication method across enterprises by the end of 2010.” Gartner, June 2007
7
Introducing eToken
8
Aladdin eToken A variety of smart card tokens PKI supporting software
eToken enables secure and simple PKI implementation with: A variety of smart card tokens PKI supporting software Robust token life-cycle management system
9
Strong User Authentication
The eToken solution is based on simple, secure two-factor user authentication Something you have- The eToken device Something you know- The eToken password
10
eToken Strong Authentication Solutions
eToken PRO USB, reader-less smart card High level of security for strong user authentication and credential storage eToken PRO Anywhere Portable, reader-less smartcard token that enables secure access from just about anywhere eToken PRO Smartcard eToken PRO in smart card form factor eToken NG-OTP Award winning USB smart card token with One-Time Password generation capabilities eToken NG-FLASH USB smart card token with encrypted flash memory eToken Virtual Certificate-based two-factor software authentication security solution which provides full public key cryptographic functionality
11
eToken Supported PKI Solutions
Secure Network Access VPN Access Certificate-based authentication to VPN any VPN client that supports PKI authentication and smartcards Including Check Point, Cisco, MS-VPN, Nortel and others Web Access Secure web access using certificates for SSL authentication Smart Card Logon Network logon using certificates
12
eToken Supported PKI Solutions
Data Security Signing & Encryption Support for any mail application that supports PKI authentication and smartcards Including Outlook, Netscape, Mozilla, Lotus Notes, Mail (BlackBerry) and more Digital Signing Signing of sensitive transactions, documents, and s using certificates Provides non-repudiation
13
What Is eToken PKI Client?
14
eToken PKI Client eToken middleware
Links applications and eToken hardware and software authenticators Facilitates authentication using securely stored credentials Enables eToken usage for PKI based authentication, encryption, and digital signing Provides full local administration of eToken devices eToken middleware Enables communication between security applications and eToken devices Facilitates the authentication process using credentials securely stored on the token Enables eToken usage for PKI based authentication, encryption, and digital signing Supports a variety of PKI applications: VPN access, web access (SSL), signing and encryption, smartcard network logon, and more Provides full local administration of eToken devices Includes full local management of eToken devices (eToken Properties) Rename, change password, view certificates, initialize token, and more
15
eToken PKI Client Key Benefits
Highly secure and convenient certificate-enabled implementation Smart card security, strong two-factor authentication Private keys never leave the authenticator Mobile secure storage of keys and certificates Support for RSA 2048-bit keys Fit for diverse enterprise environments Flexible multi-platform support Windows, Linux, Mac, BlackBerry OS supported Full alignment and compatibility across platforms Localization and multilingual support Robust and transparent
16
eToken PKI Client Functionality
Recognizes the eToken as a smart card Registers the PKI Client as a CSP (Cryptographic Service Provider) Transparently integrates with PKCS#11 or CAPI based third-party applications Enables integrating eToken with security applications 2 drivers – 1 device, 1- virtual reader Sensitive cryptographic operations are carried out on-board the eToken device
17
eToken PKI Client Features
Supports day-to-day token management tasks Full local management of eToken authenticators Challenge-response mechanism for token unlocking Web based authenticator management support through TMS Token password security and administration tools Password quality settings stored on the token Flexible enforcement of the organization’s token password policy Password retry counter Password expiry notification Token initialization with an administrator password for token user password reset
18
eToken PKI Client Features
Support for employees who lose their authenticators while on the road Software-based eToken Rescue Secure – encrypted with AES key Time-restricted activation Activation via web (eToken TMS self-service) or help desk Support for one-factor authentication – ‘something you have’ only Localization and multilingual support Support for inputting data in all languages User interface available in a choice of languages
19
eToken PKI Client Deployment
Easy enterprise-wide installation and deployment Deployment using a logon script Command line installation Administrators choose features available to users Simple mode Advanced mode Straightforward integration with security applications and solutions offered by SafeNet and partners
20
End User Experience – Simple Mode
Easy-to-use and intuitive application for the users’ most common activities Rename eToken Change Password Unlock eToken Delete eToken View eToken info
21
End User Experience – Locked Token
User generates challenge data and reads it to the administrator Administrator generates a response with eToken TMS and transfers it to the user The user types in the response data and – voilà! All it takes is a single phone call to the administrator!
22
End User Experience – Exception Handling
Employee on the road but forgot her token at home All she needs to do is either: Enter the eToken user eToken TMS self-service web site and upload eToken Rescue, or Call the organization’s help-desk or administrator That’s it! No productivity loss! Imagine you’re on the road about to close an important deal but you forgot your token at home How can you access your files? All you need to do is enter the eToken user self-service web site and upload eToken Virtual, or call your organization’s help-desk or administrator That’s it! You have all the credentials you need on a software-based token Now you need only close the deal! eToken Rescue
23
Administrator Experience
Advanced tools for eToken management Initialize tokens, import certificates, and more Easy and secure enforcement of the organization’s password policies Password quality settings On-token password policy Intuitive and easy-to-use Tree view for simple navigation between objects Right-click menu for easy token management On-token password policy, defining the security level of the password on the device itself
24
Administrator Experience
Intuitively navigate and manage tokens Easily view and modify token content
25
Administrator Experience
Initialize token with simple, customizable tools Easily set and enforce password policies
26
Supported Platforms
27
eToken PKI Client for Windows
Generic integration with Microsoft CAPI and PKCS#11 enabled applications Supported operating systems Windows XP Windows Vista Windows Server 2003 Windows Server 2008 Supports Windows Server 32-bit and 64-bit platforms SDK to utilize and integrate third-party security applications with the eToken offering
28
Built-in Data Security with Windows Vista
Windows Vista EFS: Microsoft’s PKI-based encryption tool Encrypts and decrypts files and folders With eToken: EFS keys securely stored on-board eToken device Data stored on eToken NG-FLASH can be encrypted
29
eToken PKI Client for Linux
Support for PKCS#11 enabled applications Supported Linux distributions: CentOs 5.2 (32-bit and 64-bit) Red Hat 5.2 (32-bit and 64-bit) Fedora Core 9 (32-bit) SUSE 10.3 (32-bit) Ubuntu 8.04 (32-bit), 9.04 (32-bit) Supported browsers: Netscape, Firefox, Thunderbird Support for SSH Agent for convenient and secure access to the network SDK for third-party application integration
30
eToken PKI Client for Mac
Support for any Apple Keychain and PKCS#11 enabled applications Supported operating systems Mac OS X 10.4 (Tiger) Mac OS X 10.5 (Leopard) Supports smart card logon Supports smart card reader with eToken PRO Smartcard Supported browsers and mail applications include Safari, Thunderbird and Mail What’s new in eToken PKI Client 5.0 for Mac: Automatically recognizes eToken Virtual, when locked to a portable drive Enhanced password complexity with manual settings and character repeat count Extended encryption with support for 2048 RSA keys, including Java Cards using Applet 1.1 Note: Mac Power PC is not supported in this release. Mail signing and encryption with applications such as Mozilla, Netscape, Firefox and Thunderbird
31
NEW! eToken PKI Client for BlackBerry
Secure mobile authentication eToken PKI Client 5.0 for BlackBerry enables the BlackBerry® Smart Card Reader to communicate with eToken PRO (Java) smartcard How does it work? Users insert an eToken PRO (Java) smartcard into a Smart Card Reader and wear it on a lanyard, causing devices and computers to lock when the user is not in proximity. “Strong authentication choices are limited on the BlackBerry. Most users will work with a static password, and there is no selectable secondary requirement to enter a user ID… RIM does offer high security clients a Bluetooth smart card reader that clips to the back of the phone. The reader has the advantage of enabling the BlackBerry to act as a simultaneous Bluetooth token to unlock access to a user's PC.”
32
eToken PKI Client for BlackBerry Cont.
eToken PKI Client 5.0 and Smart Card Reader Features S/MIME Support Leverage your organization’s S/MIME infrastructure and enable your employees to digitally sign and encrypt messages on either their BlackBerry devices or computers to provide sender-to-recipient security. Advanced Security Features with BlackBerry® Enterprise Solution Supports advanced security features to meet IT and public sector requirements, including AES-256 encryption Wireless IT policy enforcement on devices Compatibility Supported Authenticator – eToken PRO (Java) Smartcard Supported Devices - BlackBerry device model 8100 or 8310 Supported Platforms – BlackBerry OS version 4.2 and higher Software Required - Smart Card Reader Software and S/MIME Support Package Note: The required BlackBerry smartcard reader software and S/MIME supporting modules are available from the “Software Download for BlackBerry Support” page on the BlackBerry website.
33
Thank you!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.