rsa security: authentication (ace server/securid)

Matt CollingsChannel Development Manager

Strong Authentication

RSA Security Inc. The Most Trusted Name in e-Security

• Market leader in authentication and encryption

• Rapidly growing force in PKI

• Most recognized brand in the industry

• Mantra for open, standards-based solutions

• Integrated, synergistic product lines

• RSA technical know-how, two decades of expertise

• Solid customer base

• Strategic partnerships across industry

• Strong channel relationships

• Global presence

• Professional services for the enterprise

And the list goes on...

Global Company

• 1,000+ employees worldwide

• Direct sales and SecurWorld channel partners in more than 45 countries

• 150 RSA SecurID Ready partnerships around the world, 230 RSA SecurID Ready Certified Products

• 40+ RSA Keon Ready Partnerships

• 600+ RSA BSAFE Partners worldwide

We Enable Secure e-Business by…

EnableEnable

Ensuring the authenticity of. . .

. . .in wired and wireless environments

People

DevicesTransactions

Ensuring Authenticity …

Secure e-Business ProcessSecure e-Business Process

… Means Solving these Problems

User IdentityUser Identity PrivilegesPrivileges

and and PersonalizationPersonalization

DataData PrivacyPrivacy

TransactionTransactionIntegrityIntegrity





With Enabling Technologies

AuthenticationAuthentication AuthorizationAuthorization EncryptionEncryption PKIPKI

Delivered in RSA Products





AuthenticationAuthentication AuthorizationAuthorization EncryptionEncryption PKIPKI

Cost of Not Having Strong Authentication

Revenue Revenue ImpactImpact

• ISP hacked, 100 hours of down timeBottom Line: $400,000 loss due to lost customers

• New York Times online hacked & down for 10 hrs Bottom Line: $250,000 loss in revenue

• Kevin Mitnick’s attacks cost companies almost $300M

DamageDamageCostsCosts

• Criminal hacking caused $123M in losses last year*

MaintenanceMaintenanceCostsCosts

• Password maintenance costs = $60+ per help desk call

* FBI, 3/99

RSA SecurIDIdentification vs. Authentication

IdentificationWho are you? “I am Matt Collings”

AuthenticationProve it.

“Matt Collings”

Authentication The Basics

• Something you know– Password– PIN– “mother’s maiden name”

• Something you have– Physical key– Token– Magnetic card– Smart card

• Something unique about you– Fingerprint– Iris– Face recognition

+ PIN+ PIN

Two-Factor User Authentication

SecurID Product Family Components

ACE / Agents

SecurID Authenticators

ACE / Server

Time-based Token Authentication

Login: mcollingsPasscode: 2468234836

PIN TOKENCODE

Token code: Changes every

60 seconds

Unique seed

Clock synchronized to UCT

PASSCODE = +PIN TOKENCODE

A Closer Look at Time Synchronization

SeedTime

354982354982

RSA RSA ACE/ServerACE/Server

AuthenticatorAuthenticator

Algorithm

SeedTime

354982354982

Algorithm

Same SeedSame Seed

Same TimeSame Time

RSA ACE/ServerArchitecture

SecondarySecondaryPrimaryPrimary

AutomaticAutomatic

UpdatesUpdates

The Expanding RSA SecurID Family

• RSA SecurID hardware tokens

• RSA SecurID software tokens

• RSA SecurID smart cards

• RSA SecurID for the Palm

Computing Platform

• RSA SecurID for WAP devices

Provides for building access via magnetic

stripe or proximity chip (HID, Mifare,…)

Building Access

Building Access

Supports dynamic loading and unloading of additional applications, like e-purse,

loyalty, …

Value-added ApplicationsValue-added Applications

Supports the US Federal Government’s Common Access Card initiative

CAC Support CAC Support

Offers the power of RSA’s SecurID Passage smart

card software

Passage Applications

Passage Applications

Employee Badge

Employee Badge

Offers personalization with photo ID, logos, signature panel, …

The Passage Smart Card- A platform for authentication and more

Provides on-card key generation, crypto co-processor, and secure

storage of PKI credentials

PKI Credentials

PKI Credentials

Multi-applicationPlatform

Multi-applicationPlatform

JavaCard and Open Platform compliant, on-chip

USB engine in 2002

PassageSmartCard

PassageSmartCard

6

RSA Security Solutions

RSA SecurID

RemoteAccess

VPNs

e-Business EnterpriseAccess

Solutions from RSA Security

Web Server

Firewall

RSA ACE Server

RAS

Intranet

Mainframe

Enterprise

UNIXRSA Agent

Remote Access

InternetRSA

Agent

Internet Access e-Business

RSA Agent

Enterprise Access

RSA Agents

Dial-Up InteroperabilityRSA SecurID Ready Partners

RSA ACE Server

RAS

Intranet

Mainframe

Enterprise

UNIXRSA Agent

Remote Access

3Com

Access Beyond

ACT Networks

Apple Computer

Ascend

Attachmate

BinTec

Cabletron

Cisco

Citrix Systems

Compaq

Digi International

Emulex

FORE Systems

Funk Software

Gandalf Technologies

Hewlett-Packard

IBM

ITK

Kasten Chase

Lantronix

Livingston (AT&T)

Microsoft

NextCom

Nortel Networks

Novell

Perle Systems

PFU Ltd.

RAScom

Shiva / Intel

Soliton Systems K.K.

Xyplex Networks

VPN / Firewall Interoperability SecurID Ready VPN & Firewall Partners

Firewall /VPN

RSA ACE Server

Intranet

Mainframe

Enterprise

UNIX

InternetRSA

Agent

Internet Access AltaVista

Ascend

Aventail

Check Point

Fortress

IBM

InfoExpress

Internet Devices

Indus River

Nortel Networks

RedCreek

Semaphore

Shiva / Intel

Sun

TimeStep

TIS

V-ONE

VPNet

ANS

Ascend

Axent (Raptor)

Check Point

Cisco

CyberGuard

IBM

Internet Dynamics

Milkyway Networks

NEC Technologies

Netscreen

Net Associates (TIS)

Secure Computing

Sun Microsystems

Technologic

WatchGuard

Virtual Private Networks Security Environment (Non IPSec)

Encrypted tunnel through public network

Who’s at the other end of

the line?

Corporate Network

Internet

VPN Client

VPN Gateway

Virtual Private NetworksRSA SecurID Benefits

Feature Benefit

Positive identification of users Authentication ensures security for VPN access

Broad range of authenticators Fits a road warrior’s arsenal of tools for user convenience

Easy to use Simple user execution and single method of login

Interoperability and investment protection

Integrates with all major VPN products

Scalability Scales to 100,000’s of users

Flexibility Works with or without PKI

What is Public Key Infrastructure?

• Framework for using public/private keys

• Issues, stores, revokes digital certificates

• Establishes trust relationships among employees, suppliers, customers

• Provides security for existing applications and environments

• Enables new applications and commerce opportunities

• Enables new uses of existing applications

What PKI Provides

• AuthenticationAuthentication to ensure parties are who they say they are

• PrivacyPrivacy to protect sensitive information

• AuthorizationAuthorization to ensure parties can access specific information

• IntegrityIntegrity to guarantee the transaction is not altered

• Non-repudiationNon-repudiation to prove the transaction occurred

PKI Components

• Public/private key pair

• Digital certificate

• Certificate authority

• LDAP directory

• Authentication device

RSA Keon Desktop

Web app.

e-mail

RSA Keon PKI Solutions

Applicationserver

(e.g.SAP)

RSA Keon Security

Server

RSA BSAFEPKI-enabled app.

RSA SecurIDAuthenticator

RSA Keon Agent

RSA Keon RA

RSA Keon CA

6

Secure DirectorySecure Directory

Save toSave toSecureSecure

DirectoryDirectory

AutomaticallyAutomaticallyEncryptedEncrypted

Create FileCreate File

Transparent File Encryption Keon Desktop

The Most Trusted Name in e-Security

WWW.RSASECURITY.COM

rsa security: authentication (ace server/securid)

Documents