Embed Size (px)
Citation preview
© 2006. ASSA ABLOY. All rights
reserved.
Data Connectors
HID Global
January 2010
Overview: ASSA ABLOY
• The worldwide leader in locking solutions• Annual revenues of $4.5 billion• 150 companies in 40 countries• Over 30,000 employees • Dedicated to meeting customer needs for safety,
security, and convenience
About HID Global
• Part of ASSA ABLOY’s Global Technologies Division
• Global leader in solutions for the delivery of secure identity
• Award-winning products are used in over 70% of Fortune 1000 companies
• The most highly recognized brand in the security industry worldwide
• Over 500 million cards and 6 million readers active
• Over 1900 employees globally
secure identity
Our Core Businesses
Identity and Access Management
Physical access control
Logical access
Secure issuance
Cards Readers Networked
Solutions Card Printers Software
Identification
Solutions
eGovernment
Cashless payment
Industry and logistics
Animal ID
Transponders Inlays Readers
HID Connect
Global partner program Reader modules Developer kits Tags Fobs Inlays
APPLICATIONS PRODUCTSBUSINESSES
solu
tions
HID Connect Partner Program
PRODUCTS• OEM Reader Modules and Boards• OEM Development Kits
PARTNER SOLUTIONS• Time and attendance• Cashless vending• Parking control• Biometrics • Mobile verification• Photo ID printing• Many others
TECHNOLOGIES• HID Prox• Indala Prox• HID iCLASS
COMPANIES• Over 100 active
development partners worldwide
• Co-marketing
PEOPLE• HID Connect Team coordinates
worldwide sales and support activity • Annual iNNOVATIONS conferences
Primary Markets
Government EducationRetail Healthcare
• US Gov PIV
• EU Parliaments
• National ID
• Licensing
• Corrections
• Airports
• Passports
Cards ReadersPrinters SoftwareControllers
• Managed Access
• Loyalty
• Gift Cards
• Club Membership
• Employee ID
• Access Control
• Two Factor
Authentication
• Time & Attendance
• Student ID
• Library
• Debit
• Services
• Employee ID
• Facility Access
• Data Access
• Time & Attendance
• Biometrics
• Parking Control
Corporate
New Solutions for Secure Identity
HID Global
Executive Overview
• HID on the Desktop™ (HOTD) is a suite of solutions designed to strengthen the overall security of a Microsoft Windows desktop log-on by using Two-Factor Authentication.
• Two-Factor Authentication: something the user has (their HID card), and something that the user knows (the PIN associated with that card)
• A more secure solution then username/password that is typically used today
Why HID on the Desktop?
• Over 500M HID Cards active worldwide• Unique position to add more functionality
• Natural extension of security at the door• Already using the card for ID and access• Address a problem that most organizations
deal with on a daily basis
• Users already comfortable with card• No need to train on new technology
• Easy to deploy
• Limited risk50% of the solution is already in your customer’s hands today!
The Value Proposition
Open Doors. Open Doors.
HID customers have enjoyed the ease of opening doors with contactless cards for decades
Open Doors. Open WindowsOpen Doors. Open Windows®®..
HID customers have enjoyed the ease of opening doors with contactless cards for decades…
HID on the Desktop™ brings that same convenience to opening Windows®
HID on the Desktop
• Convenient – ATM like transaction for PC logon
• Secure – Password replacement solution that enforces two-factor
authentication at the desktop
• Cost Effective
• Username and Password – Status Quo – Do nothing – Analysts say that using passwords can cost $ 65 - $ 120 per user, per year
• Biometrics – Fingerprint or Facial – Still have not been able to deliver enterprise ready solutions for
authentication at a cost effective price point
• One Time Password Tokens– $50 to $100 per user– Three Year agreement – Typically used for REMOTE authentication only
• PKI using Contact Smart Cards / eTOKEN– PKI based using contact smart card or USB Stick with SIM– $ 50 plus software – Have to carry additional device ( USB Stick or 2nd Card )
Current Strong Authentication Landscape
HOTD Unique Selling Points
Compliance
Customer Value
Sim
ple
To D
eplo
y
Convenient
And E
asy To Use
• When Compliance Matters• HIPAA / HITECH Act• CJIS Criminal Justice Information System
• Shared Workstations• User Roaming• Market Verticals
– Healthcare– Manufacturing– Police & Local Government– Energy and Utilities– Colleges and Schools
Market FocusMarket Focus
HID on the Desktop - Value Proposition
• Convenience - Convenience - Users are able to log-on to their computers more easily
• Compliance- Compliance- When compliance matters for audit, PCI, SOX, HIPAA / HITECH Act
• Improved risk management - Improved risk management - IT will significantly reduce the probability of a security breach with limited stress on their resources
• Security at a low TCO - Security at a low TCO - Companies will have a more secure system with lower investment and low maintenance cost
Physical / Logical Convergence
• End users want a single credential that supports both physical and logical access control requirements.
• Organizations are seeking:• Meeting Compliance requirements• Minimizing Risk• Increased convenience for end users• A higher level of security• Simplified card management• Overall cost savings
Recent Market Study July 2010
HID Global lead generation
HID Global, in conjunction with CSO magazine, is driving awareness in the IT space regarding our converged solutions
The Components
The Components
HID on the Desktop requires only three components:
naviGO Software •Provides the management and provisioning of cards used on the desktop.
•naviGO is equivalent to access control software that manages and provisions cards used at the door.
Desktop Readers•125 kHz (Prox Only Readers)•13.56 MHz (iCLASS Only Readers)•Or Combined Contact/Contactless Readers
Cards•Prox, iCLASS, MIFARE, DESFire and/or Crescendo cards
•Crescendo cards use middleware or a Microsoft mini driver included with the card.
A New Solution for Secure Identity A New Solution for Secure Identity
The Corporate Environment
Microsoft
Certificate
Authority
naviGO
Server
smart card reader
smart card reader
Employee
Microsoft
Active Directory
PC or laptop
Microsoft
MIIS Web Portal
The Components
The Cards
HID cards for Physical and Logical Access
HID Prox• 125 kHz card and tags• Read only card uses
unique number to identify user.
• Number is combined with a PIN for strong-authentication
iCLASS • 13.56 MHz cards and
tags • Read/Write card uses
mutual authentication between the card and the application.
• Card validates mutual key and securely transmits serial number, token data and token hash value to the application.
• Values are matched with PIN for authentication.
Crescendo• Multi-Technology card
combines Prox & iCLASS technology with a contact chip
• Middleware included • Card transmits digital
certificate from trusted CA and validates PIN on card.
• If valid, user is logged on using key exchange.
• Two major contactless technologies– 125 kHz ( HID Prox )
• Legacy • 20 years old
– 13.56 MHz ( HID iCLASS ) or ( Mifare or DesFire )• New industry standards• Always go with iCLASS if they do not have a solution in
place
• There are some notable differences between how HID technology is used for Physical Security versus Logical Security
HID Technology 101
Smartcard Technology
Contactless 13.56 MHz Chip - iCLASS® - MIFARE®
Contact Smart Chip
With or without applet
125 kHz Prox Contactless Chip
Contactless Antennae
Two Types of Crescendo Cards
MICROSOFT
® – Plug and Play
Supports Microsoft Mini Driver
Program
Requires no middleware installation as
support is built into Microsoft Operating
Systems
C200C200
C700C700
• Supports PKCS#11 and MSCAPI third-party based applications
• Supplied pre-initialized with the required on-card software
• No per-seat middleware licenses required
If an organization decides to implement a Microsoft Certificate Authority based PKI for logical access control, HID’s Crescendo™ smart card delivers the most cost effective, single badge solution, available on the market today.
• Off the shelf card, short lead times, low minimum order quantity• Secure – Standards based• Flexible – works with multiple applications• Affordable – Lowest TCO for a single badge multi-technology solution • Replace expensive OTP solutions that provide limited benefits• Works with MS ILM / FIM or HID’s naviGO CMS software• Future Proof your ID Badge
Crescendo Summary
HID /Dell partnership delivered the first ever embedded contactless technology in a laptop in 2008
•Dell® Latitude™ E-Family Laptops include 13.56 reader technology in palm rest•Over 3 million in the market to date
HID Reader
Technology
Included
HID Reader
Technology
Included
HID 13.56 MHzTechnologyIncluded
HID 13.56 MHzTechnologyIncluded
E-Series Z-Series
Dell Embedded Reader
OMNIKEY Readers
More specifics in the following slides
Logical Access Readers
HIDOMNIKEY 3-SeriesContact Desktop
HIDOMNIKEY 4-Series
Mobile
• Corporate customers• Highly reliable• Easy to install and use
• Travelling Business User
• High-speed Card Access
• Mechanical robust
Logical Access Readers
HIDOMNIKEY 6-Series
USB Dongle Reader
HIDOMNIKEY 7-Series
Biometric
• Traveling users• Convenient Dongle
Formfactor• Easy to install and use
• Corporate customers• Biometric and card
integration• Ease of use
HIDOMNIKEY 5-Series
Contactless Desktop
• Corporate customers• Broad contactless
standards support• High-speed Card
Access
HID’s OMNIKEY 3-Series Contact Desktop
• One reader for all contact cards– Works with virtually any contact card
– No hassle by using different cards– Freedom of choice for the customer on card system– One reader to be used for different applications and
cards
• Easy integration on PC/SC interface– All drivers are fully PC/SC 2.0 compliant
– Standard software can access the reader immediately
– Exchange of readers can be easily done without changing the Software
– One driver works with all devices of the series
• High-Speed Card Access– Supporting fast access to cards
– Reduced logon times– Less waiting time before use and low transaction
times
HID’s OMNIKEY 4-Series Mobile
• One reader for all contact cards– Works with virtually any contact card
– No hassle by using different cards– Freedom of choice for the customer on card system– One reader to be used for different applications and
cards
• Easy integration on PC/SC – All drivers are fully PC/SC 2.0 compliant
– Standard software can access the reader immediately
– Exchange of readers can be easily done without changing the Software
• Robust housing for mobile use– Stainless Steel case
– Reader can remain in Notebook– Mechanical stability makes it ideal for long-term
mobile use
HID’s OMNIKEY 5-Series Contactless Desktop
• Dual-Interface readers for both technologies– Works with virtually any contact and contactless card
– No hassle by using different cards– Freedom of choice for the customer on card system– One reader to be used for different applications and
cards
• Supporting three ISO standards and industry leading technologies in OK5321
– Supports 14443 A+B and ISO 15693– Best card support with highest possible card
speed in standard– NXP MIFARE, HID iCLASS, TI Tag-It, Infineon My-D
and NXP iCode support allows one reader for a lot of applications
• Supporting HID iCLASS and Prox technology– Only PC/SC compliant reader family that supports
HID iCLASS technology and HID Prox technology– Use of physical access credential on the desktop for
different applications with OK5321 and OK5325
OMNIKEY 5321CR
32
OK5321CR
• Robust waterproof and dustproof casing • Certified IP67• Stylish design – looks like an • iCLASS, MIFARE, MIFARE Plus, DESFire• Easy to keep clean and sterilize
Healthcare, Clean Rooms Retail, Hospitality Manufacturing Schools
HID’s OMNIKEY 6-Series Dongle Reader
• Convenient Form-Factor for Mobile use– Small and lightweight, but full featured
– Easy to store and carry– Intelligent solutions for card holding– Key ring attachable
• Easy integration on PC/SC interface– All drivers are fully PC/SC 2.0 compliant
– Standard software can access the reader immediately
– Exchange of readers can be easily done without changing the Software
– Works with the same driver as the correspondent Desktop readers
• High-Speed Card Access– Supporting fast access to cards
– Reduced logon times– Less waiting time before use and low transaction
times
OMNIKEY 6221 MicroSD
• Contact Smartcard reader with USB interface• Supports ISO 7816 Smartcards with T=0, T=1
protocol in SIM-size format• Fast Smart Card interface up to 420kbps• Standard PC/SC 2.0 Driver with Hot Plug Enabler• MicroSD memory card reader• Support MicroSD and MicroSDHC standard of up to
32 GB memory• High-speed USB interface of up to 480Mbps• Supported platforms
– Windows 7/XP/Vista/2000
– Windows 2003/2008 Server
– Windows CE, Mobile
– Linux, MacOS X 10.5 /10.6 (planned)
– Other platforms through CCID compliance
OMNIKEY 2061 Bluetooth
• With the OMNIKEY 2061 Bluetooth you get a high-performance reader, which allows you to use contact cards without being tied by a cable to your PC-Host or mobile device. This allows convenience for logon while carrying your security badge at all times with the reader
Every Smart Card Application Needs a Reader
naviGO
naviGO Software
• Simplifies strong authentication deployments.• Provides the management and provisioning of Prox, iCLASS,
MIFARE, DesFire and/or Crescendo cards used on the desktop. • Delivers centralized lifecycle management for cards used for
strong-authentication and their associated digital identities.
naviGO Benefits• Self-Service for PIN Unblock and Reset• Ease of Use in Enrollment /
Provisioning• Centralized Security Policy
Prox / iCLASS on the Desktop
Workstation
naviGO is the password replacement solution that provides faster, easier, and more secure Windows® log-on
•Is an ATM-like transaction that uses two-factor authentication (Card and PIN)
•Provides Windows authentication with HID Prox, iCLASS, MIFARE or Crescendo Cards
•Enables Emergency Access through Knowledge Based Authentication (KBA)
•Requires replacement of MS-GINA for Windows XP or a Credential Provider for Vista and Windows 7
naviGO Workstation
naviGO User Portal
naviGO User Portal
• Manages and provisions HID Contact and Contactless cards
• Benefits to the end-user– Cards can roam between desktops– Allows self-service unblock or reset of PINS– Enables remote access with contactless card (RDP)
• Benefits to the IT Security Manager– Supports self-service or attended issuance of two-factor authentication credentials
(HID cards of any type)– Can handle contactless, contact or any mixture of card types– Allows centralized management of users and policies– Increases system security with minimal impact to daily operations– Quick and easy to install and use
naviGO Server
Server Admin Portal
naviGO Admin Portal
CAPABILITY
LE
VE
L O
F S
EC
UR
ITY
iCLASS on the DesktopiCLASS on the Desktop
Prox on the Desktop
Prox on the Desktop
Crescendo on the Desktop
Crescendo on the Desktop
User name &
Password
User name &
Password
PKI
Risk Appropriate Authentication
naviGO Implementation Options
Workstation(Standalone)
Server
Workstation(Client / Server)
Server Server
BaseCSP and naviGO Drivers for PKI
• Contactless logon
• Single credential per PC
• No management server - standalone deployment
• Recommended for lab and demo use
• Contactless logon
• Managed using naviGO Server
• Central policy management
• Supports roaming & multiple credentials per PC
• Contact (PKI) logon
• Managed using naviGO Server
• Central policy management
• Uses native Windows smart card capabilities
• Mixture of Contactless and Contact (PKI)
• Managed using naviGO Server
• Central policy management
• Offers greatest flexibility
Ser
ver
Sid
e
BaseCSP and naviGO Drivers for PKIWorkstation
(Client / Server)
Clie
nt S
ide
naviGO Server Software Not Required
naviGO Workstation Software
Not Required
Standalone Client/Server PKI Mixed Environment
Closing Thoughts
• Password management is not easy nor inexpensive (cheap)
• Two-factor authentication ( HID Card plus PIN ) provides greater security and convenience, than a static Active Directory username and complex password
• HID on the Desktop allows you to leverage your existing investments to “do more than open the door”
• Mix and match technologies (Prox or iCLASS), as needed, for standard desktop users, Crescendo with PKI for Laptops, or for users with higher security needs.
• naviGO software ties it all together and offers a migration path from username and password, to contactless, to contact smart cards with PKI
• Simple– Enables an extremely simplified deployment, administration, and use model
• Secure – Two-factor authentication (card + pin) eliminates password sharing
• Flexible– Offers self-service enrollment with multiple access modes as well as
administrator driven policy creation
• Scalable– Offers simultaneous support for up to 10,000 concurrent users
• Convenient– Provides single means to manage multiple strong authentication methods
• Mix contactless and contact cards as needed
• Affordable– Leverage existing HID deployed cards. No need to rebadge.
New Solutions for Secure Identity
HID on the Desktop Benefits
Expand the value of HID cards and tokens to do more than open the door through the delivery of a risk appropriate network access solution for small, medium, and large organizations.
HID on the Desktop Summary
Thank You
Questions and Answers
