Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!

Similar presentations


Presentation on theme: "SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!"— Presentation transcript:

1 SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)! Log-on Denied Standard SAP® Log-on © 2013 realtime North America Inc., Tampa, FL. All Rights Reserved. No biometric authentication, identity management or accountability. Password Sharing not prevented, no fraud attempt alerts. Whatever system capabilities are associated with the User ID, even SAP_ALL, are now available, even if the password was stolen. SAP Security & Authorizations Log-on Allowed

2 User requests Log-on from SSO Software SSO prompts user for biometric scan Access Allowed Access Denied Typical Biometric “Single Sign-On” Systems (SSO) © 2013 realtime North America Inc., Tampa, FL. All Rights Reserved. Normal Logon with SAP USER ID and Password still possible, circumventing the biometric SSO! SAP USER ID and Password are retrieved by SSO, passed on to SAP. No biometric verification. No identification of user. Fingerprint template extracted, compared with reference template in SSO system - outside SAP Reference templates SAP Username & Passwords SSO Password Sharing is not prevented!

3 bioLock matches SAP USER ID and Password to user’s biometric credentials User requests SAP Log-on. User enters SAP USER ID and Password. bioLock prompts user for biometric scan Biometric template extracted, encrypted, compared with reference template in bioLock/SAP Log-on Allowed Log-on Denied SAP dedicated name space: /realtime How bioLock ™ Log-on works © 2013 realtime North America Inc., Tampa, FL. All Rights Reserved. Reference templates Activity logged alert Password Sharing is prevented, fraud attempts logged!

4 Summary © 2013 realtime North America Inc., Tampa, FL. All Rights Reserved. SAP and its logos are trademarks or registered trademarks of SAP AG in Germany and in other countries. All other trademarks mentioned herein are the property of their respective owners.


Download ppt "SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!"

Similar presentations


Ads by Google