eToken Virtual and MobilePASS Software Authenticators

Agenda Software authentication overview Product portfolio eToken Virtual MobilePASS Market background Identifying the opportunity

The Highlights What is Software Authentication? Two-factor authentication solutions that enable secure remote network access and digital signature functionality without the need for a physical hardware authenticator Available in a OTP and Virtual Smartcard platform What can you do with it? Securely access web-based online services and corporate networks (VPN) Digital signature applications (PKI only) What makes it an innovation in two-factor authentication? Convenience: no hardware to carry Management: simplified administration Reduced TCO: reduced costs associated with hardware provisioning and deployment Security: two-factor authentication without the need for hardware

Software Authentication Simplified management No hardware deployment Two-factor authentication Certificate-based authentication OTP or Remote Network Access Digital Signature* *eToken Virtual only

Authentication Matrix

Hardware vs. Software: Pros and Cons Hardware Authenticators Software Authenticators Usability Must be delivered & deployed Users need to carry a physical device with them Increased downtime (can be misplaced, stolen or broken) Easy to distribute and deploy Less hassle as does not require additional dedicated device Less downtime Security More secure Enable combined physical proximity (RFID) More secure than passwords but less secure than a physical authenticator Don’t comply with the high security standards of an actual smartcard Less secure than a hardware authenticator TCO More costly per device Deployment & operational expenses Affordable - Lower TCO than physical authenticators

Software Authentication Product Portfolio

Software Authentication Solutions eToken Virtual Certificate-based two-factor software authentication security solution which provides full public key cryptographic functionality such as secure remote access, network access and digital signing MobilePASS OTP two-factor software authentication that offers the convenience of one-time passwords generated on your mobile device, PC or portable storage device

The Solution: eToken Virtual NEW! Virtual smartcard with full PKI functionality Software PKI-Based Strong Authentication on PC / Removable Drives Applications Secure remote access Network access Digital signing Virtual Smartcard – functions like a hardware authenticator SSO PC security

eToken Virtual Security Features AES Encryption: Keys & certificates are securely created and stored in eToken Virtual Device Locking: eToken Virtual contents are locked at time of provisioning to a specific storage device or PC Policy Data Signing: Enforces password complexity according to organizational policies Memory Protection: Prevents content being written to disk Key Deletion: private data is replaced by random data and rewritten to disk to ensure no trace remains “Given most users’ aversion to passwords, coupled with the inability to remember more than a few without writing them down, IDC believes that solutions such as soft tokens, certificates, one-time passwords, and hardware-based tokens will make rapid gains.” IDC - Worldwide Identity and Access Management 2007- 2011 Forecast and 2006 Vendor Shares

eToken Virtual Technical Specifications Management: eToken TMS 5+ Security Application: eToken PKI Client 5+ Operating Systems: Windows: XP, Vista, Windows Server 2003 & 2008 (32-bit and 64-bit) Mac* OS X 10.4 (Tiger), 10.5 (Leopard) Linux distributions*: CentOs 5.2 (32-bit and 64-bit), Red Hat 5.2 (32-bit and 64-bit), Ubuntu 8.04 (32-bit), Fedora Core 9 (32-bit), SUSE 10.3 (32-bit)

eToken Virtual Deployment– Administrator Use Case Administrator enrolls eToken Virtual for a specific user from the TMS Manage. The only supported use case is enrollment to a removable flash device: eToken TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators. eToken TMS is installed and all the required connectors are configured to enable eToken Virtual usage. Administrator plugs in the user portable device and starts the enrollment process from the TMS Manage web site. eToken Virtual is created on the portable device, locked and set with the initial user password. Notification is sent to the user with the eToken Virtual password. User receives the device and can use it for the authentication.

eToken Virtual – User Enrollment Use Case User accesses the TMS Service web site and enrolls eToken Virtual: TMS and eToken Virtual licenses are acquired by the company to provide two-factor authentication using software authenticators. TMS is installed and all the required connectors are configured to enable eToken Virtual usage. User enters TMS Service web site to enroll eToken Virtual. eToken Virtual is created on the user computer, locked and set with the user password OR user can enroll the eToken Virtual to a portable drive, based on the TMS TPO settings, configured by the administrator. User can use the eToken Virtual for the authentication. NOTE: Admin Rights Required for eToken PKI Client Installation

Use Case: Check Point VPN Network Access User logs into computer and connects via VPN to corporate network 2. eToken Virtual requests user’s credentials eToken Virtual 3. eToken Virtual validates credentials 4. Secure connection is established

The Solution: MobilePASS OTP passwords generated on Windows desktops or mobile devices Applications Remote Access VPNs Terminal Server Citrix applications Outlook Web Access and other web-based applications including customer-facing online services such as banking, education portals and health care “Phone-based authentication tokens [are] becoming increasingly popular, and we predict that 50 percent of future two factor authentication implementations will use phone-based tokens.“ Ant Allen, Gartner Analyst User Authentication Beyond the Password, June 2008

The Solution: MobilePASS Supported Platforms Windows Desktop BlackBerry Windows Mobile Java ME Smartphone SMS & email delivery - (with SafeWord 2008 and SafeWord ESP only) Management eToken TMS SafeWord 2008 with SafeWord ESP Note: MobilePASS appears under the name SoftOTP in the current eToken TMS 5.0 CA release. The name will be updated to MobilePASS in the upcoming eToken TMS 5.1 GA release.

MobilePASS – Overview (cont.) For Mobile Devices MobilePASS turns your mobile phone into a strong authentication device. When you log in to your secure network from your laptop or PC, the quick-launch on your mobile phone will generate the one-time password you use to complete your login. For Windows Desktop & Portable Storage Devices MobilePASS for Windows Desktops allows you to generate one-time-passwords on your Windows desktop through a locally installed OTP application or on portable storage devices. Users simply generate a one-time password from their desktop and use it to log on securely to the desired application.

MobilePASS – Enrollment and Usage eToken TMS and MobilePASS license are acquired by the company to enable OTP using software authenticators. Administrator enrolls MobilePASS authenticator for the user in the TMS Manage. The user receives the MobilePASS authenticator, an activation code and PIN via e-mail, SMS etc.. The user installs the MobilePASS software. The user enters the activation code and activates the software. OTP is generated using the received PIN. Using the OTP, the user logs on.

Use Case: Secure Access to Financial Portal with MobilePASS

Software Authenticator Management eToken TMS enables full life cycle management Including TMSservice - End-user portal The End-user site enables tasks such as: Enroll a new authenticator Update the content of an enrolled authenticator Change/Reset eToken password Disable/Enable an eToken Replace a Lost/Damaged authenticator (including revocation) Manage OTP authenticator including MobilePASS Enroll eToken Virtual and eToken Virtual Temp

Additional software solutions using TMS: eToken Virtual Temp Time limited temporary authenticator which can be used for a limited period of time instead of a permanent authenticator For each authentication, the user can enrol one temporary virtual authenticator. eToken Rescue Users who lose their authenticators can create an eToken Rescue authenticators (default expiration 1 month, max 3 months)

Market Background

Market Drivers Need for an alternative to physical authenticators Ease of use and convenience for end users Lower TCO for management and deployment Expansion of online Web services Education Healthcare Financial services Extension of enterprise services Partner portals VPN access Digital signing Need to address risk and compliance “Number of crimeware websites surge in largest jump ever in Dec. 2008” Anti-phishing Working Group

The Mobile Authentication Market IAM in the mobile market is growing rapidly, according to IDC. CAGR of 26.8%, to reach over $50 m by 2012 in the mobile market alone. Presumably, this is mostly OTP. Source: Based on data from IDC, Mobile Security Device Market, March 2008

Target Markets B2C and B2B organizations that are interested in providing secure access and digital signing capabilities to customers, partners and employees Solution Remote Access Digital Signing Enterprise Out-the-box Online services

Identifying the Opportunity Deployment Organizations who want to implement two-factor authentication but don’t want the constraints of hardware deployment or that are cost sensitive to the costs associated with hardware deployment Security Organizations who want to implement two-factor authentication but do not necessarily need the full security of a hardware-based solution Digital signing Organizations that already have authentication solutions in place but who want to add digital signing capabilities for specific users Consumer-facing Consumer or B2C deployments where user convenience is crucial and hardware deployment is too costly Flexibility Organizations that want to add more flexibility to their existing authentication infrastructure

Key Selling Points Convenience and simplicity for users – no hardware to carry around Simplified management and administration Balances ease of use, security and cost Eliminates the cost of hardware deployment Extends the flexibility of organizations’ security infrastructure by complementing existing hardware solutions Compatible with SafeNet’s broad range of OTP and certificate- based authenticators allowing you to tailor security solutions to use cases and risk levels “IDC believes that… soft tokens, …will make rapid gains… in the US, compliance, industry pressure, and cost concerns will result in mostly software-based solutions.” IDC, 2007

Thank You www.aladdin.com www.safenet-inc.com