VASCO Data Security 1

Hans LiljedahlChannel Manager

Nordic & Baltic RegionVASCO Data Security

”Psst…I know your password”

VASCO Data Security 2

The Authentication Company

VASCO Data Security 3

VASCO update

VASCO, the Full Option, All-Terrain Authentication Company

VDSI - Financially healthy & profitable. Top-100 fastest growing IT-

companies in the world.

VASCO Data Security 4

VASCO Offices

VASCO sales presence

Corporate Profile: VASCO Worldwide

VASCO Data Security 5

Full option, All terrain

Verticals & segments

VASCO Data Security 6

Full Option & All-Terrain

All-Terrain = All applications/technologies

E-bankingE-brokerage

Online gaming

Automotive

E-government

Healthcare B-to-B

E-commerce

Social Security

EducationPublishing Industry

VASCO’s products are used in over 50 applications

VASCO Data Security 7

• Over 1500 international financial institutions put their trust in VASCO’s solutions & deployments.

Banking References

VASCO Data Security 8

VASCO Enterprise Security Customers

VASCO Data Security 9

Tools on internet...

VASCO Data Security 10

Your identity… on line

32 million user passwords exposed

VASCO Data Security 11

Your identity…on line

VASCO Data Security 12

TOP 20 of passwords used

VASCO Data Security 13

TOP 20 of passwords used

VASCO Data Security 14

42% used lowercase letters from "a to z“

only 6% mixed alpha-numeric and other characters

many of the top 20 passwords used were names

nearly 2,000 of the passwords were only 6 characters long

the longest password was 30 characters –“lafaroleratropezoooooooooooooo”

Human Behaviour…

VASCO Data Security 15

Hacking on line resources

VASCO Data Security 16

Hacking on line resources

VASCO Data Security 17

In the news….

VASCO Data Security 18

In the news….

VASCO Data Security 19

High Tech Fraud Schemes

On the global black market (Symantec, accounts.com):• Your e-mail password is worth $4.00

• Your credit card number is worth $0.40 • Your social security number is worth $1.00

• Your bank account is worth $10.00 • Your level 70 undead rogue with quest blues and a flying mount is worth $425.00

VASCO Data Security 20

Phishing

VASCO Data Security 21

QUIZ

• Do you recognize this?

• How many (different) passwords do you have to remember?

• Do you write down your passwords (or keep them in a file)?

• Is your static password at least 8 characters long ?

is it a combination of numbers, symbols and letters?

• How often do you (have to) change your passwords?

• Have you ever given your password to someone else?

• Passwords can be guessed, stolen, hacked, …

• Password Sharing, Shoulder Surfing......

• How can I be sure that you are really the one you say you are?

VASCO Data Security 22

PASSWORD CHECKER

http://www.howsecureismypassword.net

rTyx*pK2%9

VASCO Data Security 23

rTyx*pK2%9

Cheapest solution...

I’m safe for 17.000 years….

my password is

invented by xxx today

forgotten by xxx tomorrow

So, call help desk…or use smart technology

VASCO Data Security 24

So, what about your (on-line) business?

VASCO Data Security 25

The Password Challenge

User 1:

“I have to remember about 20 passwords…”

User 2:

“I have to change them every 30 days”

User 3:“All should be different so if one password is

compromised all others are not.”

VASCO Data Security 26

The Staff Authentication Challenge:

CEO:

„Employees use passwords of their colleagues to get access to information they are not

entitled to see!“

VASCO Data Security 27

The Mobile Staff Authentication ChallengeSales Director:

„My team needs access to the corporate network and their e-mail wherever they are.

It should be very efficient when they are in the office and very safe when they are somewhere

out, especially when using an Internet Cafe.”

The Staff Authentication Challenge:

VASCO Data Security 28

The Data Protection and Access ChallengeGeneral Manager:

„The laptop of my closest staff member was stolen out of the car recently. I‘m extremely alarmed

that the sensitive data on it finds its way to our competition.”

The Staff Authentication Challenge:

VASCO Data Security 29

The Cloud Authentication ChallengeMarketing:

„We need to reliably authenticate our customers when they access our online services. “

The Staff Authentication Challenge:

VASCO Data Security 30

The weakest link….CTO

„We have invested $$ in Firewalls, VPN, SSL-VPN, online applications, anti spam, anti-virus, content filtering, web traffic management tools, etc…

But the weakest link is the colleague ! “

The Staff Authentication Challenge:

VASCO Data Security 31

Why are you a potential cybercrime victim?

You are connected and as a consequence you have:

• an infrastructure to test a virus

• a server connected to the web for storage of illegal content

• a temporary system for illegal activities (spamming, botnet, …)

• bandwidth to share

• information which is valuable on the black market

(Personal, financial or business info)

VASCO Data Security 32

So…Why not use smart technology instead?

VASCO Data Security 34

Strong User Authentication

Pin code:‘1234’

VASCO Data Security 35

1000x login screens…

• Whenever you need to type username and password, replace it by a better solution!

VASCO Data Security 36

Replacing static passwords with OTP

HANS LILJEDAHL

blacky1r\°5w^Tyx*pK2%9PIN + 342601

VASCO Data Security 38

OTP generation: HOW?

DES/3DES/AES

Kdp

Time

Kdp

Time

872003

VASCO Data Security 39

•Digipass calculates One Time Passwords (OTP)

•One time passwords cannot be reused, stolen or hacked

The concept: GENERATION of OTP

Encryption Algorithm

Key

OTP

Time

VASCO Data Security 40

The concept: VALIDATION of OTP

Client Side Server Side

Internet

Encryption Algorithm

Key Time

• Need for Secure Transport & Secure Storage of secret key• Need for Synchronization of time

Encryption Algorithm

Key Time

VASCO Data Security 41

•Digipass calculates Electronic Signature

•MITMA countermeasure

Encryption Algorithm

Key

OTP

Time Data fields

The concept: GENERATION of Electronic Signatures

VASCO Data Security 42

Authentication – It’s a trade off…

User Friendliness

User AcceptancePortability

Customer type

StandardsOTP / Signature

Procedures

DeploymentHelpdesk

Price

VASCO Data Security 43

IDENTIKEY Server- The Brain & the Heart

Front-End Integration

PostgreSQL

Back-EndAuthentication

Web-based Administration• User & DIGIPASS

Administration • Reporting

SOAP

SEAL

RADIUS

SOAP

IIS WebApplications

Customer Web Applications

RADIUS Client

RADIUSLDAP

via Windows APIvia Custom API

Datastore

Apache Tomcat Webserver

ODBC

Directory

AD

LDAP/LDAPS

CommandLine TCL

AD U&C

SEAL

Windows Desktop Login

ConnectedUnConnected Server Login Terminal Server Login

SEAL-S

VASCO Data Security 44

Remote Site: Server Solutions

Vasco has multiple solutions to protect your network and applications:

SOFTWARE HARDWARE SERVICES

Plugins:•Microsoft IAS•Juniper SBR•Novell NMAS•Imprivata•AEP•RACF•Siteminder

VASCO Data Security 45

DIGIPASS AS A SERVICE

DIGIPASS as a Service is a managed authentication solution

DIGIPASS as a Service offers security for multiple applications:•SaaS solutions•online gaming•e-learning applications•online subscription services (e.g. magazines and newspapers)•licensed services•e-government applications•e-healthcare systems•e-commerce applications•e-banking applications•online insurances applications•intranet/ extranet

VASCO Data Security 46

CLIENT SIDE: DIGIPASS Factory

DIGIPASS GO range with e-signature capability

DIGIPASS e-signature devices

DIGIPASS Softwarerange

DIGIPASS PKI range for authentication using digital

signatures

DIGIPASS card reader range for authentication using electronic and digital signatures

VASCO Data Security 47

DIGIPASS FOR MOBILE

VASCO Data Security 48

Ačiū!Hans.Liljedahl@vasco.com