SecurEnvoy Next Generation Two-Factor Authentication - C-cure

bloatdecorumSoftware and s/w Development

Oct 30, 2013 (3 years and 8 months ago)

75 views


Stephen Crick

Business Development Manager

Tokenless

Authentication

SecurEnvoy Overview


UK company
-

Founded in 2003


Inventors of Tokenless



Authentication


Represented in 38 Countries (and growing)


700 global customers


¾ Million End User Devices


Pure Channel Partner Sales Model


Private and profitable company

Who uses SecurEnvoy?





















© 2009 Copyright SecurEnvoy Ltd. All rights reserved

SecurEnvoy Products

SecurAccess

SecurICE

SecurPassword

SecurMail

Evolving User Base

1980
1990
2000
2010
2011+
Simplicity
Usability
Versaility
Cost
Mobile Workforce


Technology is driving mobility


Consumer and Business devices are
becoming the same thing


Social Networking is driving
communications and business


Connect Anytime, Anywhere on
-
demand


Make it
Secure and not Complex

Simple Facts


Usability



Consumer / End User

Simple Facts


Versatility



Technology / Capability


Simple Facts


Simplicity



Administration


Simple Facts


Cost



Upfront / On
-
going


Two Factor Authentication


Factor One


Something You Know


Factor Two


Something You Have

Problems With Passwords


“Social engineering”


Finding written password


Post
-
It Notes


10 PIN’s a day!


Guessing password / pin


Dog / Kid’s name / Birthday


Shoulder surfing


Keystroke logging


Can be resolved with mouse based entry


Screen scraping (with Keystroke logging)


Brute force password crackers


L0phtcrack


Are you Secure?

Protect Yourself / Company


Compliance


PCI


Sox


HIPAA


Government / Military / Education


E
-
Initiatives


Policy


Stronger Security


It’s now Your Digital Profile!


Your money


Your identity


Adding Another Level

Something You Know

Something You Own

Andyk

P0stcode

234836

Deploying 2FA

Tokenless



SecurAccess

Tokens Vs Tokenless



Traditional Tokens


Usability


Extra hardware


Usually extra complexity to login


Not globally recognised


Simplicity


Nightmare to manage


Extra Servers


Extra Databases


Extra Security Required


Extra maintenance


Versatility


Usually One solution per item


Cost


Expensive upfront and ongoing

Tokenless




Usability


Uses what you already have (5
Billion Phones globally)


Intuitive process for login


Everyone understand SMS and
Phones


Simplicity


20,000+ users deployed in an Hr


Uses what you already have


NO

Extra Servers


NO

Extra Databases


NO

Extra Security Required


NO

Extra maintenance


Versatility


Can support multiple apps


Cost


Around 60% cheaper


SMS or Soft Token

SMS
-

Reliability

SMS


Secure?


Phone Trojans


Need to install on the phone?


Seed Record Hacking


No seed records


Man in the Middle


User alerted on login attempt


Session cookie is fingerprinted


OTP


once the code is used it is locked / changed


SMS capturing


User alerted on login attempt


Without Username & Password what is the SMS for?


Unidirectional


not susceptible to
DDoS

attacks


One SMS Solution?


Real Time


What is true Real Time


Flash
vs

Pure Text


What if there is no network
coverage?


What if there are delays?


Pre
-
Load


Available Now


Multiple Code Options


Still Secure


Uses SMS protocol to
simplify


Web Gateway / Modem


Voice / SMS / Pager

SecurMail

SecurMail

Password Reset Traditional Method

Separate
Database of user
information

User Enrolls with


security questions

Mothers Name

First School

Child Name

First job

Street name

Traditional approach

User answers a random
set of security questions

Enrollment

Password reset

User resets password
via API

Password Reset
Complete

SecurPassword

All User data stored in
LDAP (AES 256 bit)


Supported LDAP
servers:

Microsoft AD

Novell e
-
Dir

Sun One

Linux

IBM

Enrollment

User Enabled upon
SecurEnvoy server



User sent automatic
enrollment request

User selects Security
questions

User provides
Security answers

User Authenticates with Two
-
Factor

User enrollment
process complete

Self Service Reset

User enters passcode
and security answer

User enters new
password

User selects
password reset link

Password policy
elements are displayed

SecurEnvoy


Usability



Consumer / End User


Versatility


Technology / Capability


Simplicity



Administration


Cost



Upfront / On
-
going


Case Study


T
-
Mobile (UK)


Mobile Telecoms Company


RSA User


2000 approx.


Change? Cost / Complexity


admin contractors etc.


SecurAccess


6000 approx.


Competition


Cryptocard


Swivel


Reasons for choosing SecurAccess


Simplicity


Administration /
Msoft

AD integration


Cost savings (initial and ongoing)


Other benefits


Deployed over a weekend


Scripted for all new users


self administrating

Case Study


Sykhuspartner

(Norway)


Health Services


New user requirement


70,000 users


SecurAccess


25,000+ approx.


Competition


SMS
Passcode


RSA


Reasons for choosing SecurAccess


Simplicity


Administration /
Msoft

AD integration


Cost savings (initial and ongoing)


Reliability for delivering SMS (pre
-
load)


Other benefits


Now looking at
SecurPassword



70,000 users


Case Study


Imperial Tobacco (Global)


RSA User & SecurAccess


12000 approx.


Change? Cost / Complexity


SecurAccess


7500 approx.


Competition


RSA


Vasco


Reasons for choosing SecurAccess


Simplicity


Administration


Cost savings (initial and ongoing)


Other benefits


Due to RSA breach moving all over to SecurAccess


Ability to support SMS Gateways


Delivery of SMS


Case Study