MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents
|
|
- Roderick Hicks
- 5 years ago
- Views:
Transcription
1 MobilePASS SOFTWARE AUTHENTICATION SOLUTIONS Security Features Contents Introduction... 2 Technical Features... 2 Security Features... 3 PIN Protection... 3 Seed Protection... 3 Security Mechanisms per Operating System... 5 Summary About SafeNet Authentication Solutions List of Tables Table 1 MobilePASS Security Mechanisms for Apple ios... 5 Table 2 MobilePASS Security Mechanisms for Android... 6 Table 3 MobilePASS Security Mechanisms for Microsoft Windows Desktop... 7 Table 4 MobilePASS Security Mechanisms for BlackBerry OS Table 5 MobilePASS Security Mechanisms for BlackBerry OS Table 6 MobilePASS Security Mechanisms for Microsoft Windows Phone Table 7 MobilePASS Security Mechanisms for Mac OS X Page 1 of 12
2 Introduction SafeNet s MobilePASS family of one-time password (OTP) software authentication solutions combines the security of proven two-factor strong authentication with the convenience, simplicity, and ease of use of OTPs generated on personal mobile devices or PCs. By turning a mobile phone into a two-factor authentication device, organizations save significantly on hardware and deployment costs, while users benefit by not having to carry an additional hardware token around with them. MobilePASS is available for all leading mobile devices, including BlackBerry, iphone, Android, Windows Phone7, Mac OS and Windows desktop. The purpose of this document is to review the various security mechanisms that are designed to protect the MobilePASS application, OTP seeds and other MobilePASS functionalities from malicious activity or in the event that a user s mobile device is misplaced, stolen or lost. Technical Features Over-the-Air Automatic Activation: MobilePASS enables automatic activation over the mobile device data connection link. The automated activation is easy to use by the end user, and at the same time enforces enterprise policies for the token settings. During MobilePASS automatic activation, users provide an activation credential that is delivered to the user out of band. The one time activation credentials ensure that the token is indeed activated by the authorized user. The MobilePASS application establishes a secure communication channel with the Authentication server s activation service and sets the OTP secret that is used to generate one OTP. Policy Driven Activation: MobilePASS tokens are activated in accordance with policy settings configured in the authentication server. The policy settings managed in the server control which users are authorized to activate MobilePASS tokens as well as the appropriate security settings of the application, such as PIN quality, device qualification and lockout policy. The activation policy setting enables flexible and effective policy management, enforcing the appropriate level of security. Comprehensive OTP Algorithm Support: MobilePASS tokens support industry standard OTP generated algorithms, from the OATH initiative ( The solution enables OTP tokens to be used with Time synchronous Algorithm (TOTP), Event Synchronous (HOTP) or Challenge-Response (OCRA) algorithms. The OTP algorithm used is determined by policy settings in the SafeNet token management server along with any additional security settings. o The use of standards based algorithms that have gone through public scrutiny and the ability to match the proper algorithm and policy setting to the different user communities enables a conscious implementation that lets organizations mitigate risks with security mechanisms. MobilePASS SDK: In addition to the mobile applications, MobilePASS ships with an SDK that allows the embedding of MobilePASS security functionality within other mobile applications. The availability of the SDK enables the creation of customized apps and software tokens that are compatible with the SafeNet authentication solutions and enjoy the same level of security and functionality. Enhanced PIN complexity: Support for numeric and alphanumeric PINs as well as the ability to set a token policy disallowing trivial PINs Page 2 of 12
3 Security Features SafeNet is committed to ensuring the security of the MobilePASS software authentication solution. Below are key security features that are built into the software token implementation to secure the operation and management of the MobilePASS solution. PIN Protection 1. Device PIN Protection: Most mobile device comes with a device PIN protection option that allows the mobile user to designate a secret PIN which is then required in order to unlock the device for use. Enabling this PIN protection mechanism provides users with the first layer of defense in preventing unauthorized users from gaining access to the MobilePASS application stored on the device and generating passwords. 2. Mobile Application PIN Protection: While the device PIN protection is a mobile device feature, MobilePASS also includes optional token PIN protection instead or on top of the device PIN. IT policy can be set to control and enforce PIN length and lockout policy 3. OTP PIN Protection: An additional OTP PIN may also be required by the authentication server policy in order to login to the protected application. By using the OTP PIN at the server layer, even if a token application is compromised, the unauthorized user would still need to know the OTP PIN in order to successfully login to the application. Such OTP PIN length and lockout policy are also configurable in the authentication server policy settings. Seed Protection Generating a One-time Password (OTP) in a secure fashion relies on a secret key that is shared between the OTP generator application (or device) and the OTP validation server. The secret key is referred to as the OTP seed. Ensuring the seed is not compromised is a key security aspect of OTP authentication. As such the OTP seed used by MobilePASS needs to be protected at: Enrollment to secure the OTP from leaking seed during the activation process Mobile Device to secure the OTP seed stored the mobile device Authentication Server to secure the OTP seed stored by the server to validate authentication requests Following are the key mechanisms used to protect the MobilePASS OTP seed: Secure activation protocol - While the automated activation process is performed over a Secure Socket Layers (SSL) transport, the activation process of MobilePASS tokens also uses the DSKPP protocol (RFC 6063 is available at ) to secure the OTP seed key exchange. The DSKPP protocol used is the four pass variant which ensures that there is a secure key exchange between the MobilePASS application and the MobilePASS activation service on the backend and that the OTP seed is never transmitted over the communication line. The DSKPP authentication data is transferred using the enrollment . The activation information is valid for one activation - and for a short period of time. When the activation process is started, the enrollment information is passed to the MobilePASS application including user authentication code. Page 3 of 12
4 1. Secure seed server storage once activated, MobilePASS s OTP seed is encrypted by the SafeNet Authentication server and can be further protected by using a Hardware Security Module (HSM). 2. Dynamic seed generation - with SafeNet MobilePASS, the OTP seed is not predefined on the server side and transmitted to each device. Instead it is randomly generated throughout the enrollment process of the MobilePASS authenticator and set on the client and server side during the activation process. This prevents multiple instances of the MobilePASS application using the same seed. 3. Secure device seed storage Once generated, the MobilePASS application stores an encrypted OTP seed in a protected storage using mobile device specific mechanisms. The goal is to protect the seed from being used by other applications or users, and from being copied to another device. Security of the stored data is affected by the following considerations: Key Store Access which applications and users can access the stored key Key Encryption how is the stored key protected from other user access Copy Protection how is the stored key protected from being duplicated to another device 4. Intruder Key Reset MobilePASS can be configured to resist incorrect PIN attacks using the token policy setting. When an incorrect PIN is entered for more than the predefined treshold the token gets reset as token data is erased. Page 4 of 12
5 Security Mechanisms per Operating System Tables 1 through 7 below provide platform specific implementation details on how each of the mechanisms detailed in the section above are implemented in each operating system. Mobile Platform Security Feature Mechanism Comment MobilePASS 8.4 for Apple ios Key store Access The OTP seed is stored in the ios KeyChain KeyChain enables sandboxed keys per application. This means that each application only has access to its own KeyChain elements. Therefore, no other applications are able to read the MobilePASS KeyChain data. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection MobilePASS KeyChain elements are non- migrate-able so that backup and restore are not supported IOS 6 or later. Certification MobilePASS relies on native ios FIPS validated crypto libraries. Details on Apple ios crypto libraries validation can be found here and here. Table 1 MobilePASS Security Mechanisms for Apple ios Page 5 of 12
6 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for Android Key store Access The encrypted OTP seed is stored on the Android OS in the MobilePASS application's private folder. Files saved to in an application private folder are only accessible by the application - no other application can access the folder. When the user uninstalls the application, these files are removed. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The MobilePASS application is marked with the allowbackup attribute set to false, to prevent it from being backed up from the device. The allowbackup attribute determines if an application's data can be backed up and restored. Code is run through obfuscation APK process to deter reveres engineering efforts Table 2 MobilePASS Security Mechanisms for Android Done over the entire installation package Page 6 of 12
7 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.4 for Microsoft Windows Desktop Key store Access Secure Key Storage The MobilePASS application uses Windows Data Protection (DPAPI) to secure the OTP seed. DPAPI ensures that for each user on a system, a different set of encryption keys is maintained and used to encrypt the key storage. File System Protection - The file is stored in %AppData% (typically points to C:\Documents and Settings\<user dir>\application Data) which provides another level of security from other users of the system. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token information and seed using AES256. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The file contents are encrypted using Windows Data Protection (DPAPI) which means it cannot be used by any other user on the same machine and any user on any other machine. Certification MobilePASS relies on Microsoft Windows validated crypto libraries Table 3 MobilePASS Security Mechanisms for Microsoft Windows Desktop Details on Windows crypto libraries validation can be found here. Page 7 of 12
8 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for BlackBerry OS 10 Key store Access The encrypted OTP seed is stored on the Blackberry Android runtime framework in the MobilePASS application s private folder. Files saved to the internal storage are private to the particular application and other applications cannot access them (nor can the user). When the user uninstalls the application, these files are removed. Note: The MobilePASS application is based on the Android runtime environment in Blackberry and the MobilePASS for Android application codebase. Key Encryption The OTP seed is encrypted with AES 256 before it is stored by the application. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. For the AES encryption, a data encryption key is randomly generated by the MobilePASS application. The data encryption key (DEK) is used to encrypt the token OTP seed using AES256. The DEK is encrypted with AES 256 using a key encryption key (KEK). The KEK is not stored, but rather dynamically derived from the user PIN and from additional phone specific data. Copy Protection The MobilePASS application is marked with the allowbackup attribute set to false, to prevent it from being backed up from the device. Table 4 MobilePASS Security Mechanisms for BlackBerry OS 10 The allowbackup attribute determines if an application's data can be backed up and restored. Page 8 of 12
9 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.3 for BlackBerry OS 6 Key store Access MobilePASS is protected by the SafeNet private key. The SafeNet private key is part of the BlackBerry Access Protection (ControlledAccess API) system that prevents unauthorized applications from accessing the protected data. Key Encryption The OTP seed is encrypted using AES-128 before it is stored by the application. The encryption key is derived from the application PIN. Copy Protection MobilePASS application data is protected by the SafeNet private key, which prevents the data from being accessed by a backup application. The data therefore cannot be backed up. Table 5 MobilePASS Security Mechanisms for BlackBerry OS 6 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.2 for Microsoft Windows Phone 7 Key store Access The encrypted OTP seed is stored on the Windows Phone 7 using an isolated storage mechanism. Files saved to the isolated storage are private to the particular application and other applications cannot access them. When the user uninstalls the application, these files are removed Key Encryption The OTP seed is encrypted using AES-128 before it is stored by the application. The encryption key is derived from the application PIN. Table 6 MobilePASS Security Mechanisms for Microsoft Windows Phone 7 Page 9 of 12
10 Mobile Platform Security Feature Mechanism Comment MobilePASS 8.2 for Apple Mac OS X Key store Access The OTP seed is stored in the MAC OS KeyChain store. The encryption key is derived from the application PIN. Key Encryption The OTP seed is encrypted using AES 256 before it is stored in the key chain. The encryption key is derived from the application PIN. When the server policy does not require a PIN, a hardcoded default PIN is used in the derivation process instead of a user chosen PIN. Key to keychain is derived from non-migratable Copy Protection device parameters like serial ID/hardware UUID. Hence the application will not be able to access the keychain when OS backup is restored to a different machine. Table 7 MobilePASS Security Mechanisms for Mac OS X Page 10 of 12
11 Automation and Token Management 1. Dynamic re-seeding: if needed, MobilePASS can be easily re-enrolled which reseeds the application with new OTP seeds. 2. Immediate revocation option: in situations where a mobile device is stolen, lost or cracked, the MobilepPASS user notifies their IT administrator who can immediately revoke access for that specific MobilePASS authenticator by disabling it or deleting it from the Authentication Server. This ensures minimal security exposure to the corporate information system. Further, the user selfenrollment and over-the-air deployment capabilities enable quick and easy installation of a new MobilePASS authenticator on the user s replacement device. 3. Clock tamper detection: A known attack on Time-based passcodes is to change the device time ahead so that OTPs can be harvested for future use. MobilePASS can detect if the device time has been recently changed and will prompt the user to confirm whether the device time is currently accurate or not. If the user confirms that the current time is accurate, it means that the device clock has been tampered with. In this case the token will be revoked and the user will be asked to go enroll a new token. 4. Event-based passcode delay policy: In order to prevent generating a large number of passcodes in a short period of time, MobilePASS supports a delay policy between passcode generation events. The delay prohibits generation of a new passcode for the allotted time duration. Time delay duration can be configured to 10, 30 or 60 seconds. Page 11 of 12
12 Summary MobilePASS offers powerful protection and access control for remote and local network access. It is compatible with the broadest range of mobile clients, and provides secure and convenient access to remote systems, such as VPNs, Citrix applications, Cloud applications, Outlook Web Access, and Web portals. It also offers strong authentication for secure local network access. With the enhanced authentication capabilities and security mechanisms, organizations can be assured of multi-layered protection, including: Support for both device and software PINs Immediate license revocation and re-activation Protection from replication and duplication OTP seed encryption About SafeNet Authentication Solutions SafeNet s strong authentication solutions, delivered as-a-service or on-premise, offer fully-automated, highly secure authentication with the widest choice of authentication methods and form factors. Strong authentication is made easy through the flexibility and scalability of automated workflows, and with extensive self-service portals, contributes to significant reductions in total cost of ownership. With no infrastructure required, SafeNet authentication solutions enable a quick migration to cloud environments, and protect everything, from cloudbased and on-premise applications, to networks, users and devices. For more information regarding SafeNet s complete portfolio of authentication solutions, visit Page 12 of 12
ipad in Business Security Overview
ipad in Business Security Overview ipad can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods for
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationMobilePASS for BlackBerry OS 10
MobilePASS for BlackBerry OS 10 CUSTOMER RELEASE NOTES Version: 8.4 Build: 84 Issue Date: 25 March 2015 Document Part Number: 007-012937-001, Rev. B Contents Product Description... 2 Release Description...
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationSoftware Token Enrollment: SafeNet MobilePASS+ for Apple ios
Software Token Enrollment: SafeNet MobilePASS+ for Apple ios Step 1: Open the Self-Enrollment email a. Open the Self-Enrollment email on your Apple ios phone. NOTE: If using a personal phone, open the
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationTECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION
TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION SMS PASSCODE is the leading technology in a new generation of two-factor authentication systems protecting against the modern Internet threats.
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationNotifyMDM Device Application User Guide Installation and Configuration for Android
NotifyMDM Device Application User Guide Installation and Configuration for Android NotifyMDM for Android, Version 3.x NotifyMDM for Android 1 Table of Contents NotifyMDM for Android 3 Installation Instructions
More informationProgressive Authentication in ios
Progressive Authentication in ios Genghis Chau, Denis Plotnikov, Edwin Zhang December 12 th, 2014 1 Overview In today s increasingly mobile-centric world, more people are beginning to use their smartphones
More informationUser Manual: SuisseID Signing Service by QuoVadis
User Manual: SuisseID Signing Service by QuoVadis Content 1 Basics... 2 1.1 Self-enrollment process... 2 1.2 Strong authentication... 3 1.3 Important Abbreviations... 3 2 Requirements... 3 2.1 Mobile Phone
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationNotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown
NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown NotifyMDM for ios Devices, Version 3.x NotifyMDM for ios with TouchDown 1 Table of Contents NotifyMDM for ios
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationAugmenting security and management of. Office 365 with Citrix XenMobile
Office 365 with Citrix XenMobile Augmenting security and management of Office 365 with Citrix XenMobile There are quite a few reasons why Microsoft Office 365 is so popular with enterprise customers. Citrix.com
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationApple OS Deployment Guide for the Enterprise
Apple OS Deployment Guide for the Enterprise So your organization is about to deploy Mac, iphone, ipad and/or Apple TV to your users and you re not sure where to start? That s where the Apple management
More informationVidder PrecisionAccess
Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationBlackBerry Dynamics Security White Paper. Version 1.6
BlackBerry Dynamics Security White Paper Version 1.6 Page 2 of 36 Overview...4 Components... 4 What's New... 5 Security Features... 6 How Data Is Protected... 6 On-Device Data... 6 In-Transit Data... 7
More informationSafeNet Authentication Manager
SafeNet Authentication Manager Version 8.0 Rev A User s Guide Copyright 2010 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationOATH-HOTP. Yubico Best Practices Guide. OATH-HOTP: Yubico Best Practices Guide Yubico 2016 Page 1 of 11
OATH-HOTP Yubico Best Practices Guide OATH-HOTP: Yubico Best Practices Guide Yubico 2016 Page 1 of 11 Copyright 2016 Yubico Inc. All rights reserved. Trademarks Disclaimer Yubico and YubiKey are trademarks
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationIntegration Guide. SafeNet Authentication Service (SAS)
Integration Guide SafeNet Authentication Service (SAS) Revised: 10 June 2016 About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationSafeNet MobilePASS+ for Android. User Guide
SafeNet MobilePASS+ for Android User Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationIdentity and Authentication PKI Portfolio
Identity and Authentication PKI Portfolio Gemalto offers comprehensive public key infrastructure (PKI) authentication solutions that provide optimal levels of security. Supporting a wide portfolio of IDPrime
More informationIntegrating Password Management with Enterprise Single Sign-On
Integrating Password Management with Enterprise Single Sign-On 2016 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: one problem, two solutions 2 2.1 The Problem.............................................
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide NetMove Daniel R. Pintal, RSA Partner Engineering Last Modified: April 4, 2018 Solution Summary Secure Starter
More informationMobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015
Mobile Field Worker Security Advocate Series: Customer Conversation Guide Research by IDC, 2015 Agenda 1. Security Requirements for Mobile Field Workers 2. Key Mobile Security Challenges Companies Face
More informationUser Manual: SuisseID Signing Service by QuoVadis
User Manual: SuisseID Signing Service by QuoVadis Content 1 Basics... 2 1.1 Self-enrollment process... 2 1.2 Strong authentication... 3 1.3 Important Abbreviations... 3 2 Requirements... 3 2.1 Mobile Phone
More informationTFS WorkstationControl White Paper
White Paper Intelligent Public Key Credential Distribution and Workstation Access Control TFS Technology www.tfstech.com Table of Contents Overview 3 Introduction 3 Important Concepts 4 Logon Modes 4 Password
More informationBlackBerry 2FA. Datasheet. BlackBerry 2FA
Datasheet BlackBerry 2FA BlackBerry 2FA The Challenge: Critical enterprise systems especially cloud services are more exposed than ever before because of the growing threat of cybercrime. Passwords alone
More informationCertificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between
Certificate Enrollment- and Signing Services for the Cloud A behind-the-scenes presentation of a successful cooperation between Introduction Based on our experience and the request from the market we would
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationSalesforce Mobile App Security Guide
Salesforce Mobile App Security Guide Version 2, 2 @salesforcedocs Last updated: November 2, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationThe Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions
The Mobile Risk Management Company Overview of Fixmo and Mobile Risk Management (MRM) Solutions Company Proprietary Information Copyright Fixmo Inc., 2012 Introduction to Fixmo Founded on a simple idea:
More informationEchidna Concepts Guide
Salt Group Concepts Guide Version 15.1 May 2015 2015 Salt Group Proprietary Limited. All rights reserved. Information in this document is subject to change without notice. The software described in this
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide Pulse Secure John Sammon, Dan Pintal, RSA Partner Engineering Last Modified: July 11, 2018 Solution Summary
More informationOverview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
More informationColligo Briefcase. for Good Technology. Administrator Guide
for Good Technology Administrator Guide Contents Introduction... 2 Target Audience... 2 Overview... 2 Key Features... 2 Platforms Supported... 2 SharePoint Security & Privileges... 3 for Good Technology...
More informationVMware Horizon Workspace Security Features WHITE PAPER
VMware Horizon Workspace WHITE PAPER Table of Contents... Introduction.... 4 Horizon Workspace vapp Security.... 5 Virtual Machine Security Hardening.... 5 Authentication.... 6 Activation.... 6 Horizon
More informationBusting the top 5 myths of cloud-based authentication
Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date Overview Cloud benefits Agility
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationMaaS360 Secure Productivity Suite
MaaS360 Secure Productivity Suite Frequently Asked Questions (FAQs) What is MaaS360 Secure Productivity Suite? MaaS360 Secure Productivity Suite integrates a set of comprehensive mobile security and productivity
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationProtect your business in today s fast-changing security and risk environment.
FACT SHEET Protect your business in today s fast-changing security and risk environment. Email is the main way your business communicates internally and externally, so you rely on it being available all
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationSecuring Office 365 with MobileIron
Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,
More informationDeployment Scenarios June Microsoft Exchange ActiveSync. Standards-based Servers. Virtual Private Networks. Digital Certificates
iphone in Business Deployment Scenarios June 2010 Learn how iphone integrates seamlessly into enterprise environments with these deployment scenarios. Microsoft Exchange ActiveSync Standards-based Servers
More informationMobilize with Enterprise Security and a Productive User Experience
Mobilize Email with Citrix XenMobile Mobilize Email with Enterprise Security and a Productive User Experience People need to be able to work with email productively wherever they go. Citrix.com 1 Email
More informationSafeNet Authentication Service. Push OTP Solution Guide
SafeNet Authentication Service Push OTP Solution Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationKT-4 Keychain Token Welcome Guide
SafeNet Authentication Service KT-4 Keychain Token Welcome Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document
More informationAerohive and IntelliGO End-to-End Security for devices on your network
Aerohive and IntelliGO End-to-End Security for devices on your network Introduction Networks have long used a password to authenticate users and devices. Today, many cyber attacks can be used to capture
More informationUser Self-Administrative Web Guide
User Self-Administrative Web Guide NotifyMDM Version 3.x The User Self-Administrative Web 1 Table of Contents The User Self-Administrative Web 3 Accessing the Mobile User Self-Administrative Portal...
More informationVA REMOTE ACCESS (updated 12/20/16)
VA REMOTE ACCESS (updated 12/20/16) (PROBLEMS: CALL PIV NATL HELP DESK @ 855-673-4357, choose Option 6 and then Option 2) 1. REQUEST VA REMOTE ACCESS (YOU MUST BE AT THE DALLAS VA TO REQUEST): Go to https://vpnportal.vansoc.va.gov/selfservice/userlogin.aspx
More informationIntegration Guide. SafeNet Authentication Manager. Using SafeNet Authentication Manager with Citrix XenApp 6.5
SafeNet Authentication Manager Integration Guide Using SafeNet Authentication Manager with Citrix XenApp 6.5 Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013
More informationA Practical Step-by-Step Guide to Managing Cloud Access in your Organization
GUIDE BOOK 4 Steps to Cloud Access Management A Practical Step-by-Step Guide to Managing Cloud Access in your Organization Cloud Access Challenges in the Enterprise Cloud apps in the enterprise have become
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationBanner SSL VPN User Guide
P a g e 1 Banner SSL VPN User Guide Version By Date Changes 1.3 Jerome Casper 6-1-2016 Combined VPN/2FA documentation Guide Maintainence IT Service Desk Ongoing Table of Contents Document Control and Version
More informationSurePassID ServicePass User Guide. SurePassID Authentication Server 2017
SurePassID ServicePass User Guide SurePassID Authentication Server 2017 Introduction This technical guide shows how users can manage their SurePassID security tokens that are compatible with SurePassID
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationManaging Devices and Corporate Data on ios
Managing Devices and Corporate Data on ios Overview Businesses everywhere are empowering their employees with iphone and ipad. Contents Overview Management Basics Separating Work and Personal Data Flexible
More informationSxS Authentication solution. - SXS
SxS Authentication solution. - SXS www.asseco.com/see SxS Single Point of Authentication Solution Asseco Authentication Server (SxS) is a two-factor authentication solution specifically designed to meet
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and personal information are often
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationHosts have the top level of webinar control and can grant and revoke various privileges for participants.
Introduction ClickMeeting is an easy-to-use SaaS webinar platform used worldwide. It was built using highend technology, with data security as the highest priority. The platform meets stringent security
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationSecure Your First BlackBerry Dynamics App
Hong Kong 2018 Hong Kong 2018 Secure Your First BlackBerry Dynamics App EK Choi, Enterprise Solutions Manager Build Integration Dynamics runtime is for secure mobile and desktop applications Exposes capabilities
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation June 2014 Public Legal disclaimer This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationCitrix SSO for ios. Page 1 18
Citrix SSO for ios Page 1 18 Contents OVERVIEW... 3 WHAT'S NEW... 3 KNOWN ISSUES AND FIXED ISSUES... 4 FEATURE COMPARISON BETWEEN CITRIX VPN AND CITRIX SSO... 5 COMPATIBILITY WITH MDM PRODUCTS... 6 CONFIGURE
More informationCodebook. Codebook for OS X Introduction and Usage
Codebook Codebook for OS X Introduction and Usage What is Codebook Encrypted Data Vault Guards passwords and private data Keeps sensitive information organized Enables quick recall of secrets Syncs data
More informationipad in Business Deployment Scenarios November 2010 Microsoft Exchange ActiveSync Standards-Based Services Virtual Private Networks
ipad in Business Deployment Scenarios November 2010 Learn how ipad integrates seamlessly into enterprise environments with these deployment scenarios. Microsoft Exchange ActiveSync Standards-Based Services
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationRSA Authentication Manager 8.0 Security Configuration Guide
RSA Authentication Manager 8.0 Security Configuration Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationLinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!
LinQ2FA Stay Fraud Free! Helping You Direct Communication Secure to your Your customers Network LINQ2FA Stay Fraud Free! Enhance your security against cyber fraud with Two Factor Authentication Suitable
More informationRemote Access. Application Viewer User Guide
Remote Access Application Viewer User Guide Page Logging into Application Viewer... 3 Logging off Application Viewer... 9 Lost or stolen tokens... 9 Application Viewer User Guide October 11, 2011 2 of
More informationPhil Schwan Technical
Phil Schwan Technical Architect pschwan@projectleadership.net @philschwan Today s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources.
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationKODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform
& Secure Collaboration Platform by Paweł Mączka, Storware CTO Table of Contents OVERVIEW 3 WHAT IS KODO? 4 HOW IT WORKS? 5 BACKUP & RESTORE 6 TABLE OF FEATURES 8 END-TO-END ENCRYPTION FOR ANDROID DEVICES
More informationHOMELESS INDIVIDUALS AND FAMILIES INFORMATION SYSTEM HIFIS 4.0 TECHNICAL ARCHITECTURE AND DEPLOYMENT REFERENCE
HOMELESS INDIVIDUALS AND FAMILIES INFORMATION SYSTEM HIFIS 4.0 TECHNICAL ARCHITECTURE AND DEPLOYMENT REFERENCE HIFIS Development Team May 16, 2014 Contents INTRODUCTION... 2 HIFIS 4 SYSTEM DESIGN... 3
More information<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide
RSA SECURID ACCESS Standard Agent Client Implementation Guide VMware Horizon View 7.2 Clients Daniel R. Pintal, RSA Partner Engineering Last Modified: September 14, 2017
More informationSafeNet Authentication Service
SafeNet Authentication Service Push OTP Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have
More informationENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION
ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION A Guide to Meet NIST SP 800-157 Requirements +1-888-690-2424 entrust.com Table of contents The Need for Mobile Credentials Page 3 Entrust Datacard: The
More informationStorage Made Easy. Mirantis
Storage Made Easy Providing an Enterprise File Fabric for Mirantis STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR MIRANTIS The File Fabric is a comprehensive multi-cloud data security solution built on top
More informationefolder White Paper: HIPAA Compliance
efolder White Paper: HIPAA Compliance November 2015 Copyright 2015, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within
More informationMICROSOFT (MS) INTUNE IOS/ANDROID DEVICE ENROLLMENT
IS DIVISION MICROSOFT (MS) INTUNE IOS/ANDROID DEVICE ENROLLMENT FY 2018-2019 CONTENTS Introduction 3 Timeline 4 Getting Started 5 Content transfer guidelines 7 Page 2 INTRODUCTION BACKGROUND Microsoft
More informationVAM. Epic epcs Value-Added Module (VAM) Deployment Guide
VAM Epic epcs Value-Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products
More information81 -key The Power of a Touch. ID DIRECTOR for Windows. Microsoft Partner. Adress 3349 Highway 138 BLDG A STE E Wall, NJ 07719
ID DIRECTOR for Windows 81 -key The Power of a Touch Phone 0:(732) 359-1100 F: (732) 359-11 0 1 @ Contact info@bio-key.com www.bio-key.com Adress 3349 Highway 138 BLDG A STE E Wall, NJ 07719 Microsoft
More informationStorage Made Easy. SoftLayer
Storage Made Easy Providing an Enterprise File Fabric for SoftLayer STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR SOFTLAYER The File Fabric is a comprehensive multi-cloud data security solution built on
More information