Gemalto .NET solution - OKsystem

May 22, 2008SMART CARD FORUM 2008Philippe InserraCentral Europe Regional ManagerPhilippe.Inserra@gemalto.comNicolas GirardinEuropean Strategic Alliance ManagerNicolas.Girardin@Gemalto.com

Agenda1Gemalto company introduction2Strong Authentication3Gemalto .NET solution

Gemalto worldwide: a global footprint to betterserve our customers €1.7 billion revenue 2006 Innovation investment:• 11 R&D sites worldwide• 1,300 engineers Global footprint:• 23 production sites• 36 personalization centers• 100 sales & marketing offices Experienced team:• 10,000 employees• 90 nationalities• 40 countries

Gemalto's secure, easy-to use solutions Secure personal devices• portable devices that securely storeapplications and information specificto the end-user:– Microprocessor cards: e.g. wirelessSIM cards, EMV banking cards etc.– e-passports, e-healthcare ande-ID cards, driving licenses etc• Interfaces, readers, chipsets,tokens, USB dongles and OTP devices Software & services:• Software, and server-based solutions• Services: personalization, datamanagement, file treatment,post-issuance, packaging• Consulting, integration, projectmanagement, training and support

Agenda1Gemalto company introduction2Strong Authentication3Gemalto .NET solution

What is it exactly?TokenSmart-cardbased userauthenticationdevicesServerAuthenticationand customercare serverAgent3 rd Partysolution/softwareagentsUserSelf-serviceuser care portal& browser plugin

A complete end-to-end solutionTokensServerAgentsAgentsUserServerTokensPortal

What is the role of the Smart Card? Hosts the application Hosts the secret keys Computes and generates theone-time password (OTP) Value added services• Evolution to PKI• Email & file encryption• Digital signature• Smart logonUnconnected ModeToken OptionsConnected ModeConnected mode

Agenda1Gemalto company introduction23Strong AuthenticationStrong AuthenticationGemalto .NET solution

Gemalto et Microsoft1996Début du supportPC/SC CryptoAPI2000CSPs Axalto & Gempluslivrés avec Windows2000 (OOB W98,Me,NT4)2001CSPs Axalto & Gempluslivrés avec Windows XP32- & 64-bit2002Microsoft définit la nouvellearchitecture CSP & minidriverspour Windows VistaGemalto commence ledéveloppement d'une carte àpuce basée sur le framework.NETGemalto livre à MSFT leminidriver de la carte .NET pourinclusion sous Vista2005Microsoft déploie lacarte Gemalto .NETcomme badged'entrepriseLe minidriver Gemalto .NET est livréavec Windows Vista & WindowsUpdate pour Windows 2000, XP &Server 2003200710

.net smart cards in different form factors Badge• ISO form• OTP reader USB device• USB (SIM form)• With OTP display• With Flash disk– 1 / 2 Gb– hardware based AES 256-bits encryption

Gemalto solutions for Microsoft SecurityPlatformCard management& personalizationservicesStrong authenticationfor network logonEdgeClient &Server OSStrongAuthenticationfor desktopFederated ServicesRight Management ServicesSecure IdentityFederation &Application SS0with smart cardsSmart cardtechnology toobtain RMS licensingConfidentialinformation protectedwith encryptionDigital signature forOffice files & encryptionfor Outlook email

Microsoft Windows Smart Card FrameworkAny CAPI-basedCrypto ApplicationVendor-Specific CSPCAPI-based CryptoApplication(i.e., Secure Email)(i.e., Smart Card Logon)Microsoft Smart Card Base Cryptographic Service Provider(BaseCSP.DLL)Gemalto .NET 2.0Smart Card MinidriverWinSCard API(WinSCard.DLL)Smart Card Resource ManagerCAPI-based CryptoApplicationOther Base CSP compliantSmart Card MinidriverSmart Card #1 Gemalto .NET 2.0 Smart CardSmart Card #3Microsoft Base Smart Card CSP vs. Vendor-Specific Monolithic CSP• The new Windows Smart Card Frameworkreplaces the traditional monolithic architecturefor Smart Card Cryptographic Services.• The WSCF defines a Base Crypto ServiceProvider as a common interface for all WSCFcompliant smart cards.• SC Vendors shall no longer provide a fullblown proprietary middleware to support theirsmart cards on Windows OSs.• SC Vendors now shall only provide a smallfootprint dll, called smart card minidriver, tocommunicate with the Base CSP.• For Windows 2000, XP & Server 2003, TheSmart Card Base CSP is an optionalcomponent available for download viaWindows Update (KB909520).• The Gemalto .NET Minidriver (axaltoCM.dll) isincluded in the downloadable package.• On Windows Vista the Smart Card CryptoService Provider is called Smart Card KeyStorage Provider (KSP), and it is a corecomponent of the OS.• The Gemalto .NET Minidriver is also a nativecomponent in Vista.

LEVEL OF SECURITY2 step path to Secure Authentication2 factorAuthentication3 factorAuthenticationPKI Certificates +MS Base CSP & ILMREDUCE DEPLOYMENTCOMPLEXITY & COST- Easy migration from OTPbased to stronger Certificatebased authentication- Reuse already deployedSmart Cards or TokensUsernameand StaticPasswordOTP oncard assembly+ Gemalto SA ServerDEPLOYMENT COMPLEXITY & COST

Gemalto .NET et MicrosoftPlug & Play on Vista15

Gemalto services / integration Expert support at the different project stages• Scope / Project definition• Security Procedure (Workflow, Policies, …)• POC / Pilot• Integration• Operation Technology domains• Smart card integration– Profile/Mapping, Application/Assembly/Applet, Contact/Contactless, …)• User Workstation integration– Reader, middleware , Software (Encryption, Authentication, …)• Infrastructure integration– ILM/CLM, PKI, ISA/IAG/Radius for OTP, …– Issuance station

Microsoft and Gemalto.net smart card for ILM evaluation kit .net smart cards USB card reader• ISO form factor• SIM form factor OTP reader Softwares• Resource CD• ILMhttp://www.microsoft.com/windowsserver2003/technologies/idm/ilm.mspx Ask for you evaluation kit ! ( Nicolas.Girardin@Gemalto.com )

Online Resources Gemalto www.gemalto.com/ .net smart card www.netsolutions.gemalto.com/• Forum: www.netsolutions.gemalto.com/forum• Utilities: www.netsolutions.gemalto.com/utilities.aspx One Time Password www.protiva.gemalto.com/ SAS Demo Portal: www.strongauthdemo.gemalto.com Microsoft Gemalto Extranet : www.msxtranet.gemalto.com MSFT Base SC CSP Download:http://support.microsoft.com/kb/909520 MSFT ILM:http://www.microsoft.com/windowsserver2003/technologies/idm/ilm.mspx

Thank you!