Products for LATAM

Wilson Cavenaghi
Project Manager
7/20/20
Agenda

 EZIO Authentication Server

 EZIO Communication Layer
 EZIO Mobile Delivery Agent
 EZIO onMobile
 EZIO TAN Card Server
 EZIO Authentication Broker
 Administrative Module
 Tools Module
 Products Integration

Security Level 2
EZIO Authentication Server

Security Level 3
EZIO Authentication Server

It is a One Time Password (OTP) authenticator

Key features:
 OATH compliant
 Support for hardware and mobile tokens
 Optimized high performance API
 Scalable - supports Cluster or Laod Balance
 Native interface for authentication and token management
 Native API for EZIO onMobile token creation
 Native support for cryptographic hardware (HSM) PKCS-11 standard
 Token Autosync mechanism for Time and Event based tokens (hardware or mobile)
 Database independent (it can be stored by the customer’s application – 1kb per token)
 No batch synchronization required

Security Level 4
EZIO Authentication Server

 Support to multiple methods per token seed (hardware or mobile)

 OATH Time OTP
 OATH Event OTP
 OCRA (OATH Challenge Response)
 Gemalto’s Transaction Signing
 SMS OTP
 Server platforms supported:
 Windows Server (cluster and load balance)
 IBM z/OS
 Linux
 Unix

Security Level 5
EZIO Authentication Server

 Common application integration

 Internet Banking
 Enterprise portal
 WEB applications
 Webmail
 Identity providers
 VPN
 Access gateways
 ATM
 IVR

Security Level 6
EZIO Communication Layer

Security Level 7
EZIO Communication Layer

Exposes WebServices for all EZIO Authentication Server API (authentication, management
and creation)

 Runs under Windows Server Platform (2008 32bit – 64bit: coming soon)
 Provides token administration database
 Developed in C#
 Scalable platform (Cluster and Load Balance)
 Database support
 OracleTM
 MS SQL ServerTM
 PostGreSQL

Security Level 8
EZIO Mobile Delivery Agent

Security Level 9
EZIO Mobile Delivery Agent

Exposes WebServices to support EZIO onMobile application and token download (seed
deployment)

 Runs under Windows Server Platform (2008 32bit – 64bit: coming soon)
 Provides token administration database
 Developed in C#
 Scalable platform (Cluster and Load Balance)
 Database support
 OracleTM
 MS SQL ServerTM
 PostGreSQL

Security Level 10
EZIO onMobile

Security Level 11
EZIO onMobile

This mobile token client is an full OATH OTP generator, developed to run from low cost java
phones to smartphones.

 Easy-to-use application
 Supports multiple enterprises
 Supports multiple seed (tokens) per enterprise
 Supports multiple methods per token
 Supports all OATH methods:
 OATH Time OTP
 OATH Event OTP
 OCRA (OATH Challenge Response)
 Supports Gemalto’s Transaction Signing
 Supports several mobile platforms:
 Java (J2ME)
 BlackBerry
 iPhone
 Android
 Windows Mobile 6.5 (with Java VM) / Windows Mobile 7.0

Security Level 12
EZIO onMobile

 Developed in Java, C# and Objective C (iOS)**

 Fully supported by EZIO Mobile Delivery Agent for token download
 Delivered as a standard mobile application or as an embedded API
for mobile apps (e.g. mobile banking)
 One device, multiple applications
 Install same Java application under different names in one device
 Many applications can use m-Trusted Client embedded API
 Each application/API does NOT share their database:
– Each app can have more then one seed (token)
– Seeds are NOT shared between applications/API
 Available for almost 200 cellphone models
 Anti-cloning mechanism (token cannot be replicated to another
device)
 Cryptographic channel for token seed download
 Mobile application protected by password

Security Level 13
EZIO TAN Card Server

Security Level 14
EZIO TAN Card Server

This server is an full transaction authentication number card generator and authenticator. It
uses the same OTP generator algorithm from OATH.
Features:
 TAN Card set management
 Creation
 Block
 Cancelation
 Generates PGP protected files to print services
 TAN Card operation
 Activation
 Block
 Cancelation

Security Level 15
EZIO TAN Card Server

 Multiple card configuration

 Number of challenge digits
 Number of password (response) digits
 Number of entries (challenge/password)
 Different challenge and password alphabets:
– Number: 0-9
– Hexadecimal: 0-F
– Alphanumeric: 0-9 + A-Z
 TAN Card validity
 Password re-use
 Password duplication
 Sequential, random or random ranges challenges
 SMS TAN Card

Security Level 16
EZIO Authentication Broker

Security Level 17
EZIO Authentication Broker

This platform is an authentication broker working as single point of integration,

hiding the complexity to add new authentication factors to any application.
Features:
 Easy to add new plugins to new authentication servers
 Servers already supported:
 m-Trusted OTP for Windows
 m-Trusted OTP for IBM z/OS*
 OCS TAN Card
 Gemalto’s SA Server (including EMV-CAP)
 Microsoft Active Directory (for username/password)
 Novel e-Directory (for username/password)
 SQL databases
 Google Authentication WebService
 Third party authentication platforms:
– RSA Ace Server **
– Vasco Vacman Controler **

** Upon customer request

Security Level 18
EZIO Authentication Broker

 Clients supported:
 Web Applications
 Radius protocol (Citrix, Cisco, CheckPoint, UAG)
 SAML
 Native authentication methods:
 Username and password
 Time based OTP, Event based OTP, OCRA, Transaction Signing, EMV-CAP

Security Level 19
Administrative Module

Security Level 20
Administrative Module

This web application was created as a simplified server administration to manage

Ezio Servers.
Features:
 User friendly application
 Easy to use
 Developed for user’s administrators
 Integrated with MS AD and Novel e-Directory
 High transaction granularity (for profile management)
 Administrator profiles managed by LDAP server
 Developed in .NET (ASP .NET and C#)
 Uses Authentication Center for login
 Full operation logs for auditing
 Auditing reports
 m-Trusted and TAN Card reports
 Hardware token management (basic operations)
 Allows addition of customer specific modules

Security Level 21
Administrative Module

Security Level 22
Tools Module

Security Level 23
Tools Module

This web application was created to help users on hardware and mobile
token activation, Ezio onMobile download and TAN Card activation.
Features:
 User friendly application
 Easy to use
 Developed for all users
 Integrated with MS AD and Novel e-Directory
 Developed in .NET (ASP .NET and C#)
 Uses EZIO Authentication Broker for login

Additional Features:
 Hardware and mobile token manual synchronization
 SMS TAN Card request

Security Level 24
Products Integration

Security Level 25
Products Integration
Integration Integration Token TAN Card
Components WEB Services Activation Activation
Administrative Module
Authentication Broker Tools Module
Oracle
Oracle // PostgreSQL
PostgreSQL // SQL
SQL Server
Server Oracle
Oracle // PostgreSQL
PostgreSQL // SQL
SQL Server
Server

Creation Administration Authentication App Download Token Download

Communication Layer Mobile Delivery Agent

Oracle
Oracle // PostgreSQL
PostgreSQL // SQL
SQL Server
Server Oracle
Oracle // PostgreSQL
PostgreSQL // SQL
SQL Server
Server

HSM Key Storage

Creation Administration Authentication Creation Administration Authentication

Authentication Server TAN Card Server

Oracle
Oracle // PostgreSQL
PostgreSQL // SQL
SQL Server
Server

Security Level
Thank you

Security Level 27