e Token Solutions January 2003 www e Aladdin

e. Token Solutions January 2003 www. e. Aladdin. com/e. Token 1

Digital Identity Management • 3 Good reasons to use e. Token • Simple & Easy to use • Enhanced security • Cost effective, versatile and fully mobile solution • Solutions and Technical Information • Customers & References • Press Coverage & Awards • About Aladdin 2

3 Good Reasons To Use e. Token Simple & Easy to use Ø Insert e. Token into the USB port. Ø Type in a simple password. Ø Automatically logon to your application. Enhanced Security Ø Logon requires e. Token & Password (2–factor authentication). Ø All access profile, keys and certificates are securely stored on the e. Token. Ø Secure Smart. Card technology. Cost effective & fully mobile Ø Increased ROI through improved password management. Ø Standard USB connectivity enables users mobility and eliminates the need to install and maintain a separate reader. Ø Standard connectivity to security systems eliminates the need to make changes to network topology or install dedicated servers. 3

Simple & Easy to Use Ø Insert e. Token into the USB port. Ø Type in a simple password. Ø Automatically logon to your application. And type your password (Factor 2) Just plug in your e. Token (Factor 1) Without both “Factors”, a user cannot logon, or sign a transaction. 4

Simple & Easy to Use It’s Your Digital Identity Organizer Your VPN Access Your Network Access Your Web Access Your Secure e. Mail Your Computer Data Protection Your Secure Key Storage Your Secure Certificate Storage Your Secure Password Storage Your Secure Key Generation 5

Enhanced Security Ø Logon requires e. Token & Password (2–factor authentication). Ø All access profiles, keys and certificates are securely stored on the e. Token. Ø Secure Smart. Card technology. Does this sound familiar? • Writing your passwords on a piece of paper, keeping them in your wallet or pasting them on your computer screen. • Using the same password for multiple applications so it will be easy to remember. • Being annoyed when asked by your network administrator to change your password, or adhering to rigid password rules. • Forgetting your password. 6

Enhanced Security Why passwords are not enough ! A recent NTA Survey found that: • A typical intensive IT user has more than 21 passwords and has 2 strategies to cope, neither of which are advisable from a security stand point; they either use common words as passwords or keep a written record of them. • 84% of users consider memorability the most important attribute of a password, resulting in 81% selecting a common word as a password. • 67% of all users rarely change their passwords, and 22% said they would only change if forced to do so. Source www. silicon. com , 2002 NTA Monitor Password Survey 7

Enhanced Security e. Token offers advanced Smartcard security in a USB Token form-factor! e. Token Feature Benefit 2 -Factor Authentication. Offers very high level of security by ensuring that only an authorized person in possession of an e. Token and a valid PIN can make use of it. i. e. a personal PIN and an e. Token are required before authenticating. Logical and physical protection i. e. Tamper-proof. Locks after several wrong password attempts, … Standards Compliancy ITSEC LE 4 FIPS 140 -1 2/3 Onboard sensitive key operations and secure storage of access credentials. i. e. RSA (1024 -bit) PKI operations can be done onboard, including key generation Advanced security certifications i. e. FIPS 140 1 (2) and ITSEC LE 4 Ensures that data on e. Token can not be compromised if lost or attacked. Ensures that user keys and credentials are fully protected and mobile and not exposed to the hostile PC environment. Digital signatures are ultra secure. Ensures critical security validation by experts. 8

Cost Effective & Fully Mobile Ø Increased ROI through improved password management. Ø Standard USB connectivity enables users mobility and eliminates the need to install and maintain a separate reader. Ø Standard connectivity to security systems eliminates the need to make changes to network topology or install dedicated servers. • META Group research shows that large organizations (*) typically have more than 75 applications, databases and systems requiring authentication. Users are also required to manage these passwords with different requirements and processes. META Group also highlights that implementation of Single Sign On technology provides bottom line benefits resulting in 32% reduction in help desk call volumes and 32% increase in security. August 2002, The Value Of Identity Management • Gartner Group estimates that password-related calls to IT service desks from internal end-users average 4 per year per user. Help desk support costs range from $51 to $147 per password reset action. April 2002 • Gartner Research also believes the advantages from using strong authentication has increased and the disadvantages of implementation decreased to make smartcards the way to go. Gartner Research Note “Its time to get smart about smartcards. October 2001. * With Turn Over greater than $500 m 9

Cost Effective & Fully Mobile e. Token Feature Benefit Supports different user management Seamless integration into the systems; i. e. LDAP, RADIUS, Domain network. No need for complex servers, Firewalls, e. Mail servers… implementations. Support for different types of Ensures protection of investment, authentication technologies, i. e. PKI, ease of use and easy migration from User+Password, OTP… current to future technologies. Same software support different types of hardware devices. i. e. USB Tokens, Smartcards & Readers Provides flexibility to customer needs and ensures protection of investment. Standard USB connectivity Seamless connectivity into any PC environment via USB port. No additional reader is required. Standard connectivity to security systems via industry standards / interfaces. i. e. CAPI, PKCS 11, MS Gina… Eliminates the need to make changes to network topology or install dedicated servers. 10

Cost Effective & Fully Mobile • e. Token; the ultimate authentication solutions! • Simple to use and administrate. • Only 1 password to remember. • Changes to network topology or addition off an additional authentication server are not mandatory. • No battery required. • Fully portable. • Highly secure. 11

Cost Effective & Fully Mobile Versatile & Mobile: Connect from any PC No USB port in front? Use a simple extension cable Simply chose your preferred formfactor or mix and match! * e. Token is also available in a traditional Smartcard formfactor. 12

Cost Effective & Fully Mobile e. Token - Simple Sign On (Si. SO) compared to Standard SSO e. Token Si. SO Solutions Standard SSO Solutions Quick to deploy Yes No Easy to maintain Yes No Multiple application support Yes Limited Medium - Low High No Yes Total Cost of Ownership Required back-end server and integration Identity management technologies such as PKI and SSO will win a significant chunk of IT security spending. 17% of European firms plan to implement PKI, and 14 percent plan to implement SSO in the next 12 to 36 months. (IDC, 26 Nov 2002) 13

Solutions & Technical Information e. Token Secures Your Business Increase your business New services to your customers! Secure your network Protect your corporate network and employees! 14

Solutions & Technical Information With e. Token You Can! • Strongly authenticate users – Enable access only to authorized users. • Digitally sign business transactions – Prove non-repudiation. – Ensure integrity of transactions and information. Authenticate Digitally Sign 15

Solutions & Technical Information e. Token Solutions e. Token Enterprise • PKI Solutions • Network Logon • WSO e. Token SDK • Development APIs. – Win 32, 16 Bit PCSC, CAPI, PKCS 11, Linux, Free. BSD 16

Solutions & Technical Information e. Token Enterprise Solutions e. Token For PKI Solutions e. Token for WSO Solutions e. Token For Network Logon e. Token Simple Sign On (Coming Soon) 17

Solutions & Technical Information e. Token PRO Specs • Advanced Smartcard chip technology, with on-board crypto processing RSA 1024, 3 x. DES, SHA-1. • Secure on-board key generation and storage of PKI keys and certificates. Private keys never leave the e. Token. • Enforceable password retry counter, 3 to 15. • Password quality check and enforcement. • 16 & 32 KB memory models with protected Serial ID. • Tamper evident & water resistant shell and tamper proof chip. • 10 year memory data retention. • Standard support for security APIs: CAPI, PKCS#11 and Siemens-Infineon APDU. • Infineon SLE 66 Chip certified ITSEC-LE 4 • Siemens Card. OS M 4 - certified ITSEC LE 4 • FIPS 140 1 (2&3) compliancy 19

Customers & References 21

Press Coverage & Awards 2001 & 2002 Coverage 22

Press Coverage & Awards Winners, Best Security Device 2 Years Running 2001, 2002 “e. Token’s portability and security provide not only a method to ensure powerful data integrity, authentication and encryption, but also a convenient way of gaining peace of mind by carrying your digital identity with you. ” “Aladdin’s e. Token provides powerful network & e-business security through a convenient USB token that can be carried on a key chain…” “e. Token’s fully portable USB device offers a cost-effective method for authenticating users when accessing a network, and for securing electronic business applications. ” Paul Robinson, SC Magazine 23