SafeNet Borderless Security Platform

A new approach to information security that tightly integrates Authentication, Authorization, and Confidentiality

The SafeNet Borderless Security Platform is a new approach to resolving the information security problems of today's widely distributed, heterogeneous computing environments. The Platform combines authentication, authorization, and confidentiality- wrapped with robust management-into an easily deployed and easily managed solution that minimizes the challenges associated with perimeter-based solutions and security point products from multiple vendors. This Borderless Security solution from SafeNet enables granular authentication and authorization to applications, files, and networks, and provides enforcement of role and risk-based authorization policies. The Platform is based on open standards, providing an organization with the ability to deploy all or part of the solution, each of which easily co-exists and complements existing technologies. The Platform consists of smart cards, USB tokens, client software, server appliances, and management components, tightly integrated in easy-to-deploy packages:



These uniquely packaged components provide a product that merges endpoint compliance checking, authentication, single sign-on, authorization, and confidentiality into one tightly integrated solution for all Web and non-Web applications and resources. With rapid deployment capabilities that leverage and protect existing technology and infrastructure investments, these components allow business units or organizations to respond quickly to opportunities that require electronic access to data by customers, partners, or suppliers.

The Borderless Security Access Server is the core of the Borderless Security Platform and enables the enforcement of authorization and access control policy to applications, devices, files, and networks. This hardened, 1U appliance can be installed with minimal changes to existing security tools, firewalls, or VPNs. In addition to role-based access control, the Access Server can enforce risk-based policy decisions for access and allow decisions to be made on criteria related to the total security environment.

Specialized versions of the Access Server all available for addressing specific identity management and access control problems for which customers need quick solutions. An example is the ConnecTrust Access Server that can quickly be deployed to add endpoint security compliance checking to existing IPSec VPN environments. Another example is the iGate SSL VPN that is an Access Server priced and performance matched for the small and mid-sized markets

The Borderless Security Single Sign-On client is software-based and enables passwords, PKI credentials, and biometrics to be stored on a secure smart card or USB token, and then used to authenticate to applications, files, networks, Web sites, and devices. After configuration by the Borderless Security Manager, the Single Sign-On client manages all of the users' credentials and provides an Enterprise Single Sign-On (SSO) capability by allowing users to log onto their card or token one time only, and thus enabling automatic authentication and access to all administrator allowed applications.

The Borderless Security iKey USB Token is a USB-based portable PKI authentication token that generates and stores digital credentials, such as private keys, digital certificates, usernames and passwords, and biometric templates, on a device small enough to fit on a key chain.

The Borderless Security Smart Card is provided either as a Java Card or as a multi-function card employing the highly secure DKCCOS card operating system. Both are FIPS 140-2 Level 2 validated and can be used to generate and store digital credentials such as private keys, digital certificates, usernames and passwords, and biometric templates on a familiar credit card-sized form factor. These smart cards can also serve as a physical access control card, employing magnetic stripe of RFID technologies.

The Borderless Security Credential Management System provides services for managing all user credentials and the smart cards/USB tokens that contain those credentials. The Credential Server integrates with and leverages functionality provided by 3rd party Certificate Authorities, Directory Services, and other Borderless Security Platform components. Deployment of credentials-passwords, keys, certificates, or biometrics-can be done in either a centralized or de-centralized manner. Capabilities of the Credential Server include user self-enrollment, credential revocation and recovery, issuance, and life-cycle management of smart cards and USB tokens.

The SafeNet Borderless Security Luna Identity Server is an optional appliance for enhancing the security of user credentials in a SafeNet Borderless Security Platform solution. It is a network accessible device that securely stores identity profiles that correspond to end users who must digitally authenticate themselves to the Access Server. The Luna Identity Server contains an internal HSM and encrypted file storage. The HSM is used to decrypt credentials corresponding to authenticated end users. The internal HSM can also be used to perform cryptographic operations associated with the end user credentials. The Luna Identity Server addresses the requirement for high-assurance protection for network-based identities.

The Borderless Security Integrated Management provides for centralized and/or distributed management of the Platform components along with management of authorization policy. User/Group definitions can be acquired from Active Directory or other LDAP Directory Services, or can be defined locally. Centralized logging of audit data and monitoring of alerts, session status, etc. is also provided.