Over the past few years, more and more enterprises have been choosing to deploy IAM (Identity and Access Management) solutions produced by market leaders such as IBM/Tivoli IAM ,Sun IdM ,Oracle IAM ,Microsoft , etc. using LDAP or ActiveDirectory, provisioning, meta-directories or eSSO/WebSSO  functions to mange users and/or employees.

Identity Aware Networks provide identification for devices but a reasonable doubt about WHO is actually using the device can remain. Passwords can be forced or stolen without the user even being aware of it.

A stolen SSO login/password will give a thief access to a large number of applications. SSOs are indeed more user-friendly but they call for higher levels of security.

Only strong authentication based on smart cards and OTPs provides identification right through to the user himself. A user who possesses a smart card and/or a OTP has been identfied in person. He must keep his PIN code confidential and make an immediate declaration if his card is lost or stolen. Key benefits of these technologies are:

• All devices are equipped with double security; the certificate on the card and the PIN code. In order to connect to a network a user needs access to the PC, to the smart card and to the PIN code. Even if two of these three elements were stolen, security would not be compromised.
• The user is identified with certainty and can therefore be held fully accountable for his actions
• The content of a desktop or laptop can be encrypted to protect the data even in the event of theft
• A single card can be used for multiple purposes (PC access, access to premises, micropayments for cafeteria or coffee machine etc.). In addition, most users are more comfortable with one PIN code than with multiple passwords that must be changed regularly.
  

For more details, please download our white paper Secured Identity: The Next Disruptive Technology in IT Security