bioLock Demo -

Introducti

on

bioLock Technical Demo at SAP Public Sector for Sapphire

bioLock controls the access to one or multiple SAP systems via single-sign-on protected with biometrics. We eliminate outdated passwords, and enhance security and convenience while reducing unnecessary password administration cost and saving the user valuable time. For the first time, the user of a transaction will be uniquely identified and the activities can be logged in the SAP log file. There are no more excuses: “It was not me!”

bioLock will guarantee more accurate Audits and could help to comply with critical regulatory mandates such as: Sarbanes-Oxley US Patriot Act HIPAA

bioLock is SAP certified

As mentioned - bioLock is SAP-certified and runs on SAP 4.0 and higher…

bioLock is SAP Certified and NetWeaver Certified

Overview for this

presentation

This is what we will be learning about bioLock :

·         Creating a bioLock template

·         Assigning the bioLock template to your SAP R/3 user ID

·         Logon to multiple SAP systems via single sign on secured by biometrics

·         Defining which R/3 transactions should be authenticated for your user

 

Create a templat

e

First, you will create your own bioLock template. Enter your bioLock userid (this could be identical to your SAP R/3 userid or different) and click on Create Template.

Select a Finger

The following popup will be displayed:

You now have to select which finger you want to use for fingerprint authentication. The default is the index finger of the right hand. Let’s assume you accept the default. Click on Start at the bottom.

S T A R T

Put your

finger on the

hardware

Now put your finger on the hardware device

Siemens ID Mouse

Cherry Keyboard

Other biometric hardware on request…

Record the

fingerprints

Your first fingerprint has been recorded.

Repeat two more times (you need to have 3 fingerprints

recorded), and then confirm the popup.

Template was

created

Click on settings to continue…

You have successfully created a bioLock template. The next step will be to assign the biolock template to your R/3 userid.

Assign biometric user to SAP user

The bioLock R/3 configuration menu is displayed.

Click on Assignment biometric User to SAP User.

Assignment biometric User to SAP-User

New Entries

In the table, click on New Entries.

Assign your

R/3 user

Then assign your R/3 User (User column) to the bioLock User (BIS User).

Save your settings.

Record your

customizing request

You will be asked to record your

settings in a customizing request.

Click on Create Request, enter a Short description for the request and Save.

DE4K900069

Save your customizing

request

Confirm your customizing request and your data will be saved.

Exit out, back to the bioLock configuration menu.

Define

user-depending

verification-check

s

Here, you define for which R/3 transactions your userid should be authenticated. Please note that the ‘function’ column in the table represents the R/3 transaction. Function ’10’ has been customized for fingerprint authentication and represents R/3 transaction MB01, which in turn is the R/3 transaction used for fingerprint authentication in the Homeland Security scenarios. We will configure a different transaction later in the demo!

Select menu option Define user-dependent verification checks.

Define user-depending verification-checks

Enable the function

Click on New Entries and assign your new bioLock user (template) to the function (R/3 transaction). Enable the check.

Save your settings. If prompted, save them to the same transport request you created earlier.

Go back to the bioLock configuration menu.

You have created a bioLock template

Congratulations, you have now successfully created a bioLock template and enabled your userid for fingerprint authentication for transaction MB01/function 10. The logon for your user ID is now protected with biometrics!

See now, how we can logon to multiple SAP systems via

single sign on – secured by biometrics…

 

The bioLogon selection menu

The bioLogon starts manually or automatically…

You can register all your SAP systems and optional any other of your IT systems for single sign on.

Select the system you

want to access

Double click the system you want to access…

double click or “Logon”

… or select the system and click on “Logon”

Put the finger on the sensor

You will be asked to put the finger on the sensor…

The registered finger is

recognized

Your registered finger will be recognized within a part of a second…

The selected

SAP system will be launche

d

…and the selected SAP system will be launched

The next part of the demo describes how you can enable additional R/3 transactions for fingerprint authentication.

Definition of protected system

functions

This section of the demo will describe, how you can identify an SAP R/3 transaction for bioLock authentication. In this example we will protect the purchase order transaction ME21N.

From the bioLock configuration menu, select Definition of protected system functions.

Definition of protected systemfunctions

Activate the SAP Sys Log file

Click on New Entries.

Choose a function key number that has not been used before.

Activate the Syslog Entry at error and Syslog-Entry option to receive entries in the SAP log file about successfully executed or denied transactions. Unauthorized access will be logged.

Please Note - that the person who executed or tried to execute a transaction or access a balance sheet will be uniquely identified via biometrics and logged in the SAP log file. This biometric identity management is critical to proof, who did what within the system and could become extremely valuable to comply with HIPAA, Sarbanes-Oxley and other Auditing Rules or Regulations.

For the first time the management can proof, who did what and when - and there are no more excuses !!!

Protect critical purchasing functions

Secure financial, HR and health care data

Know which suppliers access your system

Control access to critical company information

Prevent unauthorized access, changes and print of data

Uniquely identify the user - and know what happened when

What can I do with bioLock

Confirm the popup prompt for customizing request to save data…

Click the green arrow twice to get back to the bioLock configuration menu.

Assigning PO

transaction to bioLock

Next, you will have to assign the SAP R/3 purchase order transaction to the bioLock function. In order to isolate fingerprint authentication from standard SAP transactions, we will actually create a copy of the standard purchase order transaction code ME21N. Go to transaction /nSE93.

Enter your new transaction code (suggestion: Z plus the SAP transaction code) and click on Create.

Specify a short text

Specify a short text for your new transaction code and select option Transaction with parameters (parameter transaction). Confirm the popup.

Specify transaction

values

For the new transaction you have to specify the following:

- Transaction Values: /realtime/bis_exit- Skip initial screen: yes

Please press Enter to refresh.

Open the select field

At the bottom of the screen (Default Values section), click on

next to “Name of the screen field”. You will get the following selections:

Configure P_TCODE /

P_FUNK

You need to configure both P_TCODE and P_FUNK as follows:

Save!

ME21N99

Save your changes to a package

If you are asked to save your changes to a package, enter package Z001 and Save.

Create a request

Next, you might be prompted to save to a transport request. You will need to create a new transport request. Click on Create request.

Enter a short description for your request and Save. Confirm your new request number until you get the system message that ‘Transaction code ZME21N was saved’.

Assign transaction code to User

As a last step, you have to assign the new transaction code to your user for fingerprint authentication. In the transaction code window enter /n

/n

Hit Enter and you will be taken back to the main menu

Type in the transaction

code window

  Next, click on

     Type in the transaction code window: /realtime/biolock

and select define user-dependent verification checks

Define user-depending verification-checks

Final user settings

Save your entries and confirm your changes to one of your existing transport requests.

Click on New Entries…

…and make the following settings:

Enter your system function 99

Enter your R/3 user ID

Smith

Enable the check

Authenticate your self with your

finger

Once you get confirmation message that ‘Data was saved’, try to access your new transaction code : ZME21N.

Authenticate yourself with the finger that you have enrolled

Go to the audit trail

Once you are authenticated, you will receive the following message:

To complete this identity management solution every time you are trying to authenticate yourself, the system is updating the audit trail. Go to transaction /nsm21.

Confirm the popup and click on Reread system log

For the first time the user gets uniquely identified – no matter, what profile he is using. This way bioLock tracks for example which individual is logged in as SAP ALL and which uniquely identified person was responsible for the critical changes…

In the log, you will find an entry like this:

Or it could say User SMITH was identified as MILLER

- the execution of function 99 was denied!

Sarbanes-Oxley – HIPAA – Audits – etc.

View the log

file

Technic

al facts about

bioLock

The bioLock software is installed and configured in hours. Protection of transactions / registration of bioLock users takes minutesActual use is intuitive and requires no trainingThe software is installed in it’s own ‘/realtime’ directory It does not change your SAP configurationbioLock runs on SAP 4.0x and higher

Innovative – inexpensive – convenient

For watching our technical demonstration!

Order Pilot

Installation for $499

WORLD TRADE CENTER 1101 Channelside Drive Tampa Florida 33602Phone: 813-283-0070 Fax: 813-283-0071 Email: info@biolock.us Web: www.bioLock.us

Download this bioLock Demonstration as a powerpoint presentation to browse it at your own speed and don’t miss viewing our educational bioLock presentation to learn how dangerous passwords could be for your company...

realtime North America Inc.

The End…

www.bioLock.us