8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 1/6

Self-Service, Anywhere

 © 2014 Hitachi ID Systems, Inc. All rights reserved.

8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 2/6

Contents

1 Introduction   1

2 Mobile users warned of password expiry   2

3 Reset forgotten, cached password while away from the office   2

4 Unlock encrypted hard disk   3

5 Smart card PIN reset   4

6 Low cost multi-factor authentication using mobile phones   4

i

8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 3/6

8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 4/6

Self-Service, Anywhere

2 Mobile users warned of password expiry

Problem Solution Business impact

Mobile users are not notified byWindows when their passwords

are about to expire. Users whoinfrequently connect their laptopto the office network, insteadchecking e-mail with a solutionsuch as Outlook Web Access,suffer regular password expiryand require frequent passwordresets.

Password Manager  sends userse-mails warning of imminent

password expiry. Users changepasswords using a web browser.An ActiveX control refreshes thepassword on their laptop.

Fewer login problems that causea work interruption. Lower IT

call volume and support cost.

3 Reset forgotten, cached password while away from the office

Problem Solution Business impact

Laptop users sometimeschange their password beforeleaving the office and may forgetthe new password when theyneed to use it while not attachedto the corporate network.Without a technical solution, the

IT help desk cannot resolvethese users’ problem until theyreturn to the office. User laptops

are rendered inoperable untilthey return to the office.

A Password Manager  clientsoftware component allowsusers who forgot their primary,cached Windows password andcannot sign into their PC toconnect to the Internet over aWiFi hotspot or using an

air-card. Users locked out out oftheir PC login screen can alsoestablish a temporary Internet

connection using their homeInternet connection or a hotelEthernet service. Once theuser’s laptop is on the Internet,Password Manager  establishesa temporary VPN connectionand launches a kiosk-mode (fullscreen, locked down) webbrowser. The user steps througha self-service password reset

process and Password Manager 

uses an ActiveX component toreset the locally cachedpassword to the same newvalue as was set on the networkback at the office.

Forgotten passwords are amajor work disruption for mobileusers, since they cannot beresolved until the user visits theoffice. Password Manager 

allows users to re-enable theirlaptop in minutes.

 © 2014 Hitachi ID Systems, Inc.. All r ights reserved.   2

8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 5/6

Self-Service, Anywhere

4 Unlock encrypted hard disk

Problem Solution Business impact

Organizations deploy full diskencryption (FDE) software to

protect against data leakage inthe event that a corporate laptopis lost or stolen. Users with FDEon their PCs normally have totype a password to unlock theirhard disk, before they can bootup an operating system. Thispassword is normallysynchronized with the user’sprimary Windows password, so

that the user only has toremember and type a singlepassword at login.

If a user forgets his hard diskencryption unlock password, theuser will be unable to start theiroperating system or use theircomputer. This is a seriousservice disruption for the user

and can contribute to significantsupport costs for the IT helpdesk.

Most FDE packages include akey recovery process at the PC

boot prompt. This normallyinvolves a challenge/responseprocess between the FDEsoftware, the user, an IT supportanalyst and a key recoveryserver.  Password Manager  canfront-end this process using anintegrated telephony option, sothat users can perform keyrecovery 24x7, from any

location, using their telephoneand without talking to a humanhelp desk technician.

Key recovery is an essential ITsupport service for

organizations that havedeployed FDE. Password 

Manager   lowers the IT supportcost of key recovery by movingthe process to a self-servicemodel.

 © 2014 Hitachi ID Systems, Inc.. All r ights reserved.   3

8/3/2019 Self Service Anywhere

http://slidepdf.com/reader/full/self-service-anywhere 6/6

Self-Service, Anywhere

5 Smart card PIN reset

Problem Solution Business impact

Organizations deploy smartcards to strengthen their

authentication processes. Userstypically sign into their PC byinserting their smart card into areader and typing a PIN. If usersforget their PIN or leave theirsmart card at home, they cannotsign into their PC. PIN reset is acomplex support process sincethe new PIN has to be physicallyinstalled on the user’s smart

card. This means that ITsupport may trigger a physicalvisit to the help desk.

Password Manager  allows usersto access a self-service web

portal from anywhere, includingfrom the locked out login screenof their laptop, even away fromthe office (even using WiFi, asdescribed earlier). Once a usersigns into the self-service portal,Password Manager  candownload an ActiveXcomponent to the user’s webbrowser, to communicate with

the smart card and reset theforgotten PIN. Password 

Manager  can also be used toassign a user a temporary loginpassword (often a very long andrandom one) to be used in theevent that a user left his smartcard at home.

While forgotten PINs areinfrequent – PINs are not

usually set to expire – when theydo happen, they are extremelydisruptive. Assigning temporarypasswords is just as importantfor users who left their smartcard at home, which happensquite often.

6 Low cost multi-factor authentication using mobile phones

Hitachi ID Password Manager  supports low-cost, multi-factor authentication into its own request portal, withuser mobile phones acting as a secondary authentication factor (i.e., “what you have”).

This solution is implemented using two technologies included with  Password Manager :

1. Managed user enrollment, used to invite users to enter their mobile telephone number and provider.

2. Authentication chains, used to define how users can sign into Password Manager  itself. For example,end users who forgot their password might be asked to answer a series of security questions and then(if this was successful) to key in a randomly generated PIN that was sent to their mobile phone via ane-mail-to-SMS gateway. Alternately, help desk staff and administrators might be required to sign into

Password Manager  using a combination of their Active Directory password and a random PIN, alsodelivered via SMS.

ww.Hitachi-ID.com

0, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: /pub/wp/documents/ssa/self-service-anywhere-1.texDate: 2011-04-28