Secure your organization...Cleared® OmniPass Enterprise is a cost effective, server-based, back end that offers enterprise-wide identity and password management, as well as data protection, and is easily deployed and easily managed by your IT department. Cleared OmniPass Enterprise provides organizations a well integrated, strong authentication and identity management system that ties easily into their existing infrastructure with features like:
- Support for Active Directory
- Support for ADAM
- Support for Novel NMAS
- Standard MMC console plug-in
Authenticate with certainty...Priva’s Cleared Security Platform™ goes beyond traditional three-factor authentication, (what you have, what you know, and who you are) to provide the most robust advanced authentication technology in an easy-to-use solution.
The major components are the ClearedHost™, a secure authentication server, and the ClearedChip™, a custom security processor that is FIPS 140-2 Level 3 validated. Additionally, the ClearedKey™, a personal biometric authentication device incorporating the ClearedChip, is provided for user authentication. Together, they provide a robust authentication solution for secure transactions, with the ability to seamlessly integrate with new and legacy applications. The Cleared Security Platform results in lower maintenance, flexible security policy setting, and increased return on investment.
Centralized or remote user enrollment...User authentication information is stored along with the other information within the user's personal ClearedKey, so that a user can be enrolled from any machine. When the user tries to log into another PC in the domain, the authentication data is retrieved from the ClearedKey to perform the match; the user never needs to enroll separately on the second machine.
Centralized user enrollment allows users to be enrolled at a badge creation station for added securit., However the system can be configured to remote enroll a user on first login from any connected system.
The authentication process starts by the ClearedChip initiating a bidirectional challenge/response process with the ClearedHost. Once the ClearedChip and ClearedHost have completed this validation process, the user, system, or network is “cleared” to begin a secure session for user authentication. Unlike other authentication systems, accessing the system using the ClearedChip device does not allow other applications to utilize an open channel via the device without authorization.
Secure Windows logon...
Graphical Identification and Authentication (GINA) is the screen that appears when you first login into windows or press CTRL+ALT+DEL on your keyboard. Cleared OmniPass extends the Windows GINA by adding security and convenience to authenticate users before granting access to the Windows desktop. Login policies are configurable per user or on a per-machine basis.
Password management...Securing data, user verification, and password management are critical to locking down single systems and systems in an enterprise environment. “Password reset becomes a large, expensive bucket of support for companies,” says Kris Brittain, a research director at the Gartner Group. According to Gartner, an employee forgets his or her password an average of four times a year, and each call to a corporate help desk to reset a password costs $14 to $25. A 2003 survey by IDC indicated that the annual password support and lost productivity cost was approximately $48 per user.
Cleared OmniPass is a powerful tool that enables you to reduce costs and conveniently manage passwords. It creates and maintains an encrypted “vault” on a user's ClearedKey for passwords. Users can either make entries into the vault themselves, or the first time a password-secured web site or application is used; the user simply enters the original password and then tell the system to “Remember that Password”. From that point forward, anytime that web site or application is accessed again, users are prompted to authenticate using their personal ClearedKeys. Once authenticated, the vault “unlocks,” and the appropriate password is provided to grant access to the application or web site. Without typing a user ID or a password!
A powerful but easy-to-use scripting engine is provided, allowing an IT professional to write login scripts that can be attached to a user or to a group of users, eliminating the need for users to setup the login user ID and password to corporate resources. This provides password-protected access without the user having knowledge of the password.
The Password manger can support all enterprise-level applications, such as terminal emulators, SAP, Oracle, and others. This is the first product in the market to support the Mozilla browser family.
File and folder encryption...Traditional file encryption and decryption utilities encrypt/decrypt files on demand, one file or folder at a time. Cleared OmniPass is closely tied to Windows Explorer to provide a better user experience.
Users browse to a specific file or folder and right click to encrypt or decrypt the selected file(s). Encrypted folders are available as regular Windows folders instead of special files. The user can then drag and drop files, view or modify the file contents, and manage encrypted folders just like normal Windows folders.
Encryption uses the existing PKI encryption technology and the CryptoAPl architecture that is already in built into Windows
Encrypted file and folder sharing...Enterprise Edition also supports the sharing of encrypted files and folders. Simply right click the file and select “Sharing...,” and a list of other users in the domain is shown; access can be given to any other user.
Key management is automatically handled so that the user does not have to worry about key exchanging or other complicated procedures for sharing an encrypted file or folder. S haring users must perform authentication using their ClearedKeys before access to the encrypted files will be granted.
When used in conjunction with a TPM device, secure file/folders can be locked to specific systems, not allowing the files to be transferred to unsecured computers.
Secure e-mail / VPN / certificates...
Cleared OmniPass can secure digital certificates installed in a computer and require authentication before an application can access the certificate. Using this feature, an enterprise can secure e-mail, VPN access, and other operations that use traditional PKI technology. By adding multi-factor authentication to these daily operations, a much more secure environment for data and network access is created.
Easily adapts to changing environments...
The security world is in a state of convergence. Whether this is due to new technologies, competition, or internal needs, authentication requirements will continue to change. The Cleared Security Platform was architected to adapt to emerging technologies without costly upgrades. The Platform goes beyond traditional authentication, providing the ability to integrate new applications and work seamlessly with existing applications. This extensibility results in lower maintenance, controlled access, and greater return on investment.