epass OTP Authentication System White Paper



Similar documents
External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

A brief on Two-Factor Authentication

DIGIPASS Authentication for Windows Logon Product Guide 1.1

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Using Entrust certificates with VPN

Strong Authentication for Juniper Networks

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for GajShield GS Series

Strong Authentication for Secure VPN Access

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

These additional levels of security are NOT required if you are using a Derbyshire County Council machine on council premises.

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Identikey Server Getting Started Guide 3.1

Secure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Juniper Networks SSL VPN Implementation Guide

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

Juniper SSL VPN Authentication QUICKStart Guide

CA SiteMinder SSO Agents for ERP Systems

Cisco ASA Authentication QUICKStart Guide

Secure Web Access Solution

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

ZyWALL OTPv2 Support Notes

MIGRATION GUIDE. Authentication Server

WS_FTP: The smarter way to transfer files

HOTPin Integration Guide: DirectAccess

SafeNet Cisco AnyConnect Client. Configuration Guide

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for SonicWALL SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Strong Authentication for Cisco ASA 5500 Series

Strong Authentication for Juniper Networks SSL VPN

CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

The new Intranet Portal. The new Intranet Portal of the Chamber of Deputies

If you have questions or find errors in the guide, please, contact us under the following address:

BlackShield ID Agent for Remote Web Workplace

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

IDENTIKEY Server Windows Installation Guide 3.1

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Strong Authentication for Microsoft SharePoint

Accessing the Media General SSL VPN

Remote Access Procedure. e-governance

DIS VPN Service Client Documentation

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

RSA Security. RSA, RC2, RC4, RC5, MD5 AES RC6 PKCS RSA Keon PKI. RSA BSAFE 5 Web. RSA SecurID 4000

SAS Agent for Outlook Web Access

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

2 factor + 2. Authentication. way

ProtectID. for Financial Services

External Authentication with Citrix Access Gateway Advanced Edition

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice

etoken Single Sign-On 3.0

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory

User Authentication in the Enterprise Network

HOBCOM and HOBLink J-Term

Strong Authentication in details

French Justice Portal. Authentication methods and technologies. Page n 1

Securing Administrator Access to Internal Windows Servers

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE. Remote Access and Security I. PURPOSE.2 II. BACKGROUND.

BlackShield ID Best Practice

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Two-Factor Authentication

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Cisco VPN Concentrator Implementation Guide

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

CRYPTOCard. Strong Two Factor Authentication

F5 BIG-IP: Configuring v11 Access Policy Manager APM

IDENTIKEY Server Product Guide

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

DIGIPASS Authentication for Check Point Connectra

Apache Server Implementation Guide

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Check Point FW-1/VPN-1 NG/FP3

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

IDENTIKEY Server Windows Installation Guide 3.2

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Introduction to Endpoint Security

Entrust IdentityGuard Comprehensive

Transcription:

Authentication System White Paper

Directory 1. Overview...3 2. Principle of Authentication...4 3. Authentication System...6 4. Features...7 5. Technical Guideline...8 6. Typical Application...9

1. Overview The rapid growth of the Internet has fundamentally changed peoples lives, with increasing online services such as online-shopping, online-offices, onlinebanking, as well as e-commerce being implemented in different types of fields (financial, stock market, telecom, government etc), providing a diverse range of applications and great convenience. While there are enormous productivity benefits available from increased access, the security risks have also largely increased by using the traditional access methods of authentication through static user IDs and passwords only. Users are lagging behind development and relying on single static passwords, which are wholly inadequate to the access requirements for authentication. Most have come to realize the need for strong authentication, as the static password carries all of the risks normally associated with weak authentication, including password theft, leaving sensitive applications and various types of data vulnerable to mischief. Facing this - how to avoid security disadvantages and improve our access control? The Authentication System allows you to create strong event-based two factor authentication security by using a dynamically generated one-timepassword, also allowing you to combine this with your existing static password seamlessly.

2. Principle of Authentication The Authentication System provides strict access control, based on strong two factor authentication. Two-factor Authentication is a more secure method. Just as the name implies, it requires two separate security elements, something you know (like the user password) and something you do not know (random one-time-password). Authentication System helps the user to store basic authentication information if user failed to provide the first factor, and meantime, generate the dynamic authentication identifier combined with the first one to implement the strong two-factor authentication. Once the user has been inputted and registered into the Authentication System, he/she will be issued with a corresponding OTP token with their personal information recorded in the database. When logging in or securely accessing a resource, the user will depress the token s button to generate a random and unrepeatable one-time-password, which they will then append to their original static user password during the user login phase. Process flow and authentication architecture of the Authentication System:

User Input [OTP Identifier + Static Password] Send User Information to Authentication Agent Software Token Generat e OTP Identifier 1 2 HardwareToken 3 Send [UserID + Password (A)] to the Authentication Server Authentication Agent Search token information with corresponding UserID, and generate the Password(B) comparing to the Password(A) by user input 4 Authentication Server Return Authentication Result to the Authentication Agent 5 Figure 1 Process Flow of the Authentication System VPN User Authentication Server Internet Authentication Agent Application Server RAS User Intranet NT Domain Remote User Authentication Agent Local User Authentication Agent WEB Portal Figure 2 Authentication Architecture of the Authentication System

3. Authentication System The Authentication System involves three components; the token, Authentication Agent and Authentication Server. token: In generating the one-time-password, each time when the user depresses the physical button on the token, a random algorithm-based password is generated dynamically. This dynamically generated password is absolutely necessary, along with the username and static password, to access resources protected by the Authentication System. In addition, the dynamic password is generated randomly, and only one time, to effectively avoid forecasting and tracking, thus dramatically increasing access security and greatly reducing the risk of password theft. Additionally, it simplifies the task to frequently change the password and makes it unnecessary to remember complex passwords, offering maximum flexibility for user authentication. Authentication Server: The Authentication Server runs under the network environment and consists of the following three parts: Database: used to centralize and store user information, token information and all related information Authentication Server Engine: processes authentication based on data transferred from the authentication agent Management Program: provides a graphical user interface (GUI) for the administrator to manage the system Authentication System: Provides / supports many types of authentication agents: Supports various VPN and Remote Accessing environments Supports various RADIUS-standard network devices from mainstream suppliers; eg. Cisco, Huawei, Juniper, 3Com etc. Supports Local-site Secure Logon and Domain Logon Authentication of Windows XP/NT/2000/2003 Server Supports Logon Authentication of various application systems; eg. Apache, IIS etc.

4. Features Open Architecture supports multi-os, such as Windows NT/2000/XP/2003 Server/Vista Multiple Databases supported, such as Oracle, MySQL, SQLServer, PostgreSQL, MSDE, Access etc. Encrypt-protection of token Seed Code and anti-exhaustion protection of token password. In particular, the token will be locked if authentication fails four-consecutive-times Strong two-factor authentication supported, dynamically generated onetime-password, dramatically increase access security Compatible with both standard and extensible RADIUS protocol, allowing for user remote dial-in accessing All user-key-data communications (like user passwords) are securely encrypted during transfers of information from the Agent Server to the Authentication Server. Multiple Web Services supported, such as IIS and Apache, allowing for special access control to specific web pages Seamlessly integrates with other authentication services, allowing for deployment without any change to the current system No restriction to client-side application environment - due to the offline token usage. Such environments as PC machines, telephone entrust systems, ATM machines, as well as POS machine are all available to use secure tokens One-way and straightforward authentication process, preventing illegal accessing from unauthorized users effectively Easy to manage and flexible to use High concurrent-event supported - continuously taking into account optimization based on mature technologies applied, to make sure maximum number of run-time concurrent authentications Load balance implementation to support priority processing authentication requests from multiple servers

5. Technical Guideline Dynamically generated OTP: 6-decimal-digit, and event-based password renewing System Users: the maximum number of concurrent authentications is greater than 250 per second, with satisfaction of mass user application in distributed systems Data is self-destructed once token is physically broken OTP Token Operating Temperature: -20 to 70 water-resistance (IP54), static-resistance, electromagnetic-resistance, quake-resistance Battery Lifespan: 5 years Qualification: Compliant with CE and FCC standards Communication Protocol Supported: TCP/IP, RADIUS

6. Typical Application IIS Secure Authentication: applied in online stock-exchanging, online banking, online education and other business ecommerce web services OA Secure Authentication: applied in all kinds of business official automation systems Call-Center Secure Authentication: applied in calling entrust centers of stock market, calling service centers of bank systems, as well as special calling service centers etc. Dial-in Network Accessing Secure Authentication: applied in mobile office, remote network administration, dial-in backup, banking, stockmarket, government, and public security systems NT Domain Secure Authentication: applied in logon authentication systems for both user and local areas of business and government-levels TELNET/FTP Secure Authentication: applied in remote network administration for online stock-exchanging, online banking, online education and other business e-commerce web services APACHE Secure Authentication: applied in online stock-exchanging, online banking, online educating and other business e-commerce web services ERP Secure Authentication: applied in business management systems of mid-level above Network Equipment Secure Authentication: applied in logon authentication systems for both user and business local area networks VPN Secure Authentication: applied in logon authentication systems for both user and business local area networks

RS-Computer Vertriebs GmbH & Co. KG Your Trusted Security Partner Frankenring 9 * 30855 Langenhagen * Germany e-mail: info@rs-computer.com Web: www.rs-computer.com Voice: +49 511 67 48 50 Fax: +49 511 67 48 525 Copyright RS-Computer Vertriebs GmbH & Co. KG 2008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information