Authentication Levels. White Paper April 23, 2014



Similar documents
AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Improving Online Security with Strong, Personalized User Authentication

Using Entrust certificates with VPN

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

esign Online Digital Signature Service

Electronic Signatures: A New Opportunity for Growth. May 10, 2005

ADDING STRONGER AUTHENTICATION for VPN Access Control

STRONGER AUTHENTICATION for CA SiteMinder

CoSign by ARX for PIV Cards

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Multi-Factor Authentication of Online Transactions

Advanced Authentication

The Convergence of IT Security and Physical Access Control

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Moving to Multi-factor Authentication. Kevin Unthank

Secure Web Access Solution

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

The Convergence of IT Security and Physical Access Control

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Business Issues in the implementation of Digital signatures

2-FACTOR AUTHENTICATION WITH

Entrust IdentityGuard

Knowledge based authentication (KBA)

WE MAKE SECURITY WORK

Frequently Asked Questions. Frequently Asked Questions SSLPost Page 1 of 31 support@sslpost.com

Hang Seng HSBCnet Security. May 2016

Finger Vein digital biometric signature: use cases

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Automation for Electronic Forms, Documents and Business Records (NA)

An Introduction to Entrust PKI. Last updated: September 14, 2004

A Conceptual Model of Practitioner Authentication Prior to Providing Telemedicine Services in Developing Countries

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Security Model in E-government with Biometric based on PKI

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Biometric SSO Authentication Using Java Enterprise System

Two-Factor Authentication

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

API-Security Gateway Dirk Krafzig

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Two factor strong authentication. Complex solution for two factor strong authentication

HOW IT WORKS E-SIGNLIVE 1 INTRODUCTION 2 OVERVIEW

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

Secure Your Enterprise with Usher Mobile Identity

Research Article. Research of network payment system based on multi-factor authentication

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

ViSolve Open Source Solutions

Advanced Authentication Methods Determining the Best Fit for Your Agency. Strong Authentication. Simplified.

PkBox Technical Overview. Ver

Remote Access Securing Your Employees Out of the Office

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

WHITE PAPER Usher Mobile Identity Platform

Using etoken for Securing s Using Outlook and Outlook Express

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Two Factor Authentication - USER GUIDE

Swivel Multi-factor Authentication

Electronic Signature: Increasing the Speed and Efficiency of Commercial Transactions

Strong Authentication for Secure VPN Access

Total Security Solution Essential Security for Net Businesses

Alternative authentication what does it really provide?

Leveraging SAML for Federated Single Sign-on:

Oracle WebCenter Content

Signicat white paper. Signicat Solutions. This document introduces the Signicat solutions for digital identities and electronic signatures

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Electronic Signature Article

PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Service Whitepaper

A brief on Two-Factor Authentication

White Paper. The risks of authenticating with digital certificates exposed

This is a training module for Maximo Asset Management V7.1. In this module, you learn to use the E-Signature user authentication feature.

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

How to Use Boston Private Bank s Secure Mail Service

Secure file sharing and collaborative working solution

Security Digital Certificate Manager

PCI DSS Requirements - Security Controls and Processes

Security Digital Certificate Manager

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

Multi-Factor Authentication Core User Policy and Procedures

Vendor Questions. esignatures Request for information - RightSignature

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

How CA Arcot Solutions Protect Against Internet Threats

PINsafe Multifactor Authentication Solution. Technical White Paper

RSA SecurID Two-factor Authentication

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Virtual Code Authentication User s Guide. June 25, 2015

Transcription:

Summary White Paper April 23, 2014 This document describes levels of authentication that can be utilized for users known and unknown to gain access to applications and solutions. Summary... 1 Description... 2 Multi-step Authentication Options... 4 Layers of Security... 4 1

Description From least secure to most, the levels of authentication can be described as: 1. Single factor authentication a) Requires the use of one factor, usually something the user knows b) Examples ñ Password ñ PIN 2. Multi-step authentication a) Requires a multi-step authentication process. The difference between multi-step and multi-factor is that multi-factors are all required simultaneously, and multi-step has steps which much be executed in consecutive order successfully. A multi-step authentication scheme which requires two physical keys, or two passwords, or two forms of biometric identification is not two-factor. b) Examples ñ Gmail: After providing the password you've memorized, you're required to also provide the one-time password displayed on your phone. While the phone may appear to be "something you have", from a security perspective it's still "something you know". This is because the key to the authentication isn't the device itself, but rather information stored on the device that could in theory be copied by an attacker. So, by copying both your memorized password and the OTP configuration, an attacker could successfully impersonate you. ñ Box: if you login to Box from a new device or computer, Box will text or email you a verification code which then needs to be entered to access Box from that new device. 3. authentication a) Requires the use of two-factors from the list of: ñ Something you have (token, key, etc.) ñ Something you know (password, PIN) ñ Something you are (fingerprint, retina scan, etc.) b) is a subset of two-step, but not vice versa c) Examples ñ PKI systems that use password (something you know) to unlock keystore (something you have) containing public key/private key pair. 4. Multi-factor authentication a) Requires the use of three or more factors from the list of: ñ Something you have (token, key, etc.) 2

ñ Something you know (password, PIN) ñ Something you are (fingerprint, retina scan, etc.) b) Examples ñ Key card entry systems that require fingerprint or retina scan. Slide in your card (something you have), enter the pin code (something you know) and scan your fingerprint (something you are) 3

Multi-step Authentication Options There are several options for multi-step authentication, with varying levels of ease of use and security. Some examples: Email to known email address and Text to known Cell Phone Description: after an attempt to register or authenticate, a verification link (email) or code (cell phone) is sent to known contact information for the user. Pros: well-understood (in common usage by many consumer systems) Cons: highly dependent on validity of user record (i.e., cell phone and email address must be accurate and proven); assumes only the user is using their email address or cell phone. Known user registers unknown user Description: a known user (e.g., an employee) utilizes his relationship with an unknown user (i.e., known user vouches for the identity of the unknown user) and registers the unknown user. Pros: controlled registration environment (ease of implementation) Cons: requires physical presence of the known user with the unknown user; puts trust of identification with current known user (i.e. requires audit). Layers of Security Authentication is just one layer of security. A common methodology for classifying the different layers of security is presented below. Authentication Authentication identifies the user. As seen in the previous sections, different methods can provide varying levels of certainty in identifying the user. Within Enterprises, authentication can and should be tied to existing user repositories, such as Active Directory. Authorization Authorization provides an authenticated user with permission to certain resources. For example, certain users may be allowed by an Enterprise access to certain patient s data. Authorization is typically managed through a mapping table that the Enterprise keeps, and may be organizational (i.e., managers are allowed to see what their team members see). Encryption of Data at Rest Data stored on a PC, tablet, smart phone or other device can be encrypted depending on the type of data and the Enterprises policies. Encryption of the data 4

Media Sourcery solutions depend on user type (known/authenticated or unknown/anonymous). For known users: Data can be encrypted with user s receiver s public key after user clicks send The record store on the device is private The data is queue (in its encrypted state) if no data connection is found The data is removed from the queue after assured delivery For unknown users, the main difference in the encryption process is that data is encrypted with the server or organization s public key after the user clicks send Encryption of Data in Motion Data being transported can be encrypted at the transport level ( or secure VPN) and/or as an encrypted data parcel, using a two-factor PKI (Public Key Infrastructure) solution. Electronic Signatures An electronic signature, or esignature, is an electronic indication of intent to agree to, adopt or approve the contents of a document. These can be digital images of a signature, captured after signing with a finger, stylus or other instrument. The U.S. Federal ESIGN Act defines an electronic signature as an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. Digital Signatures Digital Signatures use a mathematical process, usually based on public key infrastructure (PKI) to ensure the authenticity of a digital message, digital document or other digital information. A digital signature is one form of electronic signature. Digital signatures ensure the authenticity of the signer and to trust that a signature is valid through the use of authentication, non-repudiation and usually a public and private key pair. Non- Repudiation Non-repudiation ensures that the sender of a certain piece of digital data cannot successfully challenge the validity that they sent that data. Media Sourcery s patented non-repudiation implements this utilizing several methods to ensure identity, integrity of the data, and audit trail. Tracking and audit trail All events in the data s security life cycle are tracked and logged. Easy to read audit trail reports can be produced from this data, or the log files can be integrated into an existing log file processing and reporting system. 5

Media Sourcery Solutions The following table shows how the previously described levels of authentication and security apply to Media Sourcery s current solutions. Solution Secure Workflow Secure data Messenger Secure forms Messenger Secure text Messenger Secure Replicator Authentication Authorization Encryption at Rest Single factor Enterprise ipad ios custom secure storage browser data not persisted Single or two factor Singe or two factor Two factor Group mapping N/A Group mapping Enterprise custom Known and unknown user model Device uses PKI to encrypt for receiver before send Known and unknown user model Device: Current device protection Future PKI Browser: data not persisted Known and Unknown (plug-in dependent) Encryption in Motion Parcel is encrypted as it transits, decrypted on receipt Parcel is encrypted as it transits, decrypted on receipt Digital Signatures N/A with esig Two factor 6

For More Information Contact us at: Media Sourcery, Inc. http://www.mediasourcery.com info@mediasourcery.com 800-307-0709 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information