OTP Solution For

1-Sep-2014

Proposed Solution

Seamless Integration

Proposed Solution End User Authentication Workflow in SSL VPN

A generic user authentication workflow after integrating with SSL VPN appliance is as follows:

User accesses the VPN login URL. The user request is intercepted by the SSL VPN appliance, which, in turn, redirects the

user request for authentication.

Authentication could be in two ways based on the configuration.....

User Name + (LDAP password*OTP) User Name + (LDAP Password and then on second page provide the OTP) OTP could have multiple form factors as shows in diagram.

User will provide the user name and LDAP password, LDAP is integrated with SSL VPN device and ID Confirm.

For second authentication SSL VPN is integrated with Radius server and Radius sever is integrated with ID Confirm (Formally known as SA server) and ID confirm is integrated with SMS gateway through SMSC/HTTPS.

OTP request will follow the sequence---Radius Server---ID Confirm Sever---SMS Gateway---End User Mobile.

SSL VPN appliance validates the OTP . After successful user authentication, SSL VPN appliance will provides access to the

network.

Note- we are using Microsoft NPS as a Radius server.

High-availability and performances

4

As IDConfirm 1000 Server is based on a traditional J2EE application link to a database, standard web-based high-availability and scalability scheme can be applied

Active / Passive• No session stickiness to manage• Limited performances

• Physical or software solution

Active / Active• Session stickiness to manage• Highly scalable

• Physical or software solution

IDConfirm Solution Architecture

• Easy integration in existing IT configuration

5

6

IDConfirm 1000 6.2 - compatibility

Windows 2012, 2012 R2,

Windows 2008 R2 (64 bits)

Redhat 5.8 and 6.4

Supported OS

User Repository

Microsoft Active Directory 2003, 2008 and 2012

Novell eDirectory

Open LDAP

Apache Tomcat 7 on Windows and Linux

Web Sphere on AIX/Windows 8.5.5

Data Base

Web servers

Thales PShield 9000, NetHSM 500

Java Key Store software moduleOracle: 10, 11g

MSSQL 2008, 2012

MySQL 5.1, 5.5

Firebird 2.1

Web Browsers

IE 9, 10, 11

Firefox 24 ESR

Chrome 33

Security Modules

Java

Oracle Java 7

IBM Java 6

IDConfirm – Ease of use

• Whatever your performance needs are,IDConfirm Server can be configured to answer them:

• Requested performances can be achieved with• a single inexpensive server or • multiple powerful machines sharing a powerful database

configuration via a powerful network

• Requested performances can be achieve via a high availability configuration:

• Fail Over configuration using a third party products – Safekit (Evidian), BigIP (F5)…

• Monitoring, logs– Admin Log: Rolling File (default), NT Event, Syslog, SNMP

• Load Balancing configuration using a third party load balancer

– BigIP (F5), …

• Back-up and restore: based on solutions attached to Database environment and application file backup

7

• Whatever your IT configuration is, You can probably add IDConfirm Solution without changing your practices:

• Agnostic to hardware configuration: OS, DB, LDAP, Application server, Web Browsers

• Easy integration via standard protocol:• XML over HTTP Web API for any application

compatible with those standards• RADIUS (NPS and Free Radius)

• Support for main browsers via a dedicated Plug-In (SConnect technology)

• Deployment scenarios are documented for typical configurations.

SMS OTP option

• SMS is used for the delivery of OTPs • Easy to use – simple user experience with no client software to install

and maintain and no impact on customer phone• No additional hardware to carry• Customer need to subscribe to Mobile Messaging Operator that offers

an SMSC- or HTTP-compatible API SMS Provider • only MMOs with an appropriate service level agreement and coverage area

should be considered.• Simple SMS profiles configuration in IDConfirm

• MMO connections• the format for the message that is sent to the user with the one-time password.

8

OTP: 256987

SMS OTP: How it works

• Request OTP by SMS (User ID, Password)

• Receive OTP by SMS9

OTP code is: 255025

Why Gemalto

10

11

Based on Vision and Ability to Execute

Recognized Industry Leadership again by Gartner

Market understanding and very strong innovation

World leader in digital security with a true vision for mobile

Customers are well-dispersed geographically

Best value for money: TCO + 100% satisfaction

Joint third most frequently shortlisted vendor

Best trajecto

ry on Gartner U

ser Authentication M

Q In 2 years

Wide range of authentication of token form factors

12

Commercials

13

Thank You !

The Safe++ team can perform an on-site / off-site assessment of your security set-up and help you build and drive a cost effective and business risk driven organizational security strategy.

To set up a discussion do write in to us at info@safeplusplus.com

www.safeplusplus.com

Safe ++ Global Technology Services Pvt. Ltd.

Corporate Office: 002 & 003, BPTP Park Centra, Sec-30, NH-8, Gurgaon-122001, Haryana, India

info@safeplusplus.com