Embed Size (px)
DESCRIPTION
Mobile One-Time Password. Member of group Focus on IT security software. About Changingtec. CA. Certification Authority. About Changingtec. Focus on networking security solution Develop complete networking security product line based on core PKI technology. RA. MSS. PKI Toolkits. - PowerPoint PPT Presentation
Citation preview
Mobile One-Time Password
Page 2
About Changingtec
- Member of group- Focus on IT security software
Company Changing Information Technology Inc
Set up April 1998
Capital About US$ 2.8million
Employee About 50
Location Hsinchu science park Taiwan
Page 3
About Changingtec
Focus on networking security solutionDevelop complete networking security product line based on core PKI technology
PKIPKI
ToolkitsToolkits
MSSMSSMobile Securitysolution
CACACertificationAuthority
SSSS
Secure Server
VAVA
ValidationAuthority
RARARegistration
authority
• Generate one time password by mobile.
• Solving
phishing 、 Trojan 、 website attack problem。
Security USB
GuardKeyGuardKey
MOTPMOTPMobile one time
password
Page 4
About Changing
Software developing experience for over 10 years. Best market share in Taiwan authentication market. Banking 80%Financing security 90%Medical no.1 Gaming no.1
Page 5
Changing success case
Ministry financeElectronics receipt system is developed and maintenance by Changingtec
Ministry financeElectronics receipt system is developed and maintenance by Changingtec
Page 6
Page 7
MOTP the best information leakage prevention tool
MOTP (Mobile One-Time Password )
- 「 one time password 」 or 「 dynamic password」;OTP is“not predictable 、 not reusable 、 not repeatable” .
- Two factor authentication protect confidential information by higher security level.
- What is two factor authentication?
Page 8
MOTP two factor authentication
User known information
User owned object
1. User log on
2. Input ID PW
3. Generate OTP by mobile/ OTP token
4. Input OTP
5. Press [log on]
6. Enter system
Page 9
MOTP system architecture
Page 10
Application
Radius application (VPN, Citrix, firewall, UTM).
IIS/Tomcat Filter (web server).
Windows Log on.
OWA (Outlook Web Access) Web Outlook Email.
Customized ID/Pass webpage.
Page 11
VPN
OTP Token
MOTP Server
1
2 3
1. generate OTP by OTP token , enter to SSL VPN log on screen (Web or client).
2. VPN Client transfer OTP to VPN server.
3. VPN server transfer OTP to MOTP server by Radius protocol.
4. MOTP server reply authentication result.
5. VPN server connect user to internal system.
VPN log on VPN server
5 4
Case study:
Page 12
OTP token
Web application system MOTP server
1
Web page
1. generate OTP by OTP token , input into log on page.
2. Web system check PW and transfer OTP to MOTP server.
3. MOTP server reply authentication result and allow user log on.
2
3
Case study:
Page 13
Web Filter
General webpage
MOTP server
1
2 3
1. No need OTP authentication when browse generate webpage.
2. Connect confidential webpage, refer to OTP web filter.
3. MOTP server authenticate OTP before allow user browse confidential page.
4. Enter protected confidential webpage.
Confidential web page
Filter authentication
4
Page 14
Windows Logon
MOTP server
1
2 3
1. Generate OTP. Input in Windows log on screen.
2. MOTP Winlogon agent pass OTP to AD server for authentication.
3. FSDCProxy transfer OTP to MOTP server.
4. MOTP server reply authentication result.
5. FSDCProxy reply to user PC and allow user log on.
Windows log on AD server
5 4
Case study: OTP token
Page 15
Web Outlook
MOTP server
1
2
3
1. Generate OTP by Token. Input Web Outlook log on screen.
2. OWA system authenticate PW and transfer OTP to MOTP server.
3. MOTP server reply weather OTP authentication is passed or not.
OTP Token
Page 16
Easy installation
5 activation
Activate MOTP User ID PW and OTP
4 token installation
Download and install software token
3 registration
Register MOTP User
2 integration
Build up system integration
1 installation
Set up server
使用使用者開始使用MOTP登入網頁
Page 17
MOTP benefit for MIS (IT manager)
• Prevent information leakage. • Easy installation Easy maintenance.• Support role authority for lamination
mgt.• Centralize in-out side access control by
token management.• Audit Log.• Support HA (fail over).
Page 18
MOTP benefit for end user
• No need to maintain ID PW periodically • One account can use multi-tokens• Support temperate account PW. • No need extra PW memorization• Various Token type optional
Page 19
MOTP support full range token
• support full range token series: hardware, software token optional
Page 20
MOTP 3.0 advantages:
Easy to manage IE based Administrator UI. Easy to management
International protocol Standard Radius protocol apply to over 90% SSL VPN
Audit program Complete OTP user history and analysis log. Support system changing, user search function and abnormal status notication function
Scalability Support from 1 to thousands users by adding authentication server
Stability Compliance with existing security system. Support high ability (HA), stable and safe.
Thanks~Please feel free to contact for any inquiry.
