Technical Note

Password Express is a next generation password management and

password synchronization tool that provides users with reduced sign on

experience across all applications and password self-service from any

device, anytime and anywhere. With Password Express, users only need to

remember one complex password and not many.

Password Express benefits

Increase user convenience

and productivity

Reduced sign-on across all web and

thick client applications

Password self-service from any device,

anytime and anywhere

Reduce password related help-desk

calls

Achieve compliance with extensive

auditing and reporting

SIMPLE SECURE SWIFT

Password Express Security – A technical note

Security in Password ExpressWith ILANTUS’s deep domain experience in IAM and security since year 2000,

Password Express has been architected ground up considering security best practices

to meet industry standard compliance norms. Password Express deals with some

sensitive data that makes it imperative to secure data either at rest or in motion.

Password Express Development Right from the development of the tool, the engineering team follows strict security

development lifecycle program based on AGILE SCRUM methodologies. Before any

version release is done, there are dedicated SPRINTS on peer code review,

vulnerability and penetration testing.

Security while data is in motionCommunication between all Password Express components is over a secured

channel as depicted in the diagram.

1. – This communication is over secured HTTP(S) channel and is User’s browser to Password Express Server

encrypted. Depending on Password Express deployment architecture, firewall, intrusion detection system, proxy or reverse

proxy could be some of the components that may be involved as well.

2. – This communication is over secured LDAP(S) channel and is encrypted. Password Express Server to LDAP

3. – This communication is over secured channel and is encrypted. Password Express Server to Database

Security while data is at restStatic data resides in Database. All tables that have sensitive information are encrypted using industry standard AES 256-bit

block cipher encryption with unique key per customer.

Below table highlights the various additional security parameters of Password Express

Security Parameter Remarks

Multi-Factor Authentication

In addition to regular userid/password based authentication, Password Express also supports

multi-factor authentication built on HMAC-SHA1 algorithm.

The second level of authentication adds additional layer of security for user authentication.

Secured Vault

For password self-service, Password Express stores challenge response questions in a secured

vault within the database.

All sensitive information such as challenge response question is encrypted with industry standard

AES 256-bit block cipher encryption with unique key per customer.

Password in Secured Vault Password Express at runtime synchronizes password across all applications. No password is stored

in the Password Express database or secured vault.

Vulnerability and Penetration

Testing

Every Password Express release undergoes thorough vulnerability and penetration testing to

ensure strict security standard is followed.

Extensive Auditing & Logging All events on Password Express are audited and log levels can be configured.

SIEM integration for

co-relations and analytics

SIEM solutions could be integrated with Password Express audit tables for co-relations to detect

anomalies at the enterprise level.

The following are the interactions between various components as indicated in the diagram:

HOSTING

ILANTUS is a pioneer in identity and access management for more than a decade in industry

delivering the most comprehensive identity solution through its unique Hosting Express (HXP).

The HXP is built on a unique framework that enables components from multiple vendors of

your choice to be integrated into a unified solution, delivered in cloud or on-premise, and

managed by you or ILANTUS. All major Identity & Access Management components - Identity

& Access Governance, User Administration & Provisioning and Identity & Access intelligence

are incorporated in the HXP framework.