Authshield
Uploaded by
14 SLIDES
200 VIEWS
140LIKES

AuthShield- OTP Solution For Uninor

DESCRIPTION

AuthShield- OTP Solution For Uninor

1 / 14

Download Presentation

AuthShield- OTP Solution For Uninor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OTP Solution For 1-Sep-2014

  2. Proposed Solution Seamless Integration

  3. Proposed Solution • End User Authentication Workflow in SSL VPN • A generic user authentication workflow after integrating with SSL VPN appliance is as follows: • User accesses the VPN login URL. • The user request is intercepted by the SSL VPN appliance, which, in turn, redirects the user request for authentication. • Authentication could be in two ways based on the configuration..... • User Name + (LDAP password*OTP) • User Name + (LDAP Password and then on second page provide the OTP) • OTP could have multiple form factors as shows in diagram. • User will provide the user name and LDAP password, LDAP is integrated with SSL VPN device and ID Confirm. • For second authentication SSL VPN is integrated with Radius server and Radius sever is integrated with ID Confirm (Formally known as SA server) and ID confirm is integrated with SMS gateway through SMSC/HTTPS. • OTP request will follow the sequence---Radius Server---ID Confirm Sever---SMS Gateway---End User Mobile. • SSL VPN appliance validates the OTP . • After successful user authentication, SSL VPN appliance will provides access to the network. • Note- we are using Microsoft NPS as a Radius server.

  4. High-availability and performances • As IDConfirm 1000 Server is based on a traditional J2EE application link to a database, standard web-based high-availability and scalability scheme can be applied • Active / Passive • No session stickiness to manage • Limited performances • Physical or software solution • Active / Active • Session stickiness to manage • Highly scalable • Physical or software solution

  5. IDConfirm Solution Architecture • Easy integration in existing IT configuration

  6. IDConfirm 1000 6.2 - compatibility Supported OS Web servers Windows 2012, 2012 R2, Windows 2008 R2 (64 bits) Redhat 5.8 and 6.4 Apache Tomcat 7 on Windows and Linux Web Sphere on AIX/Windows 8.5.5 Web Browsers User Repository IE 9, 10, 11 Firefox 24 ESR Chrome 33 Microsoft Active Directory 2003, 2008 and 2012 Novell eDirectory Open LDAP Security Modules Thales PShield 9000, NetHSM 500 Java Key Store software module Data Base Oracle: 10, 11g MSSQL 2008, 2012 MySQL 5.1, 5.5 Firebird 2.1 Java Oracle Java 7 IBM Java 6 6

  7. IDConfirm – Ease of use • Whatever your IT configuration is, You can probably add IDConfirm Solution without changing your practices: • Agnostic to hardware configuration: OS, DB, LDAP, Application server, Web Browsers • Easy integration via standard protocol: • XML over HTTP Web API for any application compatible with those standards • RADIUS (NPS and Free Radius) • Support for main browsers via a dedicated Plug-In (SConnect technology) • Deployment scenarios are documented for typical configurations. • Whatever your performance needs are,IDConfirm Server can be configured to answer them: • Requested performances can be achieved with • a single inexpensive server or • multiple powerful machines sharing a powerful database configuration via a powerful network • Requested performances can be achieve via a high availability configuration: • Fail Over configuration using a third party products • Safekit (Evidian), BigIP (F5)… • Monitoring, logs • Admin Log: Rolling File (default), NT Event, Syslog, SNMP • Load Balancing configuration using a third party load balancer • BigIP (F5), … • Back-up and restore: based on solutions attached to Databaseenvironment and application file backup

  8. SMS OTP option OTP: 256987 • SMS is used for the delivery of OTPs • Easy to use – simple user experience with no client software to install and maintain and no impact on customer phone • No additional hardware to carry • Customer need to subscribe to Mobile Messaging Operator that offers an SMSC- or HTTP-compatible API SMS Provider • only MMOs with an appropriate service level agreement and coverage area should be considered. • Simple SMS profiles configuration in IDConfirm • MMO connections • the format for the message that is sent to the user with the one-time password.

  9. SMS OTP: How it works • Request OTP by SMS (User ID, Password) • Receive OTP by SMS OTP code is: 255025

  10. Why Gemalto

  11. Recognized Industry Leadership again by Gartner Based on Vision and Ability to Execute Market understanding and very strong innovation World leader in digital security with a true vision for mobile Customers are well-dispersed geographically Best value for money: TCO + 100% satisfaction Joint third most frequently shortlisted vendor Best trajectory on Gartner User Authentication MQ In 2 years

  12. Wide range of authentication of token form factors

  13. Commercials

  14. Thank You ! The Safe++ team can perform an on-site / off-site assessment of your security set-up and help you build and drive a cost effective and business risk driven organizational security strategy. To set up a discussion do write in to us at info@safeplusplus.com www.safeplusplus.com Safe ++ Global Technology Services Pvt. Ltd. Corporate Office: 002 & 003, BPTP Park Centra, Sec-30, NH-8, Gurgaon-122001, Haryana, India info@safeplusplus.com

More Related