Problem Description
RADIUS Application
Internet Application     >

PROBLEM DESCRIPTION

Nowadays, most of corporate computing networks provide Remote Access or/and Internet enabled applications to authorized mobile or/and remote users to enable access to sensitive coporate data or resources, and critical applications.

RADIUS, with a proven history and wide industry interoperateability, is used by many organizations to provide remote user authentication, authorization, and auditing. Furthermore, RADIUS offers centralized authentication service, so there is no need to setup and maintain individual authentication databases at each entry point into the network. RADIUS based solution is recognized to be a effective, low total-cost-of-ownership.

To increase the productivity and enhance the business relationships, Internet based solutions are widely implemented and the trend is growing.

As the amount and sensitivity of data remotely accessible via networks increases so does the risks to the organizations. However, RADIUS or Internet based solutions generally rely on username and STATIC Password for authentication. Static password authentication approach offers a potential weakness as they can be trapped, guessed or forced to gain access to an otherwise secure network. (For static password weakness details, please refer to Static Password Problem).

RADIUS APPLICATION

DIGIPASS™ MIDDLEWARE is designed to fit RADIUS solution by offering Strong Authentication so as to close the security weakness in static password authentication.

DIGIPASS™ MIDDLEWARE is a fast, highly configurable, easy to use, and cost effective security solution. DIGIPASS™ MIDDLEWARE server works seamlessly with DIGIPASS™ Token family to offer strong two-factor authentication, without the need to replace or reconfigure the existing RADIUS Server and firewall. When DIGIPASS™ MIDDLEWARE is installed (See following diagram illustration), either on a standalone PC between the RADIUS Client (NAS, RAS, or firewall) & RADIUS Sever, or on the same computer as the RADIUS Server, DIGIPASS™ MIDDLEWARE functions transparently, adding strong two-factor authentication without affecting the operation of the server or other network infrastructure.

DIAGRAM: DIGIPASS™ SECURING YOUR REMOTE ACCESS APPLICATION


DIGIPASS™ MIDDLEWARE offers a simple and cost-effective way to install, configure and run a fully featured security solution - one that delivers the maximum level of security and flexibility, while requiring a minimal amount of management.

INTERNET APPLICATION
Nowadays, more and more business corporations are utilizing Internet to increase productivities. And Internet business applications are increasingly deployed to broaden the business horizon, to increase efficiency and productivity, to reduce the operating costs, and to enhance the business relationships. For sure, the trends will carry on.

When the trends are unstoppable and the pressures to go Internet exist, some business companies are still hesitating to do so because of security concerns and even though the hesitation hurts the benefits that Internet applications can bring. The major Internet security concerns are origin from the static password approach, see Static Password Problem.

The worries are over, when the DIGIPASS™ strong authentication arrives. DIGIPASS™ security solution mainly emphasis on the password security, or in other word, authentication. DIGIPASS™ SECURITY works seamlessly with existing web sites and web based applications easily, so as to enable authorized users to logon using a two-factor strong authentication approach. The one-time-password characteristic of DIGIPASS™ SECURITY brings peace-of-mind when you put your business applications online.

DIAGRAM: DIGIPASS™ SECURING YOUR INTERNET APPLICATIONS


Major Security Features of DIGIPASS™ for Internet Application:
  • Two-Factor Strong Authentication, i.e. Something you have (a physical token device to generate password) and Something you know (PIN to activate DIGIPASS™ Token)
  • Time Synchronized Password, logon password is time synchronized and changes in every 36 seconds
  • One-Time-Password, the password generated for logon can only be used once and expires automatically
  • Online DIGITAL SIGNATURE, DIGIPASS™ Token generates a DIGITAL SIGNATURE code for order / transaction signing, based on the transaction parameters
  • Unique Encryption Key, each token is assigned with an unique encryption key so that no two token can generate a same password at the same time.
  • Token Self-Defense-System, The PIN can be initialized to be a specific number of trials and token will lock if the PIN trial exceeds the threshold.


DIGIPASS™ for e-banking
More than 250 financial institutions around the world overcome security challenges of online-banking and -transaction, by deploying DIGIPASS� P300 solution, without compromising existing infrastructures. Easy-to- deploy and -use DIGIPASS� P300 solutions provide high security and total reliable e-banking services via phone, fax, and Internet. Treating security issues seriously and effectively, their existing customers' loyalty is increased while offering potential new customers the benefit of heightened security.

Static password approach has proven to be a wrong security solution for e-banking. Because it weak in security, easy to steal and crack. Moreover, static password is reusable once it's obtained. Security experts recognized that a Two-Factor strong authentication approach is more secure and more practical. When a bank deploys a security scheme, two things should be address: a proven high security solution and customer supports. DIGIPASS™ meets all of the bank's system design goals.

Securing high value bank accounts with DIGIPASS™, e-banking users do not need to install new application nor to make any configurations. Each user is assigned with a registered DIGIPASS™ token for One-Time password generation when they are login into her / his e-banking account. A DIGITAL SIGNATURE feature is available for signing a transaction securely. This signing feature is especially useful to protect a money transfer or online stock trading.

DIGIPASS™ is a total flexible security solution. Its programmable characteristic enables banks to vary the level of authentication required, based on the type of transaction being conducted.

Secure Web Resources
DIGIPASS™ SECURITY Solution enables enterprises to control access to websites and protect sensitive data and resources. Aggressive companies recognize the potential of the Internet for sharing information, but are unable to use it to its full potential due to security risks and threats. Today's companies need a secure and yet auditable authentication scheme based on the latest industry standards which can be used over regular Internet connections and applications. DIGIPASS™ is the key to solve this problem.

DIGIPASS™ SECURITY solution is ideally suited to secure any Internet, Extranet and Intranet sites. It's a complete authentication system that fully integrates with the latest web server applications to provide a total solution to security issues on the Internet. With DIGIPASS™, organizations offering high quality products and premier services over the Internet can now control and monitor their users' / customers' access to specific sites / sections.

Corporations can now split their web sites into different areas, for instances, public area which contains general information such as a company overview and product information for every visitors and a secure area which provides confidential information for authorized users, customers, or partners only. Then the secure area(s) is / are secured by DIGIPASS™ Token, which generates one-time-password based on Two-Factor Strong Authentication approach.

When it comes to process an online transaction, a DIGITAL SIGNATURE can be added to the web application for order / transaction signing. This is easily accomplished by generating a signing code taking transaction parameters into computation.

sect 3_3
abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc.

abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc.

abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc.

WIRELESS LANs
abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc.

abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc.