The value of a company significantly depends on the way the communications, transactions and sensitive data are managed. The stable rules for accessing the sensitive information within a network are the basis of a trust relationship needed for successful operations in a commercial and business management environment.
The authentication schemes which use of a traditional username and static password are used in the majority of security systems, websites and networks. These kind of scheme offer too little protection against the advanced tools specialized in modern cyber criminality. Besides these passwords can be lost, stored in inappropriate locations, easily transmitted or stolen by malicious persons.
The OTP technology is a proactive measure which is adopted by companies as a protection against the problems mentioned above. The OTP features are based on a number sequence password which is seamlessly generated. These features are stored in a hardware token device which is provided to end-users. The device generates a unique password which is then inserted into the logging process for accessing important data.
The hardware token is just a small part of the general procedure of authentication. The most important part is the authentication server. Feitian OATH Authentication Server (FOAS) is a component which assures protection, smooth functionality and password recongnition which are stored on the user personal token. FOAS was built to comply with OATH consortium requests. The OATH consortium reunites the most important experts and trusted specialists in authentication industry. OATH establish the standards for an simple integration and mutual interoperability between different products provided by the consortium members. FOAS Server can be used seamlessly with any product compliant with the OATH criteria. FOAS is recommended as a very adaptable authentication solution.
When is used with Feitian OTP Token devices, FOAS provides with a complete solution for strong authentication. The solution unifies all the authentication procedures from development to maintenance and reduces the costs for IT infrastructures. FOAS is a multi-channel system for identity verification and it can validate both the user and the server. Furthermore, FOAS can establish a communication environment for high security by providing with digital signing needed for web-based transactions.
FOAS Server offers a web management interface which allows centralized management for different systems. An additional benefit offered by FOAS architecture is the ability to support a wide range of operating platform, authentication protocols, programming languages and web scripts. FOAS Server integrates seamlessly with the existent authentication systems based on Radius protocol. FOAS system administrators can easily implement regulations for user functionality, hardware tokens, agents and log requests. The primary operators can assign and differentiate the level of access rights and privileges for seperate accounts. The operators can delegate responsabiliy for different management roles of different accounts.
In the FOAS system the integration process of token devices is simple and intuitive. FOAS uses three integration methods. When is possible, the most convenient method is to use the existent Radius protocol from the application server for installing the authentication agents. The system offers its own authentication agent and there is no need for developing a proprietary authentication agent. The FOAS Server SDK offers the highest level of flexibility for the application server. FOAS SDK has the ability to provide with features that are not covered by the methodes offered in the standard version.
The FOAS system includes three main components:
- The authentication server
- The management tool
- The authentication agent
The additional parts are:
- OTP server database management system
- the SDK interface for customization
- the end user OTP hardware tokens
The authentication agent functions like a link between the authentication server and the application server. When a user wants to logg on the application server the authentication request is sent to the FOAS Server. The authentication server validates the request and the response is transmitted through the application agent. The autentication agent is not needed to be in a development scenario. The integrated application with Radius do not need an authentication agent.
The management tool offers an easy to use interface for remote management and maintenance of users, OTP tokens, authentication servers and agents and logging information from database. The database management system is the basis of the OTP Server authentication system and contains the majority of data from the system. The database management sistem can be chosen according to customer's needs.
FOAS is commonly accepted by a wide range of platforms
FOAS can be seamlessly integrated within all the major operating systems and supports multiple databases with ODBC or any other type of specific connection.
Centralized and accessible management system
The management tool provides with a web interface and secure management which can be done also remotely. The administration parameters are reglulated through centralized authentication for network or computer operating systems. The system supports multiple services with different authentication settings on a single computer.
Proven track record in the seamless execution of large scale highly diverse deployments
FOAS system handles loading balancing for multi-authentication services with up a concurrent service rate. This can satisfy thousands per second requests and concurrent support for up to ten million end-users. The system was engineered for co-operability with various authentication agents.
OTP Server improves the security for application servers
The dynamic passwords are numeric sequences randomly generated like logging credentials. Using the dynamic passwords can prevent replication, peep or monitoring threats. The static passwords can be used in combination with dynamic passwords for two-factor authentication.
FOAS server can be used with all Feitian OTP Token devices including OTP Token C300
The users can choose the Feitian hardware solutions which respond best to their requirements. The OTP Token C300 has been improved with protected access by PIN. Both the challenge code and time-factor component are necessary to initiate a challenge-response dynamic password or transaction signature. End-users can choose the cross validation and prevent the personal sensitive data leakage.
1. Automatic Synchronization
The authentication server has the flexible feature to automatically synchronize a token during authentication if the token is found to be out-of-sync.
OTP Server Authentication System also supports mobile phone tokens based on event, time or challenge-response. Again, OTP Server Authentication System supports soft tokens based on event, time or challenge-response.
3. Multiple Authentication Methods
For systems that do not demand high security, it can be set to use single dynamic password to authenticate an end-user. The advantage of this method is that there is no need to remember another fixed password however security is quite low.
Dynamic passwords can be used together with fixed password to log in application servers which don't demand very high security. This method is commonly used to bring secure authentication of current application servers to the next level.
Challenge-response authentication method is normally used in application servers which demand high security and have end-users with advanced technology knowledge. The disadvantage of this method is that authentication process involves many steps. However, it brings higher interactivity and security to the application server.
Application servers sometimes use double-way authentication method against fake application server. Before proving their personal information end-users can verify if the application server is the real one.
For application servers which want to authenticate critical transactions, transaction signature authentication method can be used. This is action is need to prove those critical transactions are indeed made by the end-user who claims to be.
4. RADIUS Server Support
According to pre-configured settings, the authentication server can send authentication request to a designated RADIUS server and collect authentication result to send back to the application server.
5. High Performance
The authentication server supports more than ten million concurrent end-users, and single server can reach concurrent processing rate of 3000 times per second.
6. Multiple Algorithms
- Event-based HOTP algorithm from OATH
- Time-Based TOTP algorithm from OATH
- Challenge-Response OCRA algorithm from OATH
- SM3 algorithm from National Security Standard
7. Prevention of Dictionary Attack
When the authentication server finds that a particular end-user has failed a certain times (can be pre-configured) of authentication, it will lock that end-user. During locking, the authentication server will refuse authenticating this end-user until he/she has been unlocked. This is an effective prevention for dictionary attacks.
8. Prevention of Denial-of-Service Attack
The authentication server will delay sending a failed authentication result, which effectively prevents denial-of-service attacks.
For further information about FOAS Server, contact us here. >>