Strong authentication handbook based on risks

//Strong authentication handbook based on risks

If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect? It is obvious that if we answer in detail to these questions, we will design a good strong authentication handbook based on risks.

Information security professionals are under more pressure than ever before to protect their company’s critical assets. In a time when information can be the most valuable asset a company has, ensuring only authorized users have the ability to gain access to sensitive data systems is critical to ensuring the success of the company. But security also has to be flexible to accommodate the needs of the business. The challenge for IT security professionals today is finding the right balance of security and convenience.

Risk appropriate authentication

Each user accessing the network has a set of requirements based on job function and access needs. When implementing strong security controls, user needs and the ability of IT security to support these needs will require a flexible security solution to meet these varied user profiles.

Flexible strong authentication solutions

Grama provides a full portfolio of products to meet the need for secure access to business resources. Gemalto Protiva is a modular system that allows businesses to choose the security level they need, from a full end-to-end system to .NET-based smart cards that leverage the card management capabilities in Microsoft Server and Windows OS.

Authentication software

Gemalto’s IDConfirm authentication server is scalable and is based on open OATH and EMV CAP standards. The server is designed to work with existing network infrastructure including LDAP and AAA servers. It can be deployed on an existing server and provides authentication services for a full range of devices including OTP (token, card or mobile), Public Key Infrastructure (PKI) -based smart cards and biometrics. The server is equipped with a web-based portal for user account management.

OTP solutions

  • Gemalto time-based OTP tokens use the current time computed with a secret key to create a password. When the corresponding validation server receives the password, it combines the current time with the secret key and performs the same cryptographic computation as the token. If the two resulting passwords match up, access is granted for one attempt within a 30 second window.
  • SMS OTP solutions use the IDConfirm Server to send a password to any mobile phone via SMS. This offers safe and convenient authentication without the hassle or extra cost of having to carry another device.
  • The Protiva Mobile OTP solution exploits all the convenience of the mobile phone without the need for a network. Users download an application that turns the phone into a token that generates a secure OTP.

Smart card solutions

Grama’s smart card-based solutions leverage PKI to provide certificate-based strong authentication. In addition, PKI certificates stored on the smart card can be used to enable email encryption and digital signature, and when incorporated into a USB storage device, secure data storage.
  • There are three options when deploying a certificate-based identity solution: .NET, minidriver enabled (MD), or PIV. Each solution provides a high level of assurance of the identity of the user attempting to gain logical access to the network. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. .NET and MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a.NET or MD certificate-based authentication solution is virtually plug and play.NET & MD are also compatible with MAC OS and Linux environments.
  • Adding biometric functionality adds a further level of security with the addition of fingerprint match-on-card user verification. This functionality is supported by Windows Biometric Framework.
  • Secure Flash USB Token are secure USB tokens that offer simple, highly secure solutions for the mobile office, preventing data loss, securing portable data and digitally signing documents.

Additional PKI functionality

  • Using the Internet for business processes is cheaper and faster but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital signatures created using smart card devices with PKI can securely authenticate virtual documents, saving both time and money.
  • PKI also allows for email encryption. This is essential for preventing sensitive emails being read by unintended recipients.
  • Unsecured USB flash drives can be a major source of data loss but PKI-based tokens are perfect for secure data storage, ensuring sensitive business information is kept safe, even if the drive is lost or stolen.

Flexible authentication built to evolve with your business

Organizations can deploy simpler solutions for fast, secure user authentication and then evolve to more comprehensive identity protection and network security solutions without having to abandon infrastructure investments or change end-user devices. Grama solutions can be used for one-time password applications and then expanded to support PKI and the smart card-based security features in Microsoft’s Windows and .NET platforms. The use of open standards and industry-standard protocols enables hardware optimization, and also helps reduce the total cost of ownership.

Strong authentication adds layers of identity verification to ensure only authorized users gain network access through a variety of easy-to-use form factors that meet business requirements and ensure user adoption.

Learn more
When the time is right, consider contacting Grama. Our Protiva family offers a full spectrum of strong authentication solutions, from OTP to PKI credentials in cards or tokens. Our Protiva IDConfirm server can fit simply into your infrastructure, and Gemalto gives you many options for deployment, from enabling your in-house management to cloud-based services for hosting of provisioning on-boarding.
Learn more
2016-11-07T12:30:13+00:00