| remote employee | internet firewall VPN access enterprise LDAP Option: Virtual Machine Appliance |
|---|
| Identity Assurance Solutions | internal employee terminal services |
|---|
| Soft tokens allow more convenient | Multi-factor authentication limits |
|---|
| and economical strong authentica- | impact of some forms of malware |
|---|
| tion of remote workers | Strong authentication improves rapidly deploy authentication |
|---|
| Soft tokens don’t require extra de- | regulatory compliance and policy methods to meet the market |
|---|
| vices or rekeying. They are easy to | adherence need without changing the |
|---|
| distribute, cost-effective and can | Three-factor authentication is pro- |
|---|
| infrastructure and technology | be recycled as employees change vided via time, event counter seed each time and 4TRESS allows |
|---|
| Short message service (SMS) | key and PIN usage with algorithm |
|---|
| us to do this.” | one-time passwords (OTP) ensure Supports the broadest range of |
|---|
| secure connectivity when tokens | OTP algorithms based on OATH |
|---|
| @ BNP Paribas | are not available or preferred open standards, including time- |
|---|
| Easy migration | based, event-based and propri- etary time+event-based algorithms Appliance simplifies and for maximum security, utility streamlines deployment and value Works concurrently with legacy Tokens auto-synchronize to im- authentication servers for grace- prove reliability and security and ful and efficient migration, which reduce support calls maximizes the ROI of old tokens |
|---|
| and ensures a low-risk migration | Integrates seamlessly with full suite of credential management, Ability to leverage existing user middleware, smart card, single directories eliminates the need for sign-on, mobility and physical user migration during deployment access control offerings Able to link to multiple LDAPs with Integrates with Active Directory a single front end and most standard LDAP to match |
|---|
| Decrease risk | the scalability and availability of |
|---|
| Enterprises can generate their own | the enterprise’s network |
|---|
| seed files | Versatile authenticavvtion |
|---|
| Using PIN + token enhances secu- | reduces costs rity and provides the confidence to connect with all forms of digital connections |
|---|
| to URL of cloud | 4TRESS login portal |
|---|
| application | one-time password token customer employee citizen soft token (web, PC or mobile) 3. User authenticates to 4TRESS login portal via 4TRESS |
|---|
| strong authentication | Authentication Appliance |
|---|
| out-of-band SMS/email | 4. User is granted access to the cloud application Identity Assurance |
|---|
| Solutions | Interactions supported through SAML protcol smart card or key |
|---|
| Broad range of | Compliant with the OATH indus- |
|---|
| authentication methods | try standard, eliminating vendor “ Almost 50% of data |
|---|
| OTP tokens (Mini Token, Pocket | “lock-in” breaches exploit stolen |
|---|
| Token, Token One, Desktop Token) | Competitively sourced, or weak credentials.” |
|---|
| Display Cards | standards-based OATH tokens |
|---|
| ensure right features and | Verizon Business Data Breach |
|---|
| best value | Investigations Report, 2010 the Oath OTP standards (HOTP / |
|---|
| TOTP) | Tokens can last up to eight years, 2x to 3x longer than other solu- tions, dramatically lowering token replacement and redeployment |
|---|
| DeviceID | costs |
|---|
| Strong passwords (full and partial) | Soft tokens deploy more efficiently Improve Control (full and partial) Policy driven, organization-wide authentication solution with (PKI) fine-grained authentication |
|---|
| Smart cards running the OTP applet | policies |
|---|
| Out-of-band SMS (password or | Easily integrates with applications |
|---|
| verification code) | to leverage strong authentication |
|---|
| Out-of-band Email (password or | Digitally signed and sequenced |
|---|
| Temporary activation codes | Secure, highly scalable (from 100s |
|---|
| LDAP passwords | to millions), resilient architecture |
|---|
| RADIUS authentication | FIPS 140-2 HSM option to secure |
|---|
| Virtual appliance option | an enterprise’s keys 4TRESS Authentication 4TRESS Authentication Appliance FT2011 One-time password: Synchronous (ActivIdentity Chassis Form Factor |
|---|
| patented algorithm) | 1U Chassis One-time password: Challenge / response 650 W redundant PSU One-time password: OATH HOTP Event, TOTP DVD-ROM Time-based, and OCRA challenge / response |
|---|
| Oath transaction signing (OCRA) | Processor Type |
|---|
| Built-in | 2.0 GHz CPU Smart Card PKI / X.509 certificate Emergency full and partial strong Static Password Memory |
|---|
| Methods | Appliance |
|---|
| &Security Questions | 8 GB RAM Out-Of-Band One-Time Password or Transaction |
|---|
| Verification code sent via SMS or Email | Drive |
|---|
| Device ID - Web Browser Registration | 4 x 250 GB Hard Drive 4TRESS Fraud Detection - Device Profiling & Risk Hardware RAID 1 Mirroring Based authentication Regulatory |
|---|
| External or | UL, CUL, CSA, FCC, certification |
|---|
| Third-Party | LDAP fallback & passthrough RoHS compliant |
|---|
| Authentication | RADIUS conditional routing |
|---|
| Hardware Tokens | 4GB of RAM (6GB or more |
|---|
| OTP Token VL | recommended) |
|---|
| KeyChain OTP Token | 150GB of free HD space Virtual |
|---|
| Desktop OTP Token | VMware ESXi 7.1, or VMware-player 3.1(VMware-play- Appliance |
|---|
| Pocket OTP Token | er-3.1.4-385536.exe), or VMware-workstation 7.1 (VMware- |
|---|
| Mini OTP Token | workstation-full-7.1.4-385536.exe)* Requirements Any OATH compliant event, time or challenge / VM Guest |
|---|
| Authenticators | response-based hardware token At least 2.5GB of RAM |
|---|
| DisplayCard Tokens | (4GB recommended) |
|---|
| DisplayCard Token | 2 CPUs/Cores 2 local network connection Software Tokens PC Soft Token Mobile Soft Token (iPhone, Android, Java, Operating System |
|---|
| Blackberry) | Oracle Enterprise Linux – Hardened Software |
|---|
| Web Soft Token | Application Server Operating JBOSS 4.2.3 GA |
|---|
| Database | Database Embedded Oracle 11g R2 Standard Edition Oracle 11gR2 Stadard Edition |
|---|
| with indegrated fault tolerance | Embedded with fault tolerance User LDAP Repositories Microsoft Active Directory Oracle / Sun Java Directory Novell eDirectory Vendor |
|---|
| 網絡協議 | RealSec Crypto |
|---|
| SAML v2 | Processor RADIUS Authentication and Authorization ARM7TDMI 50 MHz RISC processor |
|---|
| Web Services (RMI & SOAP v1.1) | Certifications |
|---|
| LDAP v3 | FIPS 140-2 , level-3 certification |
|---|
| Standards | PSKC v1.0 (credential import) Common Criteria EAL4+ Supported |
|---|
| Cryptographic | Cryptographic – Random |
|---|
| OATH event, time and challenge / | Hardware FIPS 186-2 compliant random number generator |
|---|
| response-based | Security Cryptographic – Symmetric |
|---|
| 3DES / AES / RSA / ECC / SHA-2 | Module AES, DES, Triple DES (double and triple length cipher); FIPS 140-2 level 3 HSM (credential storage and data (optional) SAFER (64 and 128 bits, K and SK modes) |
|---|
| signing) | Throughput: 320-600 MBs Cryptographic – Asymmetric |
|---|
| Help Desk and | Web-based help desk RSA 1024, RSA 2048 |
|---|
| Self Service | Localizable & U.S. Section 508 compliant RSA 4096 & ECC ready Throughput: 337-7240 exp/s |
|---|
| Device and Credential management | Cryptographic – Hashing Administration |
|---|
| Authentication Policy management | Hash functions: MD5, SHA-1, RIPEMD |
|---|
| User and Permission management | (128 and 160 bits) |
|---|
| Auditing, | Digitally signed & sequenced tamper-evident audit log |
|---|
| Accounting and | Audit log queries |
|---|
| Reporting | Published audit schema |
|---|
| Toll Free: 1 800 237 7769 | An ASSA ABLOY Group brand © 2012 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design and 4TRESS |
|---|
| Asia Pacific: +852 3160 9800 | are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without |
|---|
| Latin America: +52 55 5081 1650 | permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners. |
|---|
| hid g l o b al.com | 2012-12-04-identity-assurance-4tress-authentication-appliance-ds-en |
|---|