CRYPTO-MAS delivers two-factor authentication services to businesses without the need for expensive infrastructure investment or the need for specialist technical knowledge. The simplicity of the dedicated portal, CRYPTO-MAP, is core to delivering a hassle free interface. Put simply, CRYPTO-MAP delivers the easiest to use administrator tools of any two-factor authentication service on the market.
allocated to something known as a token pool for the company. • Every token in the token pool then needs to be allocated to a user. This can be done either individually or in groups. The tokens are then sent to the users. This happens automatically if they are software or SMS based tokens, or requires the device to be posted to the user in the case of hardware tokens. On connecting, they will be prompted to enter their PIn and OTP
CRYPTO-MAP is accessible from anywhere, via a standard web browser. The interface itself is naturally secured using two-factor authentication. The first step in setting up a company on CRYPTOMAS involves setting up an administrator on the portal – to do this the company is entered on the service by CRYPTOCard or the Service Provider. This involves the key details of the company and its Authnode (the device that is being secured) being entered into MAP. Once this is done a company administrator is allocated and automatically sent a software token - which provides secured access to the company’s dedicated CRYPTO-MAP page. The administrator uses MAP to drive the whole process of issuing and managing tokens. The first step is to get the service up and running and issue tokens to end users. Here is a summary of how that happens:• At the same time as the administrator is setup on the service, CRYPTOCard will allocate a number of tokens to the company. The tokens will be initialized to the specification agreed with either CRYPTOCard or the Service Provider. These initialized tokens are then
CRYPTO-MAS is now ready to start securing access to the network. We can now start to describe the key features of each of the tabs within MAP and how they are used to manage users.
CRYPTO-MAP Key Features:
• Accessible from anywhere, via a standard web browser • Extensive reporting suite • Simple user self service portal for users • Access control list for enhanced security and control • RADIUS return attribute support • Bulk data import facility • Multi-company / Multi-tier architecture • Automatic token deployment capability • User groups aid deployment and security
This menu allows us to enter all the user details into the service. This information is used throughout the service to allocate tokens, support the user and report on user activity. Data can be entered manually or imported via a special feature in the Group tab. Within this menu it is also possible to enter a users “secret question” – a key security feature that allows a user to be identified should they request help or support. A search field is available to aid fast finding of specific user details – maybe in case of a support call.
Here we are able to allocate tokens to users. A list of all tokens, their types and their current status are shown clearly. The desired token or token type is selected and then allocated to a specific user using the clearly shown buttons. If a software, BlackBerry or SMS token is allocated, then the token can be sent immediately to the user via email or SMS.
CRYPTO-MAP Management Portal
Within this menu it is also possible to de-assign or disable tokens, either when someone leaves the company or if they lose their token. Within the menu you can also configure the PIN length for the user. Additional features allow you to reset the PIN to the factory default, test the token or even re-synch the token if its OTP generation has failed to be accepted. This re-synch and PIN change capability is also available through a selfservice portal. CRYPTOCard, this is used to notify CRYPTOCard of changes to the AuthNodes. Secondly, the menu allows information to be entered to set-up the Access Control Lists (ACL). The purpose of the ACL is to permit or restrict access to users based on a specific combination of Source IP and Group membership.
User Self-Service Portal
Within this menu we are able to put users into common groupings, maybe to aid deployment, ongoing support, align CRYPTO-MAS with specific infrastructure requirements or to simply help with usage reporting and auditing. This menu contains a key feature of CRYPTO-MAS, the ability to set the RADIUS Return Attributes. This feature ensures that the service is able to work within an enterprise or service provider network to permit or restrict access for certain users to nominated groups or service types. This can be done for individual users or for groups of users. A wide variety of RADIUS Return Attributes can be supported.
The reduction of support calls is key to reducing the ongoing overhead of supporting and maintaining the system. Users of CRYPTO-MAS have a dedicated self service portal that allows them to rectify some of the basic problems that can generate potentially un-necessary support calls.
Within this menu a wide variety of company details are set-up and managed, such as contact details and billing information. Within this menu it is also possible to customize the service to include a company’s logo on the portal. CRYPTO-MAP is architected in such as way that it is possible to have a company managing another company. This allows the service to be deployed within a service provider network or used by a reseller to deliver value added services.
The Portal can be used by the user to change their PIN. This is typically done for security reasons – CRYPTOCard recommends that PIN’s are changed on a regular basis. The User Self-Service Portal also supports some additional functions for either hardware and software tokens or on-demand SMS tokens:• Hardware and software tokens have the ability to be re-synchronised using the portal. A token can get out-of-sync because the button has been pressed too many times and so the OTP is no longer recognised by CRYPTO-MAS. SMS Token users are able to request a new tokens code. This is then either sent by normal SMS text message or can be sent to the valid email address of the user. A user may need a new code because they don’t have their mobile phone at hand or the OTP that they were sent may have been accidently deleted.
CRYPTOCard North America
340 March Road Suite 600 Ottawa, Ontario K2K 2E4 Canada Toll Free: 800-307-7042 Tel: +1-613-599-2441 Fax: +1-613-599-2442
CRYPTO-MAP is delivered with a comprehensive suite of preformatted reports that can be used to aid support, auditing and pro-active management of the service. The reports are easily accessed and totally flexible in terms of reporting periods and reporting criteria. Data for certain reports is produced using charts and graphs. It is also possible to export data to programs such as Crystal reports – for further analysis.
Eden Park, Ham Green Bristol BS20 0EB, United Kingdom Tel: +44 870 7077 700 Fax: +44 870 7077 711
E-mail: firstname.lastname@example.org www.cryptocard.com
The options tab is used for two key items. Firstly it has a feature that allows for service change requests to be automatically submitted to