Docstoc

Authentication Regulations, Guidelines and Compliance

Document Sample
Authentication Regulations, Guidelines and Compliance Powered By Docstoc
					 Key Features of DS3 Authentication Server:                              Overview
 — Choice of strong authentication vendor mix for
                                                                         The DS3 Authentication Server has a proven track record
   lowest Total Cost of Ownership
                                                                         in staying ahead of technological innovations and trends.
 — Multi-factor authentication for privileged users                      It has received certification for RSA Secured® Partner
                                                                         Program, Mastercard EMV CAP AA4C and (as first)
 — End-to-end encryption for sensitive data
                                                                         OATH program for both HOTP and TOTP server profiles.
 — FIPS-140 Level 3 certified HSM to                                     (Also supporting OCRA)
   perform cryptographic operations
                                                                         The DS3 Authentication Server is a full fledged
 — High Availability, high performance                                   authentication security solution in an appliance (also
   and scalability                                                       available under VMWare®), providing End-to-End Security
                                                                         for passwords and highly sensitive information to secure
                                                                         electronic transactions. It is a high security and high
Compliance: The Need for Security                                        performance system that has the ability to support millions
                                                                         of users with different types of authentication methods
Increase of Threats                                                      and different types of tokens. The combination of power
Cyber threats such as credit card fraud, identity theft and              and flexibility reduces implementation risks and decreases
data breach have risen as an increasing number of people                 the Total Cost of Ownership (TCO).
are going online to conduct financial transactions. Millions
of people all over the world have been affected.
                                                                           Token Agnostic Approach
People have become a constant target for cyber criminals
                                                                           The multi-authentication, multivendor, multi-
who use spyware, key loggers, botnets, Trojans, phishing,
                                                                           domain and multi-token agnostic approach
pharming, shortened web addresses and even social media.
                                                                           assures:
Regulations and Guidelines                                                     - Lower Total Cost of Ownership (TCO)
In order to counter this, several countries and industry                       - Freedom of vendor token selection
organizations have taken the lead to safeguard customers                       - Flexibility in deployment and migration
and to help businesses through regulations and guidelines.                 There is no lock-in to any token vendor, giving
                                                                           the flexibility of deploying and switching
- The Monetary Authority of Singapore has published their                  tokens on your demand, while maintaining a
Internet Banking and Technology Risk Management                            good balance among costs, convenience and
Guidelines (IBTRM) which are considered to be the most                     risks.
stringent in the world

- T he world’s leading card brands collaborated to create                Strong Authentication Choice
an industry-wide framework known as the Payment Card                     A large variety of methods are supported - including:
Industry (PCI) Data Security Standard (DSS), a set of best                      Vasco/DIGIPASS, RSA/SecurID tokens
practices designed to secure credit card data throughout                        All OATH OTP tokens (HOTP – TOTP - OCRA)
the information lifecycle for storing, processing and                           USB key tokens - including hybrid tokens (OTP & PKI)
transmitting cardholder data.                                                   EMV CAP tokens (Mastercard EMV-CAP / PLA - 4AAC)
                                                                                PKI X.509 tokens (using any CA or the embedded CA)
DS3 Authentication Server Compliance                                            SMS One Time Password (logon and transaction)
The DS3 authentication server is compliant with both IBTRM                      Mobile phone (iPhone, Android, BlackBerry, J2ME)
and PCI DSS, which should be seen as an insurance policy,                       Scratch and matrix cards – PIN TAN lists
                                                                                Micro SD cards
protecting your business from the financial costs of failing
                                                                                Flexible OTP display cards
to secure identity and transaction data.
                                                                         And also one-factor authentication:
With DS3, you can be assured that our solutions can be
part of your IT investment to achieve industry guidelines,                      Static password authentication
regulations and compliance.                                                     Partial Password authentication

      Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - info@ds3global.com - All rights reserved
Features                                                                  High Availability and Scalability

Defense against Man-In-the-Middle Attacks                                 High Availability architecture is available with two Production
The DS3 Authentication Server supports the following                      and two Disaster Recovery servers. Th i s can be further
mechanisms to defend against MITMA attacks:                               scaled horizontally up to 12 servers in an active-active cross
                                                                          site architecture to deliver up to 99.999% availability.
             SMS Out-Of-Band Transaction Signing
             VASCO token signing                                          In compliance with:
             OATH OCRA transaction signing (coming soon)                      MAS IBTRM Guidelines addressed Section 4.3
             EMV CAP Mode 1 transaction signing
The Out-Of-Band authorization via SMS Transaction                         Comprehensive ID-Management
signing is achieved by transmitting an SMS message to the                 The DS3 Authentication Server is able to enforce strong ID
user’s pre-registered mobile number containing the                        management for administrator and non-administrator
transaction    details   n
                         ad    the     transaction-signing                accounts including:
au th orization code to be entered in order to confirm the
                                                                                        ID Creation/Modification/Deletion
transaction.
                                                                                        Password locking / resets / force change
Strong Authentication for Critical Systems                                              Inactivity lockout
The DS3 Authentication Server can be used and integrated                                Password policy enforcement
with to enforce strong authentication for critical systems                Each user is managed by a unique UserID having a set of
such as:                                                                  authentication access controls assigned to him.
           Windows Servers (via GINA)
           Linux, UNIX Servers (via PAM)                                  In compliance with:
           Citrix Servers (via RADIUS)                                        PCI DSS Requirements addressed Section 8.1 and 8.5
           VPN (via RADIUS)
           Tivoli suite: TAMeb, TAM esso, iTIM, TFIM
                                                                          Summary
In compliance with:
                                                                          The DS3 Authentication Server is a complete Authentication
    MAS IBTRM Guidelines addressed Section 4.4                            Security solution in an appliance (also available under
    PCI DSS Requirements addressed Section 8 & Section 1c                 VMWare®), which has received certifications from industry
                                                                          leaders and incorporates some of the best practices
End-to-End Encryption – HSM FIPS-140 – PKI                                employed in the industry.
Securing End-To-End Encryption (E2EE) for PINs, passwords,                By     effectively addressing industry guidelines and
transactions and other customer information is ensured by                 requirements, DS3 can help your organization achieve
providing the necessary Java Script / Applet for the frontend             compliance in a timely and cost-effective manner. At the
and backend HSM cryptographic operations.                                 same time offering the freedom of choice of authentication
In order to perform secure cryptographic operations, the DS3              method and token vendor a lower total cost of ownership can
Authentication Server can embed a FIPS-140 Level 3 certified              be achieved.
HSM.
Additionally transparent key management features allow
f i n a n c i a l i n s t i t u t i o n s to generate, use and renew
keys without any key information ever leaving the                         Singapore Headquarters         North Americas
appliance.                                                                Tel: +65-6479-5688             Tel: +1-408-834-4430
                                                                          Email: info@DS3global.com      Email: agrossi@DS3global.com
EAP-TLS PKI certificates can be issued t o support strong
authentication services via 802.1X.                                       Japan                          Middle East
                                                                          Tel: +81-3-5829-9757           Tel: +971-50-519-4873
In compliance with:                                                       Email: cskyo@DS3global.com     Email: rahul@DS3global.com

    MAS IBTRM Guidelines addressed Section 4.1                            Europe                         India
                                                                          Tel: +32-478-34-99-15          Tel: +91-981-968-5840
    PCI DSS Requirements addressed Section 4.1 and 8.4                    Email: eco@DS3global.com       Email: amit@DS3global.com


         Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - info@ds3global.com - All rights reserved

				
DOCUMENT INFO
Description: Cyber threats such as credit card fraud, identity theft and data breach have risen as an increasing number of people are going online to conduct financial transactions. Millions of people all over the world have been affected. People have become a constant target for cyber criminals who use spyware, key loggers, botnets, Trojans, phishing, pharming, shortened web addresses and even social media. In order to counter this, several countries and industry organizations have taken the lead to safeguard customers