IBM - TAS -Total Authentication Solution - Regulations, Guidelines, Compliance by Authentication


More Info
									 Key Features of Total Authentication Solution:                          Overview
 — Choice of strong authentication vendor mix for
                                                                         The Total Authentication Solution has a proven track
   lowest Total Cost of Ownership
                                                                         record in staying ahead of technological innovations and
 — Multi-factor authentication for privileged users                      trends. It has received certification for RSA Secured®
                                                                         Partner Program, Mastercard EMV CAP AA4C and (as
 — End-to-end encryption for sensitive data
                                                                         first) OATH program for both HOTP and TOTP server
 — FIPS-140 Level 3 certified HSM to                                     profiles. (Also supporting OCRA)
   perform cryptographic operations
                                                                         The Total Authentication Solution is a full fledged
 — High Availability, high performance                                   authentication security solution in an appliance (also
   and scalability                                                       available under VMWare®), providing End-to-End Security
                                                                         for passwords and highly sensitive information to secure
                                                                         electronic transactions. It is a high security and high
Compliance: The Need for Security                                        performance system that has the ability to support millions
                                                                         of users with different types of authentication methods
Increase of Threats                                                      and different types of tokens. The combination of power
Cyber threats such as credit card fraud, identity theft and              and flexibility reduces implementation risks and decreases
data breach have risen as an increasing number of people                 the Total Cost of Ownership (TCO).
are going online to conduct financial transactions. Millions
of people all over the world have been affected.
                                                                           Token Agnostic Approach
People have become a constant target for cyber criminals
                                                                           The multi-authentication, multivendor, multi-
who use spyware, key loggers, botnets, Trojans, phishing,
                                                                           domain and multi-token agnostic approach
pharming, shortened web addresses and even social media.
Regulations and Guidelines                                                     - Lower Total Cost of Ownership (TCO)
In order to counter this, several countries and industry                       - Freedom of vendor token selection
organizations have taken the lead to safeguard customers                       - Flexibility in deployment and migration
and to help businesses through regulations and guidelines.                 There is no lock-in to any token vendor, giving
                                                                           the flexibility of deploying and switching
- The Monetary Authority of Singapore has published their                  tokens on your demand, while maintaining a
Internet Banking and Technology Risk Management                            good balance among costs, convenience and
Guidelines (IBTRM) which are considered to be the most                     risks.
stringent in the world

- T he world’s leading card brands collaborated to create                Strong Authentication Choice
an industry-wide framework known as the Payment Card                     A large variety of methods are supported - including:
Industry (PCI) Data Security Standard (DSS), a set of best                      Vasco/DIGIPASS, RSA/SecurID tokens
practices designed to secure credit card data throughout                        All OATH OTP tokens (HOTP – TOTP - OCRA)
the information lifecycle for storing, processing and                           USB key tokens - including hybrid tokens (OTP & PKI)
transmitting cardholder data.                                                   EMV CAP tokens (Mastercard EMV-CAP / PLA - 4AAC)
                                                                                PKI X.509 tokens (using any CA or the embedded CA)
Total Authentication Solution Compliance                                        SMS One Time Password (logon and transaction)
The TAS authentication server is compliant with both IBTRM                      Mobile phone (iPhone, Android, BlackBerry, J2ME)
and PCI DSS, which should be seen as an insurance policy,                       Scratch and matrix cards – PIN TAN lists
                                                                                Micro SD cards
protecting your business from the financial costs of failing
                                                                                Flexible OTP display cards
to secure identity and transaction data.
                                                                         And also one-factor authentication:
With the TAS you can be assured that our solutions can be
part of your IT investment to achieve industry guidelines,                      Static password authentication
regulations and compliance.                                                     Partial Password authentication

      Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - - - All rights reserved
Features                                                                  High Availability and Scalability

Defense against Man-In-the-Middle Attacks                                 High Availability architecture is available with two Production
The Total Authentication Solution supports the following                  and two Disaster Recovery servers. Th i s can be further
mechanisms to defend against MITMA attacks:                               scaled horizontally up to 12 servers in an active-active cross
                                                                          site architecture to deliver up to 99.999% availability.
             SMS Out-Of-Band Transaction Signing
             VASCO token signing                                          In compliance with:
             OATH OCRA transaction signing (coming soon)                      MAS IBTRM Guidelines addressed Section 4.3
             EMV CAP Mode 1 transaction signing
The Out-Of-Band authorization via SMS Transaction                         Comprehensive ID-Management
signing is achieved by transmitting an SMS message to the                 The Total Authentication Solution is able to enforce strong ID
user’s pre-registered mobile number containing the                        management for administrator and non-administrator
transaction    details   n
                         ad    the     transaction-signing                accounts including:
au th orization code to be entered in order to confirm the
                                                                                        ID Creation/Modification/Deletion
                                                                                        Password locking / resets / force change
Strong Authentication for Critical Systems                                              Inactivity lockout
The Total Authentication Solution can be used and                                       Password policy enforcement
integrated with to enforce strong authentication for critical             Each user is managed by a unique UserID having a set of
systems such as:                                                          authentication access controls assigned to him.
            Windows Servers (via GINA)
            Linux, UNIX Servers (via PAM)                                 In compliance with:
            Citrix Servers (via RADIUS)                                       PCI DSS Requirements addressed Section 8.1 and 8.5
            VPN (via RADIUS)
            Tivoli suite: TAMeb, TAM esso, iTIM, TFIM
In compliance with:
                                                                          The Total Authentication Solution is a complete
    MAS IBTRM Guidelines addressed Section 4.4                            Authentication Security solution in an appliance (also available
    PCI DSS Requirements addressed Section 8 & Section 1c                 under VMWare®), which has received certifications from
                                                                          industry leaders and incorporates some of the best
End-to-End Encryption – HSM FIPS-140 – PKI                                practices employed in the industry.
Securing End-To-End Encryption (E2EE) for PINs, passwords,                By      effectively addressing industry guidelines and
transactions and other customer information is ensured by                 requirements, the Total Authentication Solution can help
providing the necessary Java Script / Applet for the frontend             your organization achieve compliance in a timely and cost-
and backend HSM cryptographic operations.                                 effective manner. At the same time offering the freedom of
In order to perform secure cryptographic operations, the                  choice of authentication method and token vendor a lower
Total Authentication Solution can embed a FIPS-140 Level 3                total cost of ownership can be achieved.
certified HSM.
                                                                          Information on IBM Total Authentication server here
Additionally transparent key management features allow
f i n a n c i a l i n s t i t u t i o n s to generate, use and renew      DS3
keys without any key information ever leaving the                         Singapore Headquarters         North Americas
appliance.                                                                Tel: +65-6479-5688             Tel: +1-408-834-4430
                                                                          Email:      Email:
EAP-TLS PKI certificates can be issued t o support strong
authentication services via 802.1X.                                       Japan                          Middle East
                                                                          Tel: +81-3-5829-9757           Tel: +971-50-519-4873
In compliance with:                                                       Email:     Email:

    MAS IBTRM Guidelines addressed Section 4.1                            Europe                         India
                                                                          Tel: +32-478-34-99-15          Tel: +91-981-968-5840
    PCI DSS Requirements addressed Section 4.1 and 8.4                    Email:       Email:

         Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - - - All rights reserved

To top