OTP Solution For

1-Sep-2014

Proposed Solution

Seamless
Integration

Proposed Solution
End User Authentication Workflow in SSL VPN
A generic user authentication workflow after integrating with SSL VPN
appliance is as follows:

User accesses the VPN login URL.

The user request is intercepted by the SSL VPN appliance, which, in
turn, redirects the user request for authentication.

Authentication could be in two ways based on the configuration.....

User Name + (LDAP password*OTP)

User Name + (LDAP Password and then on second page provide the
OTP)
OTP could have multiple form factors as shows in diagram.

User will provide the user name and LDAP password, LDAP is integrated
with SSL VPN device and ID Confirm.
For second authentication SSL VPN is integrated with Radius server and
Radius sever is integrated with ID Confirm (Formally known as SA
server) and ID confirm is integrated with SMS gateway through
SMSC/HTTPS.
OTP request will follow the sequence---Radius Server---ID Confirm
Sever---SMS Gateway---End User Mobile.
SSL VPN appliance validates the OTP .
After successful user authentication, SSL VPN appliance will provides
access to the network.

High-availability and performances

As IDConfirm 1000 Server is based on a traditional J2EE application link to a database,
standard web-based high-availability and scalability scheme can be applied

Active / Passive

Active / Active

No session stickiness to
manage
Limited performances

Physical or software
solution

Session stickiness to
manage
Highly scalable
Physical or software
solution
4

IDConfirm Solution Architecture

Easy integration in existing IT configuration

IDConfirm 1000 6.2 - compatibility

Supported
Supported OS
OS
Windows 2012, 2012 R2,
Windows 2008 R2 (64 bits)

Apache Tomcat 7 on Windows and

Linux

Redhat 5.8 and 6.4

Web Sphere on AIX/Windows 8.5.5

User
User Repository
Repository

Web
Web Browsers
Browsers

Microsoft Active Directory 2003, 2008 and

2012

IE 9, 10, 11

Novell eDirectory

Chrome 33

Open LDAP

Data
Data Base
Base
Oracle: 10, 11g
MSSQL 2008, 2012

Web
Web servers
servers

Firefox 24 ESR

Security
Security Modules
Modules
Thales PShield 9000, NetHSM 500
Java Key Store software module

Java
Java

MySQL 5.1, 5.5

Oracle Java 7

Firebird 2.1

IBM Java 6

IDConfirm Ease of use

Whatever your performance needs are,
IDConfirm Server can be configured to
answer them:
Requested performances can be achieved
with
a single inexpensive server or
multiple powerful machines sharing a powerful
database configuration via a powerful network

Requested performances can be achieve via a

high availability configuration:
Fail Over configuration using a third party
products
Safekit (Evidian), BigIP (F5)

Monitoring, logs
Admin Log: Rolling File (default), NT Event,
Syslog, SNMP

Load Balancing configuration using a third party

load balancer
BigIP (F5),
7

Back-up and restore: based on solutions

Whatever your IT configuration is, You

can probably add IDConfirm Solution
without changing your practices:
Agnostic to hardware configuration:
OS, DB, LDAP, Application server,
Web Browsers
Easy integration via standard
protocol:
XML over HTTP Web API for any
application compatible with those
standards
RADIUS (NPS and Free Radius)

Support for main browsers via a

dedicated Plug-In (SConnect
technology)
Deployment scenarios are
documented for typical
configurations.

SMS OTP option

OTP:

256987

SMS is used for the delivery of OTPs

Easy to use simple user experience with no client software
to install and maintain and no impact on customer phone
No additional hardware to carry
Customer need to subscribe to Mobile Messaging Operator
that offers an SMSC- or HTTP-compatible API SMS Provider
only MMOs with an appropriate service level agreement and
coverage area should be considered.
Simple SMS profiles configuration in IDConfirm
MMO connections
the format for the message that is sent to the user with the one-time password.
8

SMS OTP: How it works

Request OTP by SMS (User ID, Password)

Receive OTP by SMS

9

OTP code is:

255025

Why Gemalto

10

Recognized Industry Leadership again by Gartner

Based on Vision and Ability to Execute

Market understanding and very

strong innovation
World leader in digital security with
a true vision for mobile
Customers are well-dispersed
geographically
Best value for money: TCO + 100%
satisfaction
Joint third most frequently
shortlisted vendor

1
1

st
e
B

a
tr

ry
o
ct
e
j

on

r
se
U rs
r
a
ne ye
t
ar
G

Au

ic
t
en
h
t

on
i
at

In

Wide range of authentication of token form factors

12

Commercials

13

Thank You !
The Safe++ team can perform an on-site / off-site assessment of
your security set-up and help you build and drive a cost effective
and business risk driven organizational security strategy.
To set up a discussion do write in to us at info@safeplusplus.com

www.safeplusplus.com

Safe ++ Global Technology Services Pvt. Ltd.

Corporate Office: 002 & 003, BPTP Park
Centra, Sec-30, NH-8, Gurgaon-122001,
Haryana, India
info@safeplusplus.com