Secure Web Access
Online transactions is an essential part of todays’ live, that every moment is entering new fields and applications.
With the launch of the initiatives towards e-government and e-commerce, the demand to secure and reliable web access is very important .Some transactions are made for online payments and other for entertainment like games portals, which is less critical and sensitivity than financial transactions. Other actions such as logging to enterprise’ resources remotely are critical that a strict user identity must be proved.
Most web sites and web applications depend on user name and passwords authentication, which is not a secure way for authentication. User password may be hacked and stolen through many ways such as; keystroke loggers, or brute force attacks, or even from the server side. Another issue with username/password credentials that user will not recognize a hacker has stolen the password and is using them.
Another issue is that static username/password are cached in the web browser. This is extremely dangerous that hacker can attack the browser and retrieve these credentials or even another person can use them to login later from the same machine.
Softlock solution includes two alternatives:
PKI Based Secure Web Access.
OTP Based Secure Web Access
PKI Secure Web Access
This solution is intended to provide a hardware authentication technique to web sites and web applications. In this solution, Softlock Smart Token is used to store the user certificate that will be the user credentials to access the website.
A number of security mechanisms are employed, helping significantly to eliminate the risk of fraud, attacks and misuse from unauthorized individuals and hackers.
The connection is the most secure internet connection SSL that guarantees at server and client sides required security level. Also, the user ID is stored on secure Hardware that cannot be duplicated. The hardware is protected by user PIN/Fingerprint to assure only the token owner will use it.
Softlock PKI solution for web access provides easy and simple method to control the access to the website using Certificate Revocation List (CRL). CRL enables the admin to prevent a user from access the server temporarily or permanently.
Softlock PKI web access solution supports and the X.509 standards and CRL standards version 3.0. Also, supports PKCS#11 standard for hardware security devices.
Softlock Secure Web Access Solution is easy to deploy and use with any website or any web application.
The PKI solution is compatible with all applications and environment that makes it suitable and easy to use for any case. The solution is compatible with web servers IIS and Apache. Also, the solution is compatible with Web Browsers Internet Explorer, Chrome, and Mozilla Firefox. The solution can be used with different Operating Systems as Softlock Smart Token is compatible with Windows (32/64 Bit) 2K, XP, 2003, Vista, 7, 8, 2008 and Linux (32 Bit).
OTP Secure Web Access
OTP RADIUS system provides solution for user authentication using the one time password OTP method with the back end system at the server side. It allows the end user to perform his authentication through one click/touch.
OTP RADIUS system allows the user information to be stored on one host, minimizing the risk of security loopholes. Two reasons cause this ultimate security. The first is the use of the OTP authentication technology. And the second is the strong secure communication between the system entities, which achieved by the Radius protocol. Hence two major security technologies are integrated together to produce the OTP Radius System. The solution solves the password caching problem.
Ease of use
One click/touch; one response. The user has no need to identify himself through multiple steps, just submit his username and OTP and make one click/touch, where the web application passes the submitted credentials and identities, return back with respond of Accept or Reject. The OTP solution requires no driver to be installed at the user side.
The web application server is not indeed the targeted NAS, because NAS is always can be any electronic device that have an interface with a computer. So, any device can use the OTP RADIUS server in users’ authentication.
Also, integration with different databases or LDAP directories is provided by the OTP RADIUS system.
The OTP server responses quickly to authentication requests received from applications servers.
The OTP server is more reliable for long term operation.
Using the available integrated QA tests to troubleshoot and maintain the OTP server components.
Also, with existing testing applications to test the OTP server. Also, the ability to resynchronize token during authentication.
The solution does not require much skill or experience for the system admin. All administration actions are done easily through the backend interface.
OTP RADIUS server is OATH certified for both TOTP and HOTP tokens. Also, PSKC encrypted files are supported.