|
I
Two
Factors Authentication
One-Time Password (OTP)
The
basic security for network access is to use an effective method to
authenticate the identity of the user trying to gain access to the
network.
The use of static
user id and password is proven to be insecure and can be easily
compromised by hackers.
The use of
Dynamic
Password
or One-Time Password (OTP) to assures that only the right people can
make connections to your network or application is widely adopted by
enterprises of all business nature today.
The Anmeng AMPass
Authentication Server and Token are used by hundreds of
organizations and tens of thousands
of end users every day, delivering strong authentication to their
critical networks and resources.
If you identify user base on user id and static password, you
are putting your organization’s digital assets at risk. Passwords can
easily be hacked, borrowed, guessed, or stolen.
AMPass eliminates these password vulnerabilities with
an easy-to-use (and very secure) one-time passcode system that is
easy for users to use every day, easier than remembering complicated
passwords that aren't safe anyway. A small handheld device, called
AMPass Token, generates unique numeric passcodes every
60-seconds for user logs into their network through a VPN, Firewall,
Web-based application, Windows Domain, Network Appliance or any
system that support RADIUS, TACACS+ , Kerberos or SecurID
protocol.
Choices of hardware and software tokens
AMPass
Hardware Token
- In the size of a key chain, the AMPass Hardware Token is an easy
to carry and highly portable authentication device.
A 6 or 8-digit random number (PassCode) is generated every
60-seconds and displayed on a crystal clear LCD panel. Thanks to
AMPass unique hashing algorithm, each PassCode displayed in a token
is randomly generated and is unpredictable.
Combining the PassCode with the user's login id and password,
the AMPass Token provides a strong user authentication for
restricted access to mission critical applications.
Since the use of AMPass Hardware Token is independent of the
user terminal and requires no client software installation, secure
user authentication can be achieved whenuser is logging in
using his/her own personal computer or a computer shared by other
users, such as in a cyber cafˆm or
in a business center.
The AMPass Hardware Token was designed
and manufactured for use at different environments and user
behavior.
Each
token was tested against hi-low temperature variance, high voltage
of static electricity shocks, resistance of water and proof of
dropping from hign point.
The AMPass Hardware Token provides a peace-of-mind solution
to enterprises with minimized end-user support effort when large
numbers of customers, business partners and employees are required
to have secure login to enterprise's IT
resources.
 
¡@
 AMPass
Software Token
- Same as the hardware token, except it appears in a format of a
client software.
The AMPass Software Token is a small footprint application
which can be installed on a Windows XP machine.
When activated, a software token will appear on user's
terminal screen displaying a 6 or 8-digit PassCode.
When the user is trying to login a system or application
protected by AMPass Authentication
Server, he/she will be prompted by the system to enter his/her user
id, password and the PassCode displayed by the token at that
time.
User can either type-in the PassCode shown or simply copy
& paste it at the login prompt.
The AMPass Software Token is most suitable for users who
always login the systems from a designated PC.
The AMPass Software Token provides a cost effective solution
for user authentication to less mission critical
applications.
AMPass
Mobile Token
- Same as the AMPass Software Token, except
that the AMPass Mobile Token is a J2ME application runs on a
Microsoft Windows CE platform which is being
used by most PDA and Smart Phone today.
When the AMPass Mobile Token is activated by the user, it
will display the 6 or 8-digit PassCode which can only be used once
by the use.
The AMPass Mobile Token provides a more secure and mobile
personal identity for a user to authenticate him/herself to a system
protected by AMPass Server.
¡@
 AMPass
SMS Token
?Instead of issuing
a hardware or software token to a user, a user can register
his/her mobile phone number with AMPass and a OTP Code will be sent
to the user via SMS when the user request to login to a system being
protected by AMPass Server.
Same as a AMPass Token, the OTP Code is randomly generated by
the AMPass Server upon user logon.
The user will receive a 6 or 8-digit OTP Code via SMS with an
expiry time pre-defined by the system.
If the OTP Code was not used by the user within a specific
time interval, the code will expire and the user needs to submit a
second request to receive a new OTP Code.
Since no hardware or software token is issued to users, the
AMPass SMS Token is a low-cost but yet very secure method of
authenticating a user who do not need to log-on a system too
frequently.
Alternatively, SMS Token can also be issued as a back-up
token for all users.
When a user lost or forget to bring his/her hardware/software
token, a request can be sent to the AMPass Server to receive an OTP
Code via SMS
¡@
¡@
AMPass
Server
is the management component of the AMPass product family, used to
verify authentication requests and to administer policies for
enterprise networks. A true carrier-class solution, AMPass Server
scales to the needs of large enterprises, capable of protecting
hundreds of thousands of users across multiple physical sites; and
works with more network, Internet and application solutions than any
other authentication system. The ACE/Server,), is the heart of the
system and has been proven with applications.
When
users log in to protected resources, the AMPass Server handles this
via the agent software. The server user database may be administered
manually or synchronized to an LDAP database to automatically add or
update individual records according to a pre-arranged schedule. The Microsoft Active
Directory, iPlanet Directory Server and Novell NDS eDirectory are
all supported by this synchronization feature.
AMPass
Server, the authentication engine on the network, when managed by
the security administrator or network manager, it is used
to:
•
Issue RSA SecurID authenticators to trusted
individuals
•
Set and enforce security policies, protecting access to private
network systems, files and applications. This includes the ability
to define access based on time of day, day of week or by group or
user-defined access
•
Maintain audit logs of user access
•
Centrally manage user and token information
•
Define and report alarm situations, such as repeated failed attempts
to access a network port.
The
AMPass Server operates on Windows and UNIX-based server platforms. A
single AMPass Server can protect millions of users. As many as 10
replicas can interoperate within one realm and up to 20 realms can
be networked together.
Hardware
Platforms Supported
AMPass
Server can be installed on various operating systems preferred by
the user including:
• Windows 2000 or Windows
Server 2003
• SUN Solaris
• HP-UX
• IBM AIX
•
Working
Together: Server, Client and Intermediary Agent
User
authentication for local network access, remote dial-in,
Internet/VPN connections or Web applications is accomplished via
RADIUS, TAACS+ or the RSA ACE/Agent protocol which are industrial
standard protocol already supported by most of the network
appliances and systems.
In addition to these standard protocol, AMPass API can also
be deployed in customer applications to provide strong
authentication at application layer.
When
a user attempts to access a protected system, the Agent ?initiates
an authentication session instead of a basic password session. Most
leading remote access server, firewall, VPN and router products have
built-in Agents for compatibility with AMPass two-factor
authentication. In addition, both TACACS+ and RADIUS authentication
support AMPass Server sessions.
Depends
on the type of system to be protected, an enterprise can make use of
dedicated ACE/Agents or AMPass API for different applications
including Microsoft IIS, Apache, IBM WebSphare, Domino, Weblogic or
any common enterprise applications. Same as for enterprise
infrastructure systems such as Windows NT/2000/XP/2003, UNIX, Linux,
AIX, NetWare and AS/400.
About
Anmeng
Anmeng
is a leader in China providing break through 2-Factors
Authentication and One-Time Password (OTP) solution for the growing
challenge of user identity management. For applications like
eCommerce, eBanking, Enterprise e-mail, CRM, ERP to VPN, Firewall,
Unix and Windows Server, Anmeng’s AMPass Authentication Solution
helps enterprises to ensure strong user authentication is in place
when user tries to login the system.
Founded
in 2001, Anmeng today has offices in 10 major cities in China and is
expanding to Hong Kong and other Asian countries.
With hundreds of installations in China at different business
sectors including banking, finance, telecom, government, utilities,
transportation and manufacturing, the AMPass Authentication System
has achieved the highest standard of testing in the market.
A proven technology supporting industry standard protocol and
interface, Anmeng can provide an authentication solution to
integrate with any system in use at customer’s environment.
When needed, its strong development team located at Xian can
provide custom changes to accommodate customer’s unique
requirements.
|
|
