SlideShare une entreprise Scribd logo

Msk security non linear authenticaiton

M
msksecurity

2FA, Non Linear Authentication, MSK Security, Security for the Cloud on the Cloud 2 Factor authentication, SSO, IAM, HASP and Compliance Hippa compliance Saas Hippa, Cloud Hippa, cloud secuirty, saas security, MSK Security, Cloud SSO, 2 factor authentication, HASP, Cloud computing, google apps security, Single Sign on, MITB, Man in the browser, Zeus malware, clampi trojan, clampi malware, zeus malware, msk security, non linear authentication, urlzone malware, urlzone trojan, free two factor authentication, free password manager, free sso, free single sign on

TechnologieBusiness
1  sur  10
Télécharger pour lire hors ligne
Non Linear Authentication SM Non Linear Authentication SM By MSK Security Version 1.0.20100308 Patent Pending Prepared by: Shahram Karimian Raymond Gallagher 3/9/2010 Page 1 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM Table of Contents Non Linear Authentication SM ..................................................................1 By MSK Security ..................................................................................1 Version 1.0.20100308.....................................................................1 Patent Pending ..............................................................................1 Table of Contents .................................................................................2 Executive Summary..............................................................................3 Non-Linear Authentication SM..................................................................5 Linear Authentication ......................................................................5 Non-Linear Authentication SM............................................................5 How the MSK Digital IDTM isolates and protects.........................................6 Out of Band Transactional Verification for Banking .................................7 Isolation through HASP ......................................................................8 Data Protection:.............................................................................8 System Protection: .........................................................................8 MSK Digital IDTM Smart Token – .............................................................9 System requirements............................................................................9 Implementation .............................................................................9 Proven technologies and best practices .............................................. 10 Appendix A........................................................................................ 11 How the Security Token communicates ........................................... 11 How the Authentication Server communicates .................................. 11 3/9/2010 Page 2 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM Executive Summary MSK Security is designed to allow secure logins, transaction verification, payment processing and Digital Signatures, in a WAN environment and to remove the possibility of non-authorized activity interfering with these processes. MSK Security has invented “Non-Linear Authentication SM” (Patent Pending) and has a proven implementation of it in our (MSK Web Management 2008 system our 3rd generation management system). Some of the aspects that come out of MSK Security’s implementation of “Non-Linear Authentication SM” are Bidirectional Authentication, Two-Factor Authentication and Out-of-Band Authentication. There has been a lot of discussion about Multi-factor Authentication but little attention has been spent on the aspects of authentication. Non-Linear Authentication SM is, in its own right, a new aspect of authentication and by default exhibits characteristics from many other techniques. This is due in part by the nature of Non-Linear Authentication SM and in part to the powerful way in which MSK Security has implemented it. Many security systems and techniques have failed not because of security but because of usability. From the End-Users perspective, using the security token is no more difficult than the current username/password combination and in some respects (especially across multiple enabled systems) is considerably easier. Two-factor Authentication There are only three possible factors for authentication, something you know, something you have and something you are: 1. Something you know such as a Password, Image, Pattern, Answers to questions are just forms of single-factor authentications. 2. Something you have such as Unique Client Programs, OTP Tokens, Computer hardware, Smart Cards and Keys would also be considered single-factor unless you combine it with something you know. Something you have by its self is still stronger than just something you know. 3. Something you are (the strongest single factor for authentication) such as a Finger Print, Retina, DNA, Picture ID from a trusted source. 3/9/2010 Page 3 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM What are aspects of authentication? The aspect of authentication is a high level implementation of authentication. It answers the questions “Who has to authenticate?” “Who is trusted?” “How are credentials transmitted?” “What factors of authentication are going to be used?” Almost all websites use single factor unidirectional authentication. Bidirectional Authentication Bidirectional authentication is where the service authenticates to the end- user and the end-user authenticates to the service. This has been implemented by displaying a secrete pass-phrase or picture on the webpage after the end-user puts in their username but before they enter their password. Bidirectional Authentication is an aspect of authentication. User Server/Service Out-of-Band Authentication Out-of-Band Authentication is where part of the communication with a service is done outside the line of communication. This has been implemented by sending an email or making a phone call with a password when the end-user attempts to login. Out-of-Band Authentication is an aspect of authentication. User Server/Service E-mail/Phone 3/9/2010 Page 4 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM Non-Linear Authentication SM Non-Linear Authentication SM has three players the End-User, the Service or (an agency’s internal network and business applications) and the Authentication-Service or (Auth Server). Non-Linear Authentication SM is where both the End-User and the Service have to authenticate to the Auth Server. The End-User first picks a Service to login to; the Service then authenticates itself to the Auth Server; next the End-User authenticates to the Auth Server; finally the End-User logs in and it is at this point that the Service checks independently with the Auth Server to see if the End-User has authenticated. This is also the point at which the End-Users receive their access rights. Linear Authentication User Server/Service User Authentication Server/Service server/service Server/Service1 User Authentication server/service Server/Service 2 Server/Service 3 Non-Linear Authentication SM Server User 1 Out-of-Band Credentials Server Server 3 2 Authentication server/service Secure Information 3/9/2010 Page 5 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM How the MSK Digital IDTM Works All businesses and agencies have sensitive data and must simultaneously protect it and provide access to it. To effectively do this, a proven system for user authentication is required. The ideal system provides top-level security with cost-effective deployment and maintenance as well as ease of use. MSK offers identity and access management solutions that meet these requirements. MSK delivers enterprise-grade user authentication that is more powerful than existing PKI technologies without the complexity, overhead and risk associated with these solutions that require key management and storage. To deliver powerful authentication with minimal overhead, MSK takes the proven two-factor method to a new level of ease of use and security. MSK also adds another level of security by having users’ authentication done directly between the smart security token and the authentication server. This direct connection allows the token to have Bi- directional authentication and Out-of-Band authentication at the same time. Example: Banking Site Login Bi-Directional Authentication First Factor Something you know Second Factor Something you have Second Factor If you are not on an authorized PC 3/9/2010 Page 6 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM Transactional Verification for Banking Account where funds are coming from Amount and where the funds are going Payment processing Digital Signatures 3/9/2010 Page 7 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM HASP (Hardware Against Software Piracy) MSK Digital ID™ has an optional HASP feature that allows Software on Demand from a specific machine or a pre determined network of machines; this guarantees the highest level of controlled access. Users can be limited to a specific machine or group of machines preventing password sharing. All of this is accomplished without the need to install cumbersome software or hardware. - Provides a better way to meet compliance - Enables more control over use of service - Ensures controlled access to sensitive data From the Point of Authentication: Data Protection: Unauthorized Users: • Phishing • Man-in-the-Middle • Key Loggers • Password Sharing MSK Security will protect you from all of these attacks. Insider Threats: • Audit Trails • Identity and Access Management MSK Web Management TM solution includes full audit trails granular to any machine that attempts to login. The solution includes a single point provisioning and single click removal or de-provisioning. System Protection: Injection attacks: • SQL-Injection • Cross-site-scripting Injections into the Buffer fields like (username and password fields) can damage a system. MSK removes the buffer fields; this reduction of the attack surface eliminates injection attacks. 3/9/2010 Page 8 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM MSK Digital IDTM Smart Token – System requirements The Security Token runs under Microsoft .NET Framework v1.1.4322 and above. The .NET Framework is included on Windows XP service pack 2 and is part of the OS for Windows Vista and Windows 7. The MSK Security Smart Token requires no installation it is a stand alone executable that will just run if double clicked. Fully testing has been done on Window 2000, Windows XP, Windows Vista, Windows 7 and Windows 2003 Server. The Security Token will recognize Fire Fox 2.0 and earlier; the most common implementation is under Internet Explorer 5.0 and above this includes the latest version of Internet Explorer 8.0 Testing has also include MAC computers running Virtualized versions of the Windows OS. Implementation There are two way to implement MSK Digital ID first is our SAAS model second is a self hosted model. Our SAAS model has only a small a per-set license. The self hosted model will require a Secure MSK Security Authentication Server and will require Branded Smart Tokens that will only communicate with the self hosted Authentication Server. The requirements of the physical server are Windows 2003 Server other requirement will vary depending on implementation (Firewalls, Proxies, Monitoring Services, Secure Hosting Services i.e. SAS 70 Datacenter). Our SAAS (Software-As-A-Service) model is by far the most robust and is the far less costly option. Traditional two factor solutions require distribution and life cycle management of expensive hardware tokens that need to be synchronized with expensive on premise authentication servers that require expensive on premise maintenance. Distribution of the MSK Security Smart Token is quick and easy. The MSK Web Management TM system is included as part of the service not an extra piece of software that needs to be installed and maintained or licensed. The optional HASP (Hardware Against Software Piracy) feature is included as part of the offering. The Smart Tokens can be married to 1 or more computers preventing them from being used on non-authorized computers. Scalability is quick and limitless. With traditional systems this process can be very painful and expensive. 3/9/2010 Page 9 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM Proven technologies and best practices Proven technologies included with the system are as fallows • 128-bit SSL (Secure Socket Layer) • 256 or 512-bit SHA (Secure Hash Algorithm) • One time only Salted SHA (Random Data added to a Hash to prevent Rainbow table collision attacks) • .NET (Managed Software Framework that is keep up-to-date) • SQL (Structured Query Language) used for high performance data management • Windows Server 2003 • SAS 70 Type II Data Center 3/9/2010 Page 10 of 12 © Copyright 2010 MSK Security

Recommandé

Sms based otp
Sms based otpSms based otp
Sms based otp
Hai Nguyen
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
Raj Chanchal
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET Journal
 
test
testtest
test
pixeldemo
 

Recommandé

Sms based otp
Sms based otpSms based otp
Sms based otp
Hai Nguyen
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
Raj Chanchal
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET Journal
 
test
testtest
test
pixeldemo
 
Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed Network
IJERA Editor
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a
alwayson
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
Hendrix Bodden
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
Hitachi ID Systems, Inc.
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 
3D secure password
3D secure password3D secure password
3D secure password
achintya354
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
PortalGuard dba PistolStar, Inc.
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking System
IRJET Journal
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
PortalGuard dba PistolStar, Inc.
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 
App Authentication
App AuthenticationApp Authentication
App Authentication
Trevayne Van Niekerk
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
Hitachi ID Systems, Inc.
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authentications
eSAT Publishing House
 
Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
Alyse Ergood McKeal
 
How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic PresentsHow Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
Alyse Ergood McKeal
 
Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood
Alyse Ergood McKeal
 
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Alyse Ergood McKeal
 
Konsep ASB (PSEKP - UGM)
Konsep ASB (PSEKP - UGM)Konsep ASB (PSEKP - UGM)
Konsep ASB (PSEKP - UGM)
PSEKP - UGM
 
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
Alyse Ergood McKeal
 

Contenu connexe

Tendances

Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed Network
IJERA Editor
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a
alwayson
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
Hendrix Bodden
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
Hitachi ID Systems, Inc.
 

Tendances (16)

Efficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed NetworkEfficient and Secure Single Sign on Mechanism for Distributed Network
Efficient and Secure Single Sign on Mechanism for Distributed Network
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Enterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoftEnterprise Mobile Security for PeopleSoft
Enterprise Mobile Security for PeopleSoft
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
3D secure password
3D secure password3D secure password
3D secure password
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking System
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
76 s201923
76 s20192376 s201923
76 s201923
 
App Authentication
App AuthenticationApp Authentication
App Authentication
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authentications
 

En vedette

How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic PresentsHow Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
Alyse Ergood McKeal
 
Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood
Alyse Ergood McKeal
 
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Alyse Ergood McKeal
 

En vedette (6)

Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
Protecting Intellectual Freedom for Librarians and Our Patrons by Alyse Ergoo...
 
How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic PresentsHow Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
How Reference Librarians Market Electronic Resources:SEFLIN Academic Presents
 
Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood Managing Stress: SEFLIN Staff Development by Alyse Ergood
Managing Stress: SEFLIN Staff Development by Alyse Ergood
 
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
Editing with Camtasia Part 2: SEFLIN: Evolving Library Technologies Regional ...
 
Konsep ASB (PSEKP - UGM)
Konsep ASB (PSEKP - UGM)Konsep ASB (PSEKP - UGM)
Konsep ASB (PSEKP - UGM)
 
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
Florida SULS Information Literacy Subcommittee Presentation by group:2011 Gra...
 

Similaire à Msk security non linear authenticaiton

Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
kate_holden
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
pjpallen
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Precisely
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authentication
eSAT Journals
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd Iaetsd
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
kate_holden
 

Similaire à Msk security non linear authenticaiton (20)

status
statusstatus
status
 
ffv
ffvffv
ffv
 
status
statusstatus
status
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...
 
Identity patterns and anit-patterns in real world web services
Identity patterns and anit-patterns in real world web servicesIdentity patterns and anit-patterns in real world web services
Identity patterns and anit-patterns in real world web services
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORD
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signify
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed Systems
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay Examples
 
Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...Security analysis of a single sign on mechanism for distributed computer netw...
Security analysis of a single sign on mechanism for distributed computer netw...
 
JAVA 2013 IEEE NETWORKSECURITY PROJECT Security analysis of a single sign on ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Security analysis of a single sign on ...JAVA 2013 IEEE NETWORKSECURITY PROJECT Security analysis of a single sign on ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Security analysis of a single sign on ...
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
A secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authenticationA secure communication in smart phones using two factor authentication
A secure communication in smart phones using two factor authentication
 
Web services security_in_wse_3_ppt
Web services security_in_wse_3_pptWeb services security_in_wse_3_ppt
Web services security_in_wse_3_ppt
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Msk security non linear authenticaiton

  • 1. Non Linear Authentication SM Non Linear Authentication SM By MSK Security Version 1.0.20100308 Patent Pending Prepared by: Shahram Karimian Raymond Gallagher 3/9/2010 Page 1 of 12 © Copyright 2010 MSK Security
  • 2. Non Linear Authentication SM Table of Contents Non Linear Authentication SM ..................................................................1 By MSK Security ..................................................................................1 Version 1.0.20100308.....................................................................1 Patent Pending ..............................................................................1 Table of Contents .................................................................................2 Executive Summary..............................................................................3 Non-Linear Authentication SM..................................................................5 Linear Authentication ......................................................................5 Non-Linear Authentication SM............................................................5 How the MSK Digital IDTM isolates and protects.........................................6 Out of Band Transactional Verification for Banking .................................7 Isolation through HASP ......................................................................8 Data Protection:.............................................................................8 System Protection: .........................................................................8 MSK Digital IDTM Smart Token – .............................................................9 System requirements............................................................................9 Implementation .............................................................................9 Proven technologies and best practices .............................................. 10 Appendix A........................................................................................ 11 How the Security Token communicates ........................................... 11 How the Authentication Server communicates .................................. 11 3/9/2010 Page 2 of 12 © Copyright 2010 MSK Security
  • 3. Non Linear Authentication SM Executive Summary MSK Security is designed to allow secure logins, transaction verification, payment processing and Digital Signatures, in a WAN environment and to remove the possibility of non-authorized activity interfering with these processes. MSK Security has invented “Non-Linear Authentication SM” (Patent Pending) and has a proven implementation of it in our (MSK Web Management 2008 system our 3rd generation management system). Some of the aspects that come out of MSK Security’s implementation of “Non-Linear Authentication SM” are Bidirectional Authentication, Two-Factor Authentication and Out-of-Band Authentication. There has been a lot of discussion about Multi-factor Authentication but little attention has been spent on the aspects of authentication. Non-Linear Authentication SM is, in its own right, a new aspect of authentication and by default exhibits characteristics from many other techniques. This is due in part by the nature of Non-Linear Authentication SM and in part to the powerful way in which MSK Security has implemented it. Many security systems and techniques have failed not because of security but because of usability. From the End-Users perspective, using the security token is no more difficult than the current username/password combination and in some respects (especially across multiple enabled systems) is considerably easier. Two-factor Authentication There are only three possible factors for authentication, something you know, something you have and something you are: 1. Something you know such as a Password, Image, Pattern, Answers to questions are just forms of single-factor authentications. 2. Something you have such as Unique Client Programs, OTP Tokens, Computer hardware, Smart Cards and Keys would also be considered single-factor unless you combine it with something you know. Something you have by its self is still stronger than just something you know. 3. Something you are (the strongest single factor for authentication) such as a Finger Print, Retina, DNA, Picture ID from a trusted source. 3/9/2010 Page 3 of 12 © Copyright 2010 MSK Security
  • 4. Non Linear Authentication SM What are aspects of authentication? The aspect of authentication is a high level implementation of authentication. It answers the questions “Who has to authenticate?” “Who is trusted?” “How are credentials transmitted?” “What factors of authentication are going to be used?” Almost all websites use single factor unidirectional authentication. Bidirectional Authentication Bidirectional authentication is where the service authenticates to the end- user and the end-user authenticates to the service. This has been implemented by displaying a secrete pass-phrase or picture on the webpage after the end-user puts in their username but before they enter their password. Bidirectional Authentication is an aspect of authentication. User Server/Service Out-of-Band Authentication Out-of-Band Authentication is where part of the communication with a service is done outside the line of communication. This has been implemented by sending an email or making a phone call with a password when the end-user attempts to login. Out-of-Band Authentication is an aspect of authentication. User Server/Service E-mail/Phone 3/9/2010 Page 4 of 12 © Copyright 2010 MSK Security
  • 5. Non Linear Authentication SM Non-Linear Authentication SM Non-Linear Authentication SM has three players the End-User, the Service or (an agency’s internal network and business applications) and the Authentication-Service or (Auth Server). Non-Linear Authentication SM is where both the End-User and the Service have to authenticate to the Auth Server. The End-User first picks a Service to login to; the Service then authenticates itself to the Auth Server; next the End-User authenticates to the Auth Server; finally the End-User logs in and it is at this point that the Service checks independently with the Auth Server to see if the End-User has authenticated. This is also the point at which the End-Users receive their access rights. Linear Authentication User Server/Service User Authentication Server/Service server/service Server/Service1 User Authentication server/service Server/Service 2 Server/Service 3 Non-Linear Authentication SM Server User 1 Out-of-Band Credentials Server Server 3 2 Authentication server/service Secure Information 3/9/2010 Page 5 of 12 © Copyright 2010 MSK Security
  • 6. Non Linear Authentication SM How the MSK Digital IDTM Works All businesses and agencies have sensitive data and must simultaneously protect it and provide access to it. To effectively do this, a proven system for user authentication is required. The ideal system provides top-level security with cost-effective deployment and maintenance as well as ease of use. MSK offers identity and access management solutions that meet these requirements. MSK delivers enterprise-grade user authentication that is more powerful than existing PKI technologies without the complexity, overhead and risk associated with these solutions that require key management and storage. To deliver powerful authentication with minimal overhead, MSK takes the proven two-factor method to a new level of ease of use and security. MSK also adds another level of security by having users’ authentication done directly between the smart security token and the authentication server. This direct connection allows the token to have Bi- directional authentication and Out-of-Band authentication at the same time. Example: Banking Site Login Bi-Directional Authentication First Factor Something you know Second Factor Something you have Second Factor If you are not on an authorized PC 3/9/2010 Page 6 of 12 © Copyright 2010 MSK Security
  • 7. Non Linear Authentication SM Transactional Verification for Banking Account where funds are coming from Amount and where the funds are going Payment processing Digital Signatures 3/9/2010 Page 7 of 12 © Copyright 2010 MSK Security
  • 8. Non Linear Authentication SM HASP (Hardware Against Software Piracy) MSK Digital ID™ has an optional HASP feature that allows Software on Demand from a specific machine or a pre determined network of machines; this guarantees the highest level of controlled access. Users can be limited to a specific machine or group of machines preventing password sharing. All of this is accomplished without the need to install cumbersome software or hardware. - Provides a better way to meet compliance - Enables more control over use of service - Ensures controlled access to sensitive data From the Point of Authentication: Data Protection: Unauthorized Users: • Phishing • Man-in-the-Middle • Key Loggers • Password Sharing MSK Security will protect you from all of these attacks. Insider Threats: • Audit Trails • Identity and Access Management MSK Web Management TM solution includes full audit trails granular to any machine that attempts to login. The solution includes a single point provisioning and single click removal or de-provisioning. System Protection: Injection attacks: • SQL-Injection • Cross-site-scripting Injections into the Buffer fields like (username and password fields) can damage a system. MSK removes the buffer fields; this reduction of the attack surface eliminates injection attacks. 3/9/2010 Page 8 of 12 © Copyright 2010 MSK Security
  • 9. Non Linear Authentication SM MSK Digital IDTM Smart Token – System requirements The Security Token runs under Microsoft .NET Framework v1.1.4322 and above. The .NET Framework is included on Windows XP service pack 2 and is part of the OS for Windows Vista and Windows 7. The MSK Security Smart Token requires no installation it is a stand alone executable that will just run if double clicked. Fully testing has been done on Window 2000, Windows XP, Windows Vista, Windows 7 and Windows 2003 Server. The Security Token will recognize Fire Fox 2.0 and earlier; the most common implementation is under Internet Explorer 5.0 and above this includes the latest version of Internet Explorer 8.0 Testing has also include MAC computers running Virtualized versions of the Windows OS. Implementation There are two way to implement MSK Digital ID first is our SAAS model second is a self hosted model. Our SAAS model has only a small a per-set license. The self hosted model will require a Secure MSK Security Authentication Server and will require Branded Smart Tokens that will only communicate with the self hosted Authentication Server. The requirements of the physical server are Windows 2003 Server other requirement will vary depending on implementation (Firewalls, Proxies, Monitoring Services, Secure Hosting Services i.e. SAS 70 Datacenter). Our SAAS (Software-As-A-Service) model is by far the most robust and is the far less costly option. Traditional two factor solutions require distribution and life cycle management of expensive hardware tokens that need to be synchronized with expensive on premise authentication servers that require expensive on premise maintenance. Distribution of the MSK Security Smart Token is quick and easy. The MSK Web Management TM system is included as part of the service not an extra piece of software that needs to be installed and maintained or licensed. The optional HASP (Hardware Against Software Piracy) feature is included as part of the offering. The Smart Tokens can be married to 1 or more computers preventing them from being used on non-authorized computers. Scalability is quick and limitless. With traditional systems this process can be very painful and expensive. 3/9/2010 Page 9 of 12 © Copyright 2010 MSK Security
  • 10. Non Linear Authentication SM Proven technologies and best practices Proven technologies included with the system are as fallows • 128-bit SSL (Secure Socket Layer) • 256 or 512-bit SHA (Secure Hash Algorithm) • One time only Salted SHA (Random Data added to a Hash to prevent Rainbow table collision attacks) • .NET (Managed Software Framework that is keep up-to-date) • SQL (Structured Query Language) used for high performance data management • Windows Server 2003 • SAS 70 Type II Data Center 3/9/2010 Page 10 of 12 © Copyright 2010 MSK Security