Upload
prakash-india
View
228
Download
0
Embed Size (px)
Citation preview
8/4/2019 DS3+ +Authentication+Regulations+Guidelines+Compliance
http://slidepdf.com/reader/full/ds3-authenticationregulationsguidelinescompliance 1/2
Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] - All rights reserved
Key Features of DS3 Authentication Server:
— Choice of strong authentication vendor mix forlowest Total Cost of Ownership
— Multi-factor authentication for privileged users
— End-to-end encryption for sensitive data
— FIPS-140 Level 3 certified HSM to
perform cryptographic operations
— High Availability, high performance
and scalability
Compliance: The Need for Security
Increase of Threats
Cyber threats such as credit card fraud, identity theft and
data breach have risen as an increasing number of people
are going online to conduct financial transactions. Millions
of people all over the world have been affected.
People have become a constant target for cyber criminals
who use spyware, key loggers, botnets, Trojans, phishing,
pharming, shortened web addresses and even social media.
Regulations and Guidelines
In order to counter this, several countries and industry
organizations have taken the lead to safeguard customers
and to help businesses through regulations and guidelines.
- The Monetary Authority of Singapore has published their
Internet Banking and Technology Risk Management
Guidelines (IBTRM) which are considered to be the most
stringent in the world
- The world’s leading card brands collaborated to create
an industry-wide framework known as the Payment Card
Industry (PCI) Data Security Standard (DSS), a set of best
practices designed to secure credit card data throughout
the information lifecycle for storing, processing and
transmitting cardholder data.
DS3 Authentication Server Compliance
The DS3 authentication server is compliant with both IBTRM
and PCI DSS, which should be seen as an insurance policy,
protecting your business from the financial costs of failing
to secure identity and transaction data.
With DS3, you can be assured that our solutions can be
part of your IT investment to achieve industry guidelines,
regulations and compliance.
Overview
The DS3 Authentication Server has a proven track recordin staying ahead of technological innovations and trends.
It has received certification for RSA Secured® Partner
Program, Mastercard EMV CAP AA4C and (as first)
OATH program for both HOTP and TOTP server prof iles.
(Also supporting OCRA)
The DS3 Authentication Server is a full fledged
authentication security solution in an appliance (also
available under VMWare®), providing End-to-End Security
for passwords and highly sensitive information to secure
electronic transactions. It is a high security and high
performance system that has the ability to support millions
of users with different types of authentication methods
and different types of tokens. The combination of power
and flexibility reduces implementation risks and decreases
the Total Cost of Ownership (TCO).
Token Agnostic Approach
The multi-authentication, multivendor, multi-
domain and multi-token agnostic approach
assures:- Lower Total Cost of Ownership (TCO)
- Freedom of vendor token selection
- Flexibility in deployment and migration
There is no lock-in to any token vendor, giving
the flexibility of deploying and switching
tokens on your demand, while maintaining a
good balance among costs, convenience and
risks.
Strong Authentication Choice
A large variety of methods are supported - including:
Vasco/DIGIPASS, RSA/SecurID tokens
All OATH OTP tokens (HOTP – TOTP - OCRA)
USB key tokens - including hybrid tokens (OTP & PKI)
EMV CAP tokens (Mastercard EMV-CAP / PLA - 4AAC)
PKI X.509 tokens (using any CA or the embedded CA)
SMS One Time Password (logon and transaction)
Mobile phone (iPhone, Android, BlackBerry, J2ME)
Scratch and matrix cards – PIN TAN lists
Micro SD cards
Flexible OTP display cards
And also one-factor authentication:
Static password authentication
Partial Password authentication
8/4/2019 DS3+ +Authentication+Regulations+Guidelines+Compliance
http://slidepdf.com/reader/full/ds3-authenticationregulationsguidelinescompliance 2/2
Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] All rights reserved
Features
Defense against Man-In-the-Middle Attacks
The DS3 Authentication Server supports the followingmechanisms to defend against MITMA attacks:
SMS Out-Of-Band Transaction Signing
VASCO token signing
OATH OCRA transaction signing (coming soon)
EMV CAP Mode 1 transaction signing
The Out-Of-Band authorization via SMS Transaction
signing is achieved by transmitting an SMS message to the
user’s pre-registered mobile number containing the
transaction details and the transaction-signing
au th or iz at io n c od e to be entered in order to confirm the
transaction.
Strong Authentication for Critical Systems
The DS3 Authentication Server can be used and integrated
with to enforce strong authentication for critical systems
such as:
Windows Servers (via GINA)
Linux, UNIX Servers (via PAM)
Citrix Servers (via RADIUS)
VPN (via RADIUS)
Tivoli suite: TAMeb, TAM esso, iTIM, TFIM
In compliance with:
MAS IBTRM Guidelines addressed Section 4.4
PCI DSS Requirements addressed Section 8 & Section 1c
End-to-End Encryption – HSM FIPS-140 – PKI
Securing End-To-End Encryption (E2EE) for PINs, passwords,
transactions and other customer information is ensured by
providing the necessary Java Script / Applet for the frontend
and backend HSM cryptographic operations.
In order to perform secure cryptographic operations, the DS3
Authentication Server can embed a FIPS-140 Level 3 certified
HSM.
Additionally transparent key management features allow
financial institutions to generate, use and renew
keys without any key information ever leaving the
appliance.
EAP-TLS PKI certificates can be issued to support strong
authentication services via 802.1X.
In compliance with:
MAS IBTRM Guidelines addressed Section 4.1
PCI DSS Requirements addressed Section 4.1 and 8.4
High Availability and Scalability
High Availability architecture is available with two Production
and two Disaster Recovery servers. This can be further
scaled horizontally up to 12 servers in an active-active cross
site architecture to deliver up to 99.999% availability.
In compliance with:
MAS IBTRM Guidelines addressed Section 4.3
Comprehensive ID-Management
The DS3 Authentication Server is able to enforce strong ID
management for administrator and non-administrator
accounts including:
ID Creation/Modif ication/Deletion
Password locking / resets / force change
Inactivity lockout
Password policy enforcement
Each user is managed by a unique UserID having a set of
authentication access controls assigned to him.
In compliance with:
PCI DSS Requirements addressed Section 8.1 and 8.5
Summary
The DS3 Authentication Server is a complete Authentication
Security solution in an appliance (also available under
VMWare®), which has received certifications from industry
leaders and incorporates some of the best practices
employed in the industry.
By effectively addressing industry guidelines and
requirements, DS3 can help your organization achieve
compliance in a timely and cost-effective manner. At the
same time offering the freedom of choice of authentication
method and token vendor a lower total cost of ownership canbe achieved.
Singapore Headquarters North Americas Tel: +65-6479-5688 Tel: +1-408-834-4430
Email: [email protected] Email: [email protected]
Japan Middle East
Tel: +81-3-5829-9757 Tel: +971-50-519-4873
Email: [email protected] Email: [email protected]
Europe India
Tel: +32-478-34-99-15 Tel: +91-981-968-5840
Email: [email protected] Email: [email protected]