Scribd
Upload
164 views2 pages

DS3+ +Authentication+Regulations+Guidelines+Compliance

DS3 authentication server provides End-to-End Security for passwords and highly sensitive information to secure electronic transactions. It has received certification for RSA Secured(r) Partner Program, Mastercard EMV CAP AA4C and (as first) OATH program for both HOTP and TOTP server profiles. The combination of power and flexibility reduces implementation risks and decreases the Total Cost of Ownership (TCO)

Uploaded by

Prakash India
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
164 views2 pages

DS3+ +Authentication+Regulations+Guidelines+Compliance

DS3 authentication server provides End-to-End Security for passwords and highly sensitive information to secure electronic transactions. It has received certification for RSA Secured(r) Partner Program, Mastercard EMV CAP AA4C and (as first) OATH program for both HOTP and TOTP server profiles. The combination of power and flexibility reduces implementation risks and decreases the Total Cost of Ownership (TCO)

Uploaded by

Prakash India
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Key Features of DS3 Authentication Server: Choice of strong authentication vendor mix for lowest Total Cost of Ownership

p Multi-factor authentication for privileged users End-to-end encryption for sensitive data FIPS-140 Level 3 certified HSM to perform cryptographic operations High Availability, high performance and scalability

Overview
The DS3 Authentication Server has a proven track record in staying ahead of technological innovations and trends. It has received certification for RSA Secured Partner Program, Mastercard EMV CAP AA4C and (as first) OATH program for both HOTP and TOTP server profiles. (Also supporting OCRA) The DS3 Authentication Server is a full fledged authentication security solution in an appliance (also available under VMWare), providing End-to-End Security for passwords and highly sensitive information to secure electronic transactions. It is a high security and high performance system that has the ability to support millions of users with different types of authentication methods and different types of tokens. The combination of power and flexibility reduces implementation risks and decreases the Total Cost of Ownership (TCO).

Compliance: The Need for Security


Increase of Threats
Cyber threats such as credit card fraud, identity theft and data breach have risen as an increasing number of people are going online to conduct financial transactions. Millions of people all over the world have been affected. People have become a constant target for cyber criminals who use spyware, key loggers, botnets, Trojans, phishing, pharming, shortened web addresses and even social media.

Token Agnostic Approach The multi-authentication, multivendor, multidomain and multi-token agnostic approach assures: - Lower Total Cost of Ownership (TCO) - Freedom of vendor token selection - Flexibility in deployment and migration There is no lock-in to any token vendor, giving the flexibility of deploying and switching tokens on your demand, while maintaining a good balance among costs, convenience and risks.

Regulations and Guidelines


In order to counter this, several countries and industry organizations have taken the lead to safeguard customers and to help businesses through regulations and guidelines. - The Monetary Authority of Singapore has published their Internet Banking and Technology Risk Management Guidelines (IBTRM) which are considered to be the most stringent in the world - T he worlds leading card brands collaborated to create an industry-wide framework known as the Payment Card Industry (PCI) Data Security Standard (DSS), a set of best practices designed to secure credit card data throughout the information lifecycle for storing, processing and transmitting cardholder data.

Strong Authentication Choice


A large variety of methods are supported - including: Vasco/DIGIPASS, RSA/SecurID tokens All OATH OTP tokens (HOTP TOTP - OCRA) USB key tokens - including hybrid tokens (OTP & PKI) EMV CAP tokens (Mastercard EMV-CAP / PLA - 4AAC) PKI X.509 tokens (using any CA or the embedded CA) SMS One Time Password (logon and transaction) Mobile phone (iPhone, Android, BlackBerry, J2ME) Scratch and matrix cards PIN TAN lists Micro SD cards Flexible OTP display cards And also one-factor authentication: Static password authentication Partial Password authentication

DS3 Authentication Server Compliance


The DS3 authentication server is compliant with both IBTRM and PCI DSS, which should be seen as an insurance policy, protecting your business from the financial costs of failing to secure identity and transaction data. With DS3, you can be assured that our solutions can be part of your IT investment to achieve industry guidelines, regulations and compliance.

Copyright DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] - All rights reserved

Features
Defense against Man-In-the-Middle Attacks
The DS3 Authentication Server supports the following mechanisms to defend against MITMA attacks: SMS Out-Of-Band Transaction Signing VASCO token signing OATH OCRA transaction signing (coming soon) EMV CAP Mode 1 transaction signing The Out-Of-Band authorization via SMS Transaction

High Availability and Scalability


High Availability architecture is available with two Production and two Disaster Recovery servers. Th i s can be further scaled horizontally up to 12 servers in an active-active cross site architecture to deliver up to 99.999% availability. In compliance with: MAS IBTRM Guidelines addressed Section 4.3

Comprehensive ID-Management
The DS3 Authentication Server is able to enforce strong ID management for administrator and non-administrator accounts including: ID Creation/Modification/Deletion Password locking / resets / force change Inactivity lockout Password policy enforcement Each user is managed by a unique UserID having a set of authentication access controls assigned to him. In compliance with: PCI DSS Requirements addressed Section 8.1 and 8.5

signing is achieved by transmitting an SMS message to the


users pre-registered mobile number containing the the transaction-signing transaction details ad n au th orization code to be entered in order to confirm the transaction.

Strong Authentication for Critical Systems


The DS3 Authentication Server can be used and integrated with to enforce strong authentication for critical systems such as: Windows Servers (via GINA) Linux, UNIX Servers (via PAM) Citrix Servers (via RADIUS) VPN (via RADIUS) Tivoli suite: TAMeb, TAM esso, iTIM, TFIM In compliance with: MAS IBTRM Guidelines addressed Section 4.4 PCI DSS Requirements addressed Section 8 & Section 1c

Summary
The DS3 Authentication Server is a complete Authentication Security solution in an appliance (also available under VMWare), which has received certifications from industry leaders and incorporates some of the best practices employed in the industry. By effectively addressing industry guidelines and requirements, DS3 can help your organization achieve compliance in a timely and cost-effective manner. At the same time offering the freedom of choice of authentication method and token vendor a lower total cost of ownership can be achieved.

End-to-End Encryption HSM FIPS-140 PKI


Securing End-To-End Encryption (E2EE) for PINs, passwords, transactions and other customer information is ensured by providing the necessary Java Script / Applet for the frontend and backend HSM cryptographic operations. In order to perform secure cryptographic operations, the DS3 Authentication Server can embed a FIPS-140 Level 3 certified HSM. Additionally transparent key management features allow f i n a n c i a l i n s t i t u t i o n s to generate, use and renew keys without any key information ever leaving the appliance. EAP-TLS PKI certificates can be issued t o support strong authentication services via 802.1X. In compliance with: MAS IBTRM Guidelines addressed Section 4.1 PCI DSS Requirements addressed Section 4.1 and 8.4

Singapore Headquarters
Tel: +65-6479-5688 Email: [email protected]

North Americas
Tel: +1-408-834-4430 Email: [email protected]

Japan
Tel: +81-3-5829-9757 Email: [email protected]

Middle East
Tel: +971-50-519-4873 Email: [email protected]

Europe
Tel: +32-478-34-99-15 Email: [email protected]

India
Tel: +91-981-968-5840 Email: [email protected]

Copyright DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] - All rights reserved

You might also like