Strong authentication keeps your data safe by requiring users to provide both a username and a one-time password (OTP). These stronger access controls increase the level of access security to data, while providing real cost savings to your organization. Gemalto offers a range of OTP tokens, including the new Mobile OTP application, so you can choose the device that works best for your organization.

Some of the benefits that the Strong Authentication Service provides:

• Complete authentication and device management
• Complete on boarding and device fulfillment (hardware device or mobile app)
• Web based portal for device management
• Custom webstore for direct end user ordering and device fulfillment
• Easy to deploy – no network or infrastructure changes
• Reduced number of helpdesk calls for simple password reset
• No OTP device stock required to be stored, tracked and maintained
• No capital expenditures (CAPEX) for authentication server(s)
• Increase security and access control to your data
• Reduce cost through hosted service
• Industry leading strong authentication solutions to meet your business needs
• Strong authentication meets regulatory requirements
• Easy to integrate into existing infrastructure
• Easy to use, scale, and maintain

Protiva Strong Authentication Service includes the following elements to ensure an easy and simple deployment for your organization:

Complete OTP Credential Fulfillment – Gemalto provides all aspects of the OTP credential fulfillment process. This includes processing the end user order (and payment if needed), packaging the hardware token, shipping direct to end user or to corporate distribution point, provisioning of the OTP seed to the authentication server, and providing tracking information of the shipment.

For the Mobile OTP application, Gemalto provides a portal for users to be redirected to the appropriate download site based upon the type of smartphone being used (e.g., Apple App Store for iPhones).

Complete Authentication Management – Once the device is provisioned and the user activates the OTP credential, authentication resources will be ready for future access attempts. Once the user attempts to access an area of the network which requires strong authentication, the Gemalto agent on the RADIUS server will redirect the user to authenticate using their username and numeric code generated by the OTP device. Once verified the user will be granted access to appropriate resources.

Web API for flexible integration – Full web browser capabilities to easily integrate with existing web services and application architecture.

SAML 2.0 Federation – Full support for strong authentication to Google App via SAML 2.0 Federation.

Easy On Boarding – SA Server can easily be synced with leading identity store technology. This provides a simple process for provisioning and OTP seed and linking the device to the user’s identity profile.

Easy Billing and Licensing Models – Gemalto provides several billing and licensing models to meet your business needs. As part of the initial service definition, these options will be reviewed to see which option is best for your specific business.

Custom Webstore – Gemalto provides a simple way for users to request and in some cases pay for their OTP credential. The webstore can be generic or customized to maintain company brand. The level of customization will determine the cost of design service.

 

Gemalto provides two options for hosting authentication services. All are SAS 70 secure facilities and each customer has their own instance of Strong Authentication (SA) Server running in a secure domain. Based upon security requirements, the two hosting options are:

IaaS Provider – Gemalto will work with an IaaS (Infrastructure-as-a-Service) vendor (such as Amazon Web Services) to deploy SA Server. This economically efficient model leverages the availability and scalability of computing resources provided by IaaS vendors and provides the flexibility to select your IaaS vendor of choice. Gemalto recommended list of IaaS providers are all SAS 70 certified, providing a good solution to secure access from remote workers needing access to email.

Premier Datacenter – Gemalto will provide an instance of SA server within a premier datacenter resource and location. The premier datacenter option utilizes Gemalto’s vast experience working with financial institutions requiring the secure handling of account holder information. With multiple certifications, including Visa and MasterCard, this facility has the latest physical and logical security measures in place.

The premier datacenter option is best for companies that require the ability to pinpoint the exact resource where their data is being stored for audit, regulatory requirements or internal company policy.

To learn more about implementing strong authentication with the Protiva Strong Authentication Service, contact Gemalto.