Authentication Server

ActivID® Authentication-Appliance

HID Global’s ActivID® Authentication Appliance is used worldwide to secure access to critical infrastructure and data so organizations can stay ahead of an ever-changing threat landscape without disrupting user workflow and productivity. The solution is easy to deploy, and helps achieve compliance with industry mandates, policies and guidelines.

The solution is ideal for:

• Medium to large organizations seeking to reduce costs by deploying a single platform that enables users to connect securely from any location, at any time, via their preferred device
• Providers of multi-tenant authentication and/or cloud based services, enabling different user communities and/or lines of business on a single platform
• Organizations securing mobile employee remote access to networks and applications behind the firewall and in the cloud
• Governments, banks and healthcare providers securing access to online services for citizens, customers and patients

The ActivID Authentication Server supports multi-factor authentication with all leading mobile phones and tablets, and provides a flexible platform that can grow with changing needs. Built-in support for open protocols ensures that it can be easily integrated into any enterprise infrastructure, cloud based service and/or internet banking engine. It also supports advanced capabilities, such as the HID Approve™ app that enables mobile-based, out-of-band transaction verification. This feature leverages the mobile device “push” notification capability, and ActivID Threat Detection Service that transparently protects online transactions from a wide range of threats, including Trojan and man-in-the-browser (MitB) attacks.

Available as a virtual appliance or as hardware, the ActivID Appliance strikes the perfect balance between security, flexibility, cost and convenience.

The ActivID® Authentication Appliance is the leading choice for organizations seeking a simple to deploy versatile multi-factor authentication engine.

• Genuine HID® credentials supported by the Authentication Server include the ActivID OTP Tokens, ActivID DisplayCards, ActivID ActivKey SIM, ActivID Web Token, ActivID PC Token, ActivID Mobile tokens for iOS, Blackberry and Android, Crescendo cards and pivCLASS® cards.
• Provides ‘Out the box’ integration with the ActivID Threat Detection Service
• Supports third-party tokens compliant with the OATH and EMV CAP algorithms
• Validation of transaction signatures generated using OATH OCRA, EMV CAP, ActivID SKI and PKI credentials
• Out of band transaction verification
• HID Approve that provides convenient mobile-based, out-of-band transaction verification, leveraging the mobile device push notification capabilities

Versatile: Supports a full range of multi-factor authentication methods include Device ID, hardware and software based One Time Password (OTP) tokens, PKI credentials, Out of Band (Mobile Push Notification, SMS or email) codes, and static credentials such as passwords, PINs and questions & answers.

Configurable: Supports different policies by authentication method, user group and access channel.

Interoperable: A full Web services based API, plus native support for SAML 2.0, RADIUS.

Resilient: Redundant failover, enabling a pair of appliances to provide a highly available service, capable of scaling to hundreds of thousands of users.

Ergonomics Authentication Server (EAS)

Easy Integration into existing environments

The strong authentication of end users requires a robust and scalable solution. These are key features of the Ergonomics Authentication Server (EAS). The support of multiple authentication methods is required – in particular in the e- and m-banking environment – to fulfill a multitude of end-user scenarios. Flexible communication interfaces and standardized administration interfaces complement the feature list. Please find some of the key features below:

Supported authentication methods:

• mTAN/SMS
• E-Mail OTP
• VASCO Digipass
• RSA SecurID
• CrontoSign/PhotoTAN
• EMV-CAP
• Client certificates (X.509, SuisseID, etc.)
• Swisscom MobileID-Tokens

User management/IAM:

• User-, token- and user roles management
• Reporting engine
• Password policy enforcement

Communication interfaces:

• Web application
• RADIUS
• XML/SOAP
• REST
• EAP/TLS 802.1X

The EAS also supports user self-service interfaces.

Depending on the selected authentication methods, the necessary administrative functions for key management and reference data import are provided. Sensitive date can be protected in a High Security Module (HSM).

The drawing below presents an overview on the Ergonomics Authentication Server.

More information