1 / 21

Mobile One-Time Password

Mobile One-Time Password. Member of group Focus on IT security software. About Changingtec. CA. Certification Authority. About Changingtec. Focus on networking security solution Develop complete networking security product line based on core PKI technology. RA. MSS. PKI Toolkits.

mateja
Download Presentation

Mobile One-Time Password

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile One-Time Password

  2. Member of group Focus on IT security software About Changingtec Page 2

  3. CA Certification Authority About Changingtec Focus on networking security solution Develop complete networking security product line based on core PKI technology RA MSS PKI Toolkits Mobile Security solution SS Registration authority Secure Server GuardKey VA Security USB Validation Authority MOTP Mobile one time password • Generate one time password by mobile. • Solving phishing、Trojan、website attack problem。 Page 3

  4. About Changing • Software developing experience for over 10 years. Best market share in Taiwan authentication market. • Banking 80% • Financing security 90% • Medical no.1 • Gaming no.1 Page 4

  5. Changing success case Ministry finance Electronics receipt system is developed and maintenance by Changingtec Page 5

  6. Page 6

  7. MOTPthe best information leakage prevention tool MOTP(Mobile One-Time Password) • 「one time password」or「dynamic password」;OTP is“not predictable、not reusable、not repeatable” . • Two factor authentication protect confidential information by higher security level. • What is two factor authentication? Page 7

  8. User known information User owned object MOTP two factor authentication • User log on • Input ID PW • Generate OTP by mobile/ OTP token • Input OTP • Press [log on] • Enter system Page 8

  9. MOTP system architecture Page 9

  10. Radius application (VPN, Citrix, firewall, UTM). IIS/Tomcat Filter (web server). Windows Log on. OWA (Outlook Web Access) Web Outlook Email. Customized ID/Pass webpage. Application Page 10

  11. Case study: VPN VPNlog on VPNserver MOTP Server 2 3 5 4 • generate OTP by OTP token,enter to SSL VPN log on screen (Web or client). • VPN Client transfer OTP to VPN server. • VPN server transfer OTP to MOTP server by Radius protocol. • MOTP server reply authentication result. • VPN server connect user to internal system. 1 OTPToken Page 11

  12. Web page • generate OTP by OTP token ,input into log on page. • Web system check PW and transfer OTP to MOTP server. • MOTP server reply authentication result and allow user log on. Web application system MOTP server 2 3 1 Case study: OTP token Page 12

  13. Web Filter Filter authentication MOTP server Confidential web page 2 3 4 1 • No need OTP authentication when browse generate webpage. • Connect confidential webpage, refer to OTP web filter. • MOTP server authenticate OTP before allow user browse confidential page. • Enter protected confidential webpage. General webpage Page 13

  14. Windows Logon Windows log on AD server MOTP server 2 3 5 4 1 • Generate OTP. Input in Windows log on screen. • MOTP Winlogon agent pass OTP to AD server for authentication. • FSDCProxy transfer OTP to MOTP server. • MOTP server reply authentication result. • FSDCProxy reply to user PC and allow user log on. Case study: OTP token Page 14

  15. Web Outlook 2 MOTP server 3 • Generate OTP by Token. Input Web Outlook log on screen. • OWA system authenticate PW and transfer OTP to MOTP server. • MOTP server reply weather OTP authentication is passed or not. 1 OTP Token Page 15

  16. Easyinstallation 1 installation 2 integration 3 registration 4 token installation 5 activation Set up server Build up system integration Register MOTP User 使用 使用者開始使用MOTP登入網頁 Download and install software token Activate MOTP User ID PW and OTP Page 16

  17. MOTPbenefit for MIS (IT manager) • Prevent information leakage. • Easy installation Easy maintenance. • Support role authority for lamination mgt. • Centralize in-out side access control by token management. • Audit Log. • Support HA (fail over). Page 17

  18. MOTP benefit for end user • No need to maintain ID PW periodically • One account can use multi-tokens • Support temperate account PW. • No need extra PW memorization • Various Token type optional Page 18

  19. MOTP support full range token • support full range token series: hardware, software token optional Page 19

  20. MOTP3.0 advantages: Page 20

  21. Thanks~ Please feel free to contact for any inquiry.

More Related