OTP Authentication Systems

Get the security your financial institution needs

OTP Services for financial institutions:

The value of an institution depends significantly on the way critical communications, transactions, and sensitive data is managed. Stable regulation of access to information networks is the cornerstone of the trust relationship necessary to conduct successful operations in a climate of contemporary commerce, exchange and management.

If you are a smaller bank or financial institution, you have seen the security keys offered by HSBC and the other top banks to their clients and wonder how can you take your institution to that level of security, branding and sophistication with the resources and IT team you currently have, we have the answer in hand. We work closely with the world’s largest manufacturer of security devices for financial institutions, and can help you in every step, from consultancy, to complete deployment of the full solution (authentication servers, white-label branding, providing the security keys themselves, and interfacing with your current systems).

We understand that corporate customers have different needs and require an individual approach. We can guide you through (or fully develop for you) in every step of the process, ranging from a complete turn-key solution, to acting as a consultant to your internal IT team. In a complete turn-key solution we even design the packaging, customize the security keys with your logo, brand colors and even firmware, we install and deploy the authentication servers, and write the code to interface with your current systems. Again, every corporate customer has different needs.

Security Keys
Custom Security Key with Logo and custom branded packaging
Packaging Details
Previous
Next
OTP Services

We take pride of providing the highest level of OTP service in the following areas:

Integration Support

To ensure ease and simplicity of the two-factor authentication integration process, we provide comprehensive integration support.

Branding

We can customize every product based on your brand. Selecting the colors, adding your logo to the devices, and even modifying the firmware to add your brand to the token as it starts.

Individual Approach

Our team will take care of your needs as if we were part of your own IT team. Our goal is to provide such personalized attention that you will feel we work exclusively for you.

CASE STUDY
Big Data Services

Dynamically innovate resource-leveling customer service for state of the art customer service.

CASE STUDY
Business Intelligent

Nanotechnology immersion along the information highway will close the loop on focusing solely

Consultation Services

To engage with us, you do not have to order our OTP services or buy our security keys. webzoneUS provides consulting services pertaining to creating reliable authentication systems. We provide ongoing consulting services at no additional cost for our current and future customers. If you would like us to take a look at the efficiency of your existing systems feel free to contact us and we will provide you with a side by side analysis, demonstrating the efficacy of the innovative solutions we provide.

“When you commit to working with webzoneUS, I will personally oversee your project. I’m committed to provide the best service possible to your company.”

Omar Cabrera – President of webzoneUS

Interested in our OTP Authentication Server? Read on.

The fixed username and password schemes that proliferate across a vast majority of servers, websites, and networks are largely ornamental and provide little to no defense against the highly advanced and specialized tools wielded by modern cyber criminals. In addition to their susceptibility to being misplaced, misused, lost, guessed, or stolen. Dynamic One time password (OTP) technology is a proactive measure that institutions can adopt to quell the danger of the threat posed through this inherent weakness. OTP functions on the basis of a constantly regenerated numeric password sequence stored on a hardware token distributed to end users; a unique password is created and subsequently entered to gain secure access at each log-in.

Our OTP Authentication Server is engineered to comply meticulously with the stipulations set forth by the initiative for open authentication (OATH) consortium, a group which unites the foremost industry experts and specialists in the field of strong authentication and determines standards ensuring easy integration and mutual interoperability of products offerings by participating members. As such our OTP Authentication Server can be used seamlessly with any products certified according to the OATH criteria making it a highly adaptable back end server solution.

When used in conjunction with components of our family of OTP products, our OTP Authentication Server delivers a complete linear solution which streamlines all authentication procedures from deployment to provisioning and maintenance; significantly reducing IT overhead expenses. We are able to deploy in-house, at your institution, a multi-channel identity verification system which can simultaneously validate the user to a server and vice versa. Moreover, our OTP Server can establish a highly secure communication environment by providing digital signatures for web based transactions.

Within the system the process of token integration can be simple and intuitive. Typically there are three integration methods:

  •     Using existing Radius protocol on the application server to install authentication agents
  •     Integrate directly with authentication agents
  •     SDK interface integration

Essentially our OTP Authentication Server is comprised of three main components:

  •     Authentication server
  •     Management tool
  •     Authentication agent

Supplementary parts are the OTP server database management system, the SDK interface for customization and the end user OTP hardware tokens.

The authentication agent functions as a bridge between the authentication server and an application server. When an end-user logs in the application server, an authentication request is sent and a result received from the authentication server through the agent in order to decide whether the request is valid. The authentication agent is not necessary in every deployment scenario; applications integrated through Radius have no need for an agent.

The management tool has an easy-to-use web interface to provide remote management and maintenance of end-users, OTP token, authentication servers, authentication agents and log information from the database. The database management system is the foundation of the OTP Server Authentication System containing most of the system data. Database management system can be chosen according to the specific demands of the client.

Benefits and Features of our OTP Authentication Server

Benefits:

Supports a Wide Range Of Platforms
OTP Authentication Server can integrate smoothly into all major operating systems and support multiple databases with ODBC or other specific interface connection. The system also maintains full set development interfaces in various programming languages.

Centralized System Management
The web base management tool provides for secure remote management. Administrating a host of flexible settings is regulated through central authentication for networks or computer operating systems. Support multiple authentication services with different authentication settings on one computer.

Proven Track Record For Large Scale Deployments
Our system handles load balancing for multi-authentication services with a concurrent service rate which can execute thousands of authentication per second and support more than ten million end-users. The system was engineered for cooperability with various authentication agents.

Enhanced The Security Of Application Servers
Dynamic passwords are randomly generated unique numeric sequences used as log-in credentials. Use of dynamic passwords can prevent threats like replay, peep or monitoring. Fixed password can be used together with dynamic passwords to form two-factor authentication.

Our System Supports The Entire Suite of OTP Hardware Tokens by the largest manufacturer in the world
With our OTP Authentication System as a stable back end foundation, users can adopt the hardware solution that best fulfills their specific demand. OTP c300 token is improved by PIN protected access, both the challenge code and time-factor component are necessary to initiate a challenge-response dynamic password or transaction signature. End-users can choose to cross validate an application server and vice versa, preventing leakage of sensitive personal data.

Features:

Automatic Synchronization
The authentication server has the flexible feature to automatically synchronize a token during authentication if the token is found to be out-of-sync.

Multiple Token Supports
As for hardware tokens, the system supports event-based OTP c100, time-based OTP c200, challenge-response OTP c300 and event-based-and-PKI-combined OTP c400 tokens as well as mobile OTP tokens based on event, time or challenge-response.

Multiple Authentication Methods

  •  Single dynamic password authentication – suitable for application that do not requires high security
  •  Static and dynamic password authentication can be employed together to log into application server. This method is commonly used to bring secure authentication of current application server to the next level
  • Challenge-response authentication method for application server with high security requirements. This method is slightly more tedious and authentication process involves more steps. However, it provides higher security and more interaction
  • Mutual authentication method against fake application server. End-users, before proving their personal information, can verify the real application server.
  • Transaction signature authentication method for application server to authenticate high value critical transactions. This is to ensure these transactions are indeed made by the end-user who claims to be.  

RADIUS Server Support
According to pre-configured settings, the authentication server can send authentication request to a designated RADIUS server and collect authentication result to send back to the application server

High Performance
The authentication server supports more than ten million concurrent end-users, and single server can reach concurrent processing rate of 3000 times per second.

Multiple Algorithms

  •  HOTP algorithm from OATH
  •  TOTP algorithm from OATH
  •  OCRA algorithm from OATH
  •  SM3 algorithm from National Security Standard

Prevention of Dictionary Attack
The authentication server is able to detect that a particular end-user has executed a number of failed authentication (configurable retry counter), it will lock out that end-user. During this account locked period, the authentication server will refuse any authentication request submitted by this end-user until the account is unlocked and reset to operational state. This is an effective prevention for dictionary attacks.

Prevention of Denial-of-Service Attack
The authentication server will delay sending a failed authentication result, which effectively prevents denial-of-service attacks.

Related Projects

Case Study: MD Anderson

Web Development/

Case Study: PGSI

Web Development/

Case Study: Bestcare Laboratory

Web Development/

en_USEnglish
es_ESEspañol en_USEnglish