4TRESS Authentication Server

Secure, multi-channel customer authentication

4TRESS™ Authentication Server enables financial institutions, managed service providers, and other organizations to support a wide range of authentication methods, building customer confidence in online transactions, increasing security, and reducing costs. Whether interested in one time password tokens or smart cards, static passwords or Q&A, 4TRESS Authentication Server provides a highly scalable, secure, centralized authentication server with the capability to manage a wide range of user credentials.

Key Features

Wide range of authentication methods

• ActivIdentiy or OATH-based one-time password (OTP) authentication
• EMV™ CAP/DPA card based authentication
• Static secrets, in full or partial mode, including passwords, PINs, and secret questions.
• Pluggable framework enables easy extensibility to new authentication methods such as mobile OTP and voice biometrics.

Comprehensive management tools

• Support for a wide range of authentication methods plus easy adoption of new methods enables organizations to consolidate multiple physical methods into a single logical authentication model within a Service Oriented Architecture.
• Full lifecycle management of user credentials and physical devices.
• All authentication and administration actions are recorded within a centralized, digitally-signed audit log.
• Web self-service tools including token/ card activation, PIN reset and password maintenance.
• Multiple service channel support (Web, IVR, ATM etc.) using a single authentication platform.

Rapid deployment capabilities

• 4TRESS Authentication Server can be deployed on a variety of platforms.
• All 4TRESS Authentication Server functions are exposed through a standards-based public API that can be accessed via SOAP for easy integration to a wide range of environments.

View a Flash feature tour

Benefits

Consistent authentication

Enables a consistent customer verification model to be implemented across various service channels.

Ease of management

Supports multiple concurrent authentication methods enabling an organization to implement an appropriate level of security for different user groups and the phased migration of users between authentication models.

Scalable resilient architecture

Scales to support large customer bases, e.g. retail banking, and provides the high availability required for customer-facing systems.

Ease of deployment

Streamlines integration with existing and future applications through industry standard technologies and interfaces. 4TRESS Authentication Server also provides a browser-based user interface that requires no client installation.

Return on investment

Consolidate multiple authentication servers across separate business units or subsidiaries into a single solution. In addition, web based self-service functions such as card activation and token unlock reduces operational cost of administering strong authentication.

Technical Specifications

Operating systems

• IBM® AIX® 5.3
• Redhat® Enterprise Linux® 5

Hardware

• IBM pSeries® System p5 Servers
• Optional: nCipher® Hardware Security Module (nShield™ and payShield™ for EMV)

Application server

• IBM WebSphere® Application Server v6.0.x
• JBOSS® Application Server

Database server

• Oracle® 9i, 10.2.0.1, and 10g Express

Devices

• ActivIdentity Solo Reader
• ActivIdentity OTP Tokens
• ActivIdentity DisplayCard®
• Any hardware or software tokens compliant with OATH HOTP algorithm
• OATH compliant software tokens for mobile phones
• CAP/DPA compliant EMV smart cards

Authentication schemes

• One-time passwords (ActivIdentity & OATH one-time passwords)
• PIN verification
• EMV authentication using ActivIdentity Solo Reader compatible with the MasterCard® CAP and VISA® DPA algorithms
• Static passwords (e.g. username / password logins)
• Question and answer

Administration features

Password management

• Self reset
• Auto generation
• Secure PIN mailer
• Help desk change/reset
• Set up

Device management

• Synchronise
• Unlock
• Assign/unassign
• Import

Credential management

• Status (enable/disable)
• Channel specific usage policies
• Usage statistics
• Maintains validity periods

User and permission management

• User and user group management
• Role management
• User / role / group permission management

Secure audit

• Digitally signed tamper-evident log
• Audit log queries
• Online audit verification
• Archive and purge

Event reporting

ActivIdentity 4TRESS Authentication Server can report application level events using the following mechanisms:

• Log file entries
• SMNP notifications
• JMX™ messaging

Any enterprise management tool that is compatible with these formats can be used to monitor the ActivIdentity 4TRESS Authentication Server system.

Standards compliance

• Sun J2EE™
• Java RMI and SOAPv1.1
• OATH HOTP
• MasterCard EMV™ CAP approved
• VISA DPA compliant
• FIPS140-2 level 3 for protection of credentials in storage & data signing

Integration

• Java RMI
• Sun Java™, C and C#
• SOAP clients (available for Sun Solaris™, Windows®, AIX, Redhat Linux, SUSE™ Linux)

Encryption information

• Protects cryptographic keys using HSM
• Triple DES encryption / decryption of secrets
• Database row level signing
• Audit log record signing

Authorization

• Management and application of transaction authorization policies
• Service channel and authentication method specific authorization

Authentication Products

• ActivClient
• 4TRESS
• 4TRESS Authentication Server
• 4TRESS AAA Server for Remote Access
• 4TRESS Authentication SDK

See how your organization can support a wide range of authentication methods
View the tour

Datasheet (PDF)

• 4TRESS Authentication Server

Related Products

• ActivKey Tokens
• Solo Reader

Related Solutions

• Strong Authentication
• Strong Authentication for Banking
• Device and Credential Management
• Secure Information and Transactions