4TRESS Authentication SDK

Strong authentication engine for enabling secure remote banking

The 4TRESS Authentication Software Development Kit (SDK) is a highly scalable strong authentication engine designed to secure remote services, web access and e-business applications for bank and enterprise infrastructures. Based on industry standards, it allows banks to improve customer confidence while reducing major losses due to fraud.

Key Features

Secure remote banking

• Offers two-factor authentication, based on “something you have” (an authentication device) and “something you know” (a PIN).
• Allows financial institutions and organizations to securely identify and authenticate customers remotely from anywhere in the world.
• Allows online users to validate the identity of the web site they connect to, preventing “phishing” attacks.
• Allows bank customers to sign transactions, preventing man-in-the-middle attacks and enabling nonrepudiation for high-value funds transfer.

Secure multi-channel access

• Authentication engine available on major environments (from Microsoft® Windows® to Unix® and MVS), for easy integration into the organizations environment.
• Same authentication process can be easily integrated into multiple
  applications, such as web sites or phone application.

Large choice of authentication methods

• Offers authentication services with hardware tokens (with or without keypad), smart cards, USB tokens, mobile phones or PDAs.
• One-time password authentication based on patented three-variable algorithm— time, event counter and cryptographic key.
• Complies with strong authentication standards such as OATH (Open AuTHentication initiative) HOTP— capability to support EMV via extensions.

Device lifecycle management

• Manages the lifecycle of authentication devices, including personalization, initialization and maintenance.

Benefits

Highly scalable

• Modular design allows banks to meet the demand of millions of online users.
• Interfaces with popular e-commerce applications and channels with increased scalability and flexibility.

Rapid integration

• Effectively secures the organization’s networks through seamless integration with the existing infrastructure.
• Provides a flexible architecture design with minimal changes to the current environment.
• Successful systematic integration executes over very short project time frames.

Low total cost of ownership

• Compliance with financial standards, including OATH, ensures lower deployment costs.
• Rapid integration process leads to significant reductions in IT budget requirements.
• Ease of deployment results in major cost reductions.

Technical Specifications

Authentication SDK components

• C/C++ and Java APIs provide authentication and device management services, designed for integration into existing environments
• Device initialization tool: Windows based application to initialize ActivIdentity authentication devices

Security services

• Authentication services: User authentication, Server authentication, Message authentication / data certification
• Authentication modes: ActivIdentity synchronous one-time password, based on time and/or event counter and/or key derivation, X9.9 challenge / response, OATH HOTP one-time password, EMV support available via extensions
• PIN (Personal Identification Number) validation: PIN validation on the device (hardware tokens with keypad, smart cards or USB keys), PIN validation on the server (hardware tokens without keypad), Device / user locking after incorrect PIN entries
• Information representing the authentication devices managed via encrypted data blocks

Management Services

• Automatic device resynchronization performed at each synchronous authentication, reduces the need for help desk calls
• Manual device resynchronization
• Device unlock
• Device import – enables customers to easily and rapidly deploy pre-initialized hardware tokens to end-user
• Device initialization allows customers to control all device secret keys
• Device initialization offers custom configuration profiles, enabling devices with a specific set of authentication services and compliant with custom
  security policies

Authentication device options

• ActivIdentity Mini Token AE (ActivIdentity algorithm, event-based)
• ActivIdentity Mini Token AT (ActivIdentity algorithm, time and event-based)
• ActivIdentity Mini Token OE (OATH HOTP algorithm)
• ActivIdentity Keychain Token
• ActivIdentity Token
• ActivIdentity Pocket Token
• ActivIdentity Desktop Token
• ActivIdentity Smart Card (connected mode)
• ActivIdentity Smart Card with ActivIdentity Solo™ Reader (non-connected mode)
• ActivKey™
• ActivIdentity SoftToken for Pocket PC
• ActivIdentity SoftToken for Palm®
• ActivIdentity SoftToken for Java™ Phone

Compliance with industry standards

• Data Encryption Standard: DES, 3DES
• Challenge/response: ANSI X9.9
• Key management: ANSI X9.17
• One-time password: OATH HOTP

System requirements

APIs

• Microsoft® Windows™ 2000, Windows XP, Windows Server 2003
• Sun® Solaris™ 9 and 10 (32-bit and 64-bit)
• Red Hat® Enterprise Linux v4
• MVS
• Other operating systems available on demand – please contact ActivIdentity

 

• Device initialization tool - Windows 2000, Windows XP, Windows Server 2003
• Smart card / USB token software: ActivClient® or ActivCard Gold™

Authentication Products

• ActivClient
• 4TRESS
• 4TRESS Authentication Server
• 4TRESS AAA Server for Remote Access
• 4TRESS Authentication SDK

Datasheet (PDF)

• 4TRESS Authentication SDK

Related Products

• ActivClient
• ActivKey Tokens
• Solo Reader

Related Solutions

• Strong Authentication
• Strong Authentication for Banking
• Device and Credential Management
• Secure Information and Transactions