One-time Password (OTP) Strong Authentication

Delivering Strong Authentication for Cloud Applications

In an era of wide-spread hacks and breaches, ensuring secure access to enterprise and cloud applications is becoming mission-critical. Users inside the enterprise and in the cloud must be able to access applications regardless of time and place, without compromising security.

To ensure only authorized users log on to cloud applications, you need to go beyond authentication based on what you know (username and password), and add a second factor based on what you have: a one-time password. This will prevent unauthorized access to cloud resources, especially when users access the application from networks or locations outside your control. This is multi-factor strong authentication.

Strong Authentication

Multi-factor strong authentication can be provided in a number of ways:

Approach	Description
Hardware Token	Uses a dedicated device, such as an RSA® SecureID token. Complicated to install, configure, distribute and manage. Insecure - recently, RSA suffered a breach and their customers had to struggle to replace all their tokens. Typically configured for a single application, which limits usefulness when you are deploying multiple cloud applications using multiple service providers.
Software Token	Based on something your user (employee, contractor, customer, business partner, etc.) probably already has. Low management overhead – doesn’t require you to purchase, distribute and manage multiple single-use hardware devices. Flexible – can be delivered through multiple channels: smart phone app, SMS text message, email, IM, Skype, etc. Secure – service provider doesn’t hold seeds that can be compromised.
Biometrics	Uses physical characteristic (iris, fingerprint, voiceprint, etc.) of the user. High overhead – expensive to deploy, configure and maintain. Limited portability. Inflexible – typically linked to a single application or entry point.

Meet Regulatory Requirements

Depending on your industry segment, government and industry-specific regulations may require you to improve security and privacy protections by adding strong authentication to your systems. Examples include retail (PCI DSS), healthcare (HIPAA), financial services (FFIEC, GLBA), energy (NERC CIP) and more.

One Time Password Server Solution

The One Time Password Server from Nordic Edge (an Intel^® company) provides strong authentication to enterprise and cloud applications, employing user credentials and attributes from your enterprise identity repository.

The OTP solution supports a wide range of authentication methods, and different authentication methods can be used simultaneously. OTPs can be delivered to mobile devices, such as a smart phones using the Pledge client app, SMS (Flash or storable), email, IM, Skype, etc. Using a mobile phone for OTP provides greater flexibility and eliminates the cost, complexity and risks associated with single-purpose hardware OTP tokens.

Enterprise security policies may be enforced during authentication to control access based on identity attributes such as location, IP address, LDAP/AD group membership, and more.

Capabilities

• Enforce higher security for enterprise resources
• Efficient fraud detection and prevention
• Versatile authentication methods
• Flexible software token replaces dedicated hardware tokens