TrustedX Adaptive Authentication
Adaptive Authentication Server for Web and Cloud environments:
- Strong authentication
- Phishing and pharming protection
- SaaS ready
- No impact on user experience
- No software download or install
- Mobile device ready
- Centralized control and auditing
- Layered security focus
An additional layer of security transparently assesses the authentication risk level by taking into account the user's profile, habits and biometrics. Users continue using their passwords. They are only prompted for other authentication methods when a certain risk threshold is exceeded, which means there is hardly any impact on the user experience.
- Direct integration
Quick and efficient start up in applications including Google Apps, Saleforce and the corporate Web portal thanks to the implementation of the common Web and Cloud environment protocols. SAML 2.0 and OAuth 2.0 are supported, which facilitates the federation of applications.
- Connection with repositories
The platform connects with repositories including LDAP and Microsoft AD, meaning no additional procedures for managing the identity and attributes are required. The platform acts as an identity provider. It increases the security in the authentication of the users and groups located in one or more repositories.
- Policy-based management
Management is based on policies that allow tailoring the authentication factors to each user group (employees, partners, clients, etc.) and application according to the trust level required in each case.
- Centralized control and auditing
The server supports managing single sign-on access control, responding quickly to security incidents and centralizing all the audit information, providing data on each authentication decision.
The authentication platform acts as an identity provider for the applications and enables customizing the authentication in each case using:
- Adaptive authentication policies, which form a highly configurable authentication workflow that can request an additional step (deployed OTPs, SMS, etc.) when a threshold of acceptable risk is exceeded.
- Context analysis policies, which analyse the user's device, location and connection habits to assess the risk of the authentication. Each policy is highly configurable and supports establishing which factors are considered and their weightings.
- Authentication method classification, which determines the security level reached in each authentication.
- Single sign-on (SSO), which streamlines the authentication of the users in multiple applications while respecting the security requirements.
- Intuitive server authentication, which safeguards users against phishing and pharming attacks and entails the users having to recognize a customized image in the authentication interface.
The following are the characteristics of the context analysis:
- TrustedX keeps a profile for each user. This profile is updated progressively and transparently after each access.In the interest of privacy, profiles can be abstracted from the explicit user identities.
- Users can explicitly register trusted devices.TrustedX can recognize the devices registered by a user and any other devices used by that user.
- TrustedX can recognize the user's keystroke dynamics, even for devices it has not been explicitly trained on. Keystroke dynamics is a biometric factor that does not affect the user experience.
- Network information can be used to obtain the geographic location of the user, recognize locations the user has previously visited and even check whether the user accessed with the same device from this location. It can even check if the user could have physically traveled between two consecutive access locations.
- The risk assessment of an authentication can be determinant if the user is required to pass a set of factors. Alternatively, the risk can be assessed globally using a weighted combination of several factors. Optional factors can be used to detect minor anomalies.
- An application is provided in which users can speed up the learning of some factors related to their authentication.
- To facilitate configuring policies in the pre-production stage, TrustedX can operate in observation mode without interfering in the usual authentication.
- The platform provides detailed reports and graphs on the authentication factors analyzed in each access, both for auditing purposes and for fine tuning the policies applied in each use case.
- The capture of all the context factors uses browser and server technologies that do not require applets or plug-ins or the installation of software in the user devices.
Applications can invoke authentication functionality using the SAML 2.0 (e.g., Google Apps and Salesforce) and OAuth 2.0 (adapted for mobile applications) protocols, both HTTP based. In each authentication response, TrustedX includes the identity attributes required for applications to establish their own sessions. The platform also supports the applications invoking the TrustedX signature and encryption services.
TrustedX acts as an agent between the user applications and the identity services. The applications use the OAuth 2.0 or SAML 2.0 protocols to invoke TrustedX. LDAP/AD, RADIUS and PKI identity services are supported.
The platform provides several strategies for integrating the authentication, which even includes participating in existing deployments:
- Standard, which uses TrustedX's end user authentication interface.
- Delegated graphical interface, which provides a user experience that is more harmonious with the applications.
- Externalized in other identity providers, which is complemented with TrustedX's adaptive authentication and SSO functionality.
- ◊ ISSE 2013 - Call for papers - Deadline extended
- ◊ Safelayer increases its international presence in 2012
- ◊ Paraguay adopts Safelayer's PKI technology for root certification authority
- ◊ Safelayer announces new functionality for its TrustedX e-signature platform
- ◊ Safelayer obtains UNE 166002:2006 certification