Adaptive authentication and federation platform for Web and Cloud environments:
- Supports corporate, social-network and government authentication mechanisms
- Step-up authentication. Authentication trust level assessed and increased when required by the application
- Context information analysis. Enhances authentication security without affecting the user experience
- Identity federation trust management. Single access control between applications
- Authentication reporting system and for quick response to security problems reporting system for rapid response to security problems
- Identity provider
An additional layer of security transparently assesses the authentication risk level by taking into account the user's profile, habits and biometrics. Users continue using their passwords. They are only prompted for other authentication methods when a certain risk threshold is exceeded, which means there is hardly any impact on the user experience.
- Layered security
An additional layer of security transparently assesses the authentication risk level by taking into account the user's profile, habits and biometrics. Users continue using their identities. They are only prompted for an additional authentication step when a certain risk threshold is exceeded.
- Cloud Applications
Integrates the authentication control for Cloud applications such as Google Apps, Salesforce and Office 365 through the implementation of standard Web and Cloud protocols. SAML 2.0 and OAuth 2.0 / OpenID Connect are supported for the federation of applications.
- Centralized control and auditing
Authentication factors can be tailored to each user group (employees, collaborators, clients, etc.) and application. Single sign-on managed according to the required trust level. Quick response to security incidents.Centralization of all the audit information , from data provided on each authentication decision.
The authentication platform acts as an identity provider for the applications and enables customizing the authentication in each case using:
- Authentication flows, deploy highly configurable sequences of steps that adapt the behavior of authentication to the security requirements of each application, the user identity, the available authentication mechanisms and the connection context.
- Context analysis policies, which analyse the user's device, location and connection habits to assess the risk of the authentication. Each policy is highly configurable and supports establishing which factors are considered and their weightings.
- Authentication method classification, which determines the security level reached in each authentication.
- Single sign-on (SSO), which streamlines the authentication of the users in multiple applications while respecting the security requirements.
- Intuitive server authentication, which safeguards users against phishing and pharming attacks and entails the users having to recognize a customized image in the authentication interface.
The following are the characteristics of the context-aware authentication:
- TrustedX keeps a profile for each user. This profile is updated progressively and transparently after each access.In the interest of privacy, profiles can be abstracted from the explicit user identities.
- Users can explicitly register trusted devices.TrustedX can recognize the devices registered by a user and any other devices used by that user.
- TrustedX can recognize the user's keystroke dynamics, even for devices it has not been explicitly trained on. Keystroke dynamics is a biometric factor that does not affect the user experience.
- Network information can be used to obtain the geographic location of the user, recognize locations the user has previously visited and even check whether the user accessed with the same device from this location. It can even check if the user could have physically traveled between two consecutive access locations.
- The risk assessment of an authentication can be determinant if the user is required to pass a set of factors. Alternatively, the risk can be assessed globally using a weighted combination of several factors. Optional factors can be used to detect minor anomalies.
- An application is provided in which users can speed up the learning of some factors related to their authentication.
- To facilitate configuring policies in the pre-production stage, TrustedX can operate in observation mode without interfering in the usual authentication.
- The platform provides detailed reports and graphs on the authentication factors analyzed in each access, both for auditing purposes and for fine tuning the policies applied in each use case.
- The capture of all the context-aware authentication factors uses browser and server technologies that do not require applets or plug-ins or the installation of software in the user devices.
- Applications can invoke authentication functionality using the SAML 2.0 (e.g., Google Apps and Salesforce) and OAuth 2.0 (adapted for mobile applications) protocols, both HTTP based. In each authentication response, TrustedX includes the identity attributes required for applications to establish their own sessions. The platform also supports the applications invoking the TrustedX signature and encryption services.
TrustedX acts as an agent between the user applications and the identity services. The applications use the OAuth 2.0 or SAML 2.0 protocols to invoke TrustedX. LDAP/AD, RADIUS and PKI identity services are supported.
The platform provides several strategies for integrating the authentication, which even includes participating in existing deployments:
- Standard, which uses TrustedX's end user authentication interface.
- Delegated graphical interface, which provides a user experience that is more harmonious with the applications.
- Externalized in other identity providers, which is complemented with TrustedX's adaptive authentication and SSO functionality.
PDF Document Signing with Safelayer Mobile ID
This video shows how to sign a PDF document using the smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only his smartphone.
OOB Transaction Verification with Safelayer Mobile ID
This video shows the transaction verification process using a second channel. The user will be asked for the confirmation of the detail of the operation using his smartphone with the Safelayer Mobile ID App.