TrustedX Authentication Platform is an adaptive authentication and federation platform for Web and Cloud environments. Its features include:
- Support for corporate, social-network and government authentication mechanisms
- Step-up authentication. The authentication trust level is assessed and increased when required by the application
- Context information analysis enhanced authentication security that does not affect the user experience
- Identity federation trust management and single sign-on across applications
- An authentication reporting system and quick response to security problems
- Identity provider
The product acts as an identity provider, allows federation with external providers and enhances the security in the authentication of existing users and groups. It supports corporate directories (including Kerberos), national eIDs and social identifiers (i.e., LinkedIn, Facebook, etc.).
- Layered security
An additional layer of security transparently assesses the authentication risk level by taking into account the user's profile, habits and biometrics. Users continue using their identities. They are only prompted for an additional authentication step when a certain risk threshold is exceeded.
- Cloud applications
Authentication control is extended to Cloud applications such as Google Apps, Salesforce and Office 365 through the implementation of standard Web and Cloud protocols. SAML 2.0 and OAuth 2.0 / OpenID Connect are supported for the federation of applications.
- Centralized control and auditing
Authentication factors can be tailored to each user group (employees, collaborators, clients, etc.) and application. Single sign-on is managed according to the required trust level. Security incidents are responded to quickly. All the audit information is centralized, with data provided on each authentication decision.
The authentication platform acts as an identity provider for the applications and enables customizing the authentication in each case using:
- Authentication flows, which deploy highly configurable sequences of steps that adapt the authentication behaviour to the security requirements of each application, the user identity, the available authentication mechanisms and the connection context.
- Context analysis policies, which analyse the user's device, location and connection habits to assess the risk of the authentication. Each policy is highly configurable and supports establishing which factors are considered and their weightings.
- An authentication method classification, which determines the security level reached in each authentication.
- Single sign-on (SSO), which streamlines the authentication of the users in multiple applications while respecting the security requirements.
- Intuitive server authentication, which safeguards users against phishing and pharming attacks and entails the users having to recognize a customized image in the authentication interface.
Characteristics of context-aware authentication:
- TrustedX keeps a profile for each user. This profile is updated progressively and transparently after each access.In the interest of privacy, profiles can be abstracted from the explicit user identities.
- Users can explicitly register trusted devices.TrustedX can recognize the devices registered by a user and any other devices used by that user.
- TrustedX can recognize the user's keystroke dynamics, even for devices it has not been explicitly trained on. Keystroke dynamics is a biometric factor that does not affect the user experience.
- Network information can be used to obtain the geographic location of the user, recognize locations the user has previously visited and even check whether the user accessed with the same device from this location. It can even check if the user could have physically traveled between two consecutive access locations.
- The risk assessment of an authentication can be determinant if the user is required to pass a set of factors. Alternatively, the risk can be assessed globally using a weighted combination of several factors. Optional factors can be used to detect minor anomalies.
- An application is provided in which users can speed up the learning of some factors related to their authentication.
- To facilitate configuring policies in the pre-production stage, TrustedX can operate in observation mode without interfering in the usual authentication.
- The platform provides detailed reports and graphs on the authentication factors analyzed in each access, both for auditing purposes and for fine tuning the policies applied in each use case.
- The capture of all the context-aware authentication factors uses browser and server technologies that do not require applets or plug-ins or the installation of software in the user devices.
- Applications can invoke authentication functionality using the SAML 2.0 (e.g., Google Apps and Salesforce) and OAuth 2.0 (adapted for mobile applications) protocols, both HTTP based. In each authentication response, TrustedX includes the identity attributes required for applications to establish their own sessions. The platform also supports the applications invoking the TrustedX signature and encryption services.
TrustedX acts as an agent between the user applications and the identity services. The applications use the OAuth 2.0 or SAML 2.0 protocols to invoke TrustedX. LDAP/AD, RADIUS and PKI identity services are supported.
The platform provides the following strategies for integrating the authentication, which even includes integration wiht existing deployments:
- Standard, which uses TrustedX's end user authentication interface.
- Delegated graphical interface, which provides a user experience that is more harmonious with the applications.
- Externalized in other identity providers, which is complemented with TrustedX's adaptive authentication and SSO functionality.
PDF Document Signing with Safelayer Mobile ID
This video shows how to sign a PDF document using a smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only his smartphone.
OOB Transaction Verification with Safelayer Mobile ID
This video shows the transaction verification process using a second channel. The user is prompted to confirm the details of an operation with his smartphone via the Safelayer Mobile ID App.