Authenex Powerful Authentication Server (APAS) Milestone
Two Factor Authentication Server
The APAS Milestone is the new generation authentication server which combines One-Time Password (OTP) with other user authentication requirements to provide two-factor authentication for secure LAN, remote, Outlook Web Access (OWA) and web access. Milestone can be linked with different directory servers such as Microsoft Active Directory, Open LDAP and even Oracle databases to implement any type of strong user authentication. In addition to supporting OATH Event-based/Time-based OTP and OCRA authentication, Authenex Milestone also supports simple authentication for users with no OTP tokens.
The APAS Milestone is composed of:
- An authentication server and database.
- A web-based application to manage the APAS Milestone Database and System.
- Plug-in software that extend the server’s functionality to other sources of user authentication.
- Software that resides on client computers (as needed).
- USB and non-USB tokens (the Authenex A-Key token).
These components create the most secure, easy to use, simple to administer and cost-effective two-factor authentication solution available today.
- Provides advanced, cost-effective two-factor authentication for VPN, Web, OWA, and LAN access.
- Intelligent Authentication Gateway and proxy modules which are able to quickly find an authentication server available to confidently complete the authentication process.
- Flexible Security Policies and Rules. For example, marketing personnel’s must always use OTP to login to their office computers, their PIN code must have at least 6 characters, and the only time they are allowed to login is from 8:00AM to midnight Monday to Friday; administrative personnel can only login from 8:00AM to 8:00PM Monday to Friday.
- A Comprehensive Authentication Server that supports different user login mechanisms and integrates with commercial databases and data repositories such as Microsoft Active Directory, Open LDAP and other LDAP servers, and Oracle and IBM DB2 databases. APAS Milestone also includes a local database for customers with no external data repository.
- Perfect Integration Application - enabling your enterprise systems to become OTP-ready with minimal effort. APAS Milestone integrates with Outlook Web Access (OWA) and MS IIS for OTP login by using plug-in mechanisms developed by Authenex. LAN OTP Login for Windows is also available for Microsoft AD domain users. In addition, Authenex provides easy to use Web Services, .NET and Java APIs enabling developers to quickly implement OTP authentication in existing applications.
- Complete and Highly Flexible Product Line Support. Authenex product line includes robust OTP ＆ OCRA tokens in different forms and shapes such as hardware tokens, software tokens for Windows and Mac computers, apps for iPhone, Android, Windows Phone and BlackBerry mobile devices, and Short Message Service (SMS) and Email OTP.
- Installation usually takes less than 30 minutes.
APAS Milestone is a Remote Authentication Dial In User Service (RADIUS) (RFC 2865) authentication server. Once installed and configured, the APAS Milestone requires users who want access to networks and data to authenticate via One-Time Password (OTP) authentication.
The purpose of the OTP is to provide a user's identity to the APAS Milestone. Once a password is used to successfully authenticate, it is no longer valid. In this way, even if someone is eavesdropping on remote connections and can retrieve the OTP number, they cannot use it, as it is only valid once.
APAS Milestone OTP values are generated dynamically by the Authenex tokens every time its button is pressed in the case of hardware tokens or every time user manually clicks a button either in his PC or mobile device in the case of Software and Mobile OTP tokens, respectively. On the APAS Milestone server side, OTP values are generated for comparison every time an OTP authentication request is received.
Synchronization between Authenex Event-based OTP tokens and the APAS Milestone is kept using counters: one OTP counter stored in the token to track the last OTP value generated, and another OTP counter stored in the APAS Milestone database which tracks the last OTP value authenticated for that particular token. The APAS Milestone provides ways to re-synchronize both OTP counters through the web-based Management Console.
Synchronization between Authenex Time-based OTP tokens and the APAS Milestone is not required as the Coordinated Universal Time (UTC) standard is used in both sides.