DS3+ +Authentication+Regulations+Guidelines+Compliance

8/4/2019 DS3+ +Authentication+Regulations+Guidelines+Compliance

http://slidepdf.com/reader/full/ds3-authenticationregulationsguidelinescompliance 1/2

Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] - All rights reserved

Key Features of DS3 Authentication Server: 

— Choice of strong authentication vendor mix forlowest Total Cost of Ownership

— Multi-factor authentication for privileged users

— End-to-end encryption for sensitive data

— FIPS-140 Level 3 certified HSM to

perform cryptographic operations

— High Availability, high performance

and scalability

Compliance: The Need for Security 

Increase of Threats 

Cyber threats such as credit card fraud, identity theft and

data breach have risen as an increasing number of people

are going online to conduct financial transactions. Millions

of people all over the world have been affected.  

People have become a constant target for cyber criminals

who use spyware, key loggers, botnets, Trojans, phishing,

pharming, shortened web addresses and even social media.

Regulations and Guidelines 

In order to counter this, several countries and industry

organizations have taken the lead to safeguard customers

and to help businesses through regulations and guidelines. 

- The Monetary Authority of Singapore has published their

Internet Banking and Technology Risk Management

Guidelines (IBTRM) which are considered to be the most

stringent in the world

- The world’s leading card brands collaborated to create

an industry-wide framework known as the Payment Card

Industry (PCI) Data Security Standard (DSS), a set of best

practices designed to secure credit card data throughout

the information lifecycle for storing, processing and

transmitting cardholder data. 

DS3 Authentication Server Compliance 

The DS3 authentication server is compliant with both IBTRM

and PCI DSS, which should be seen as an insurance policy,

protecting your business from the financial costs of failing

to secure identity and transaction data. 

With DS3, you can be assured that our solutions can be

part of your IT investment to achieve industry guidelines,

regulations and compliance. 

Overview 

The DS3 Authentication Server has a proven track recordin staying ahead of technological innovations and trends.

It has received certification for RSA Secured® Partner

Program, Mastercard EMV CAP AA4C and (as first)

OATH program for both HOTP and TOTP server prof iles.

(Also supporting OCRA) 

The DS3 Authentication Server is a full fledged

authentication security solution in an appliance (also

available under VMWare®), providing End-to-End Security

for passwords and highly sensitive information to secure

electronic transactions. It is a high security and high

performance system that has the ability to support millions

of users with different types of authentication methods

and different types of tokens. The combination of power

and flexibility reduces implementation risks and decreases

the Total Cost of Ownership (TCO).

Token Agnostic Approach 

The multi-authentication, multivendor, multi-

domain and multi-token agnostic approach

assures:- Lower Total Cost of Ownership (TCO)

- Freedom of vendor token selection

- Flexibility in deployment and migration

There is no lock-in to any token vendor, giving

the flexibility of deploying and switching

tokens on your demand, while maintaining a

good balance among costs, convenience and

risks.

Strong Authentication Choice 

A large variety of methods are supported - including: 

  Vasco/DIGIPASS, RSA/SecurID tokens

  All OATH OTP tokens (HOTP – TOTP - OCRA)

  USB key tokens - including hybrid tokens (OTP & PKI)

  EMV CAP tokens (Mastercard EMV-CAP / PLA - 4AAC)

  PKI X.509 tokens (using any CA or the embedded CA) 

  SMS One Time Password (logon and transaction)

  Mobile phone (iPhone, Android, BlackBerry, J2ME)

  Scratch and matrix cards – PIN TAN lists

  Micro SD cards

  Flexible OTP display cards

And also one-factor authentication: 

  Static password authentication

  Partial Password authentication

8/4/2019 DS3+ +Authentication+Regulations+Guidelines+Compliance

http://slidepdf.com/reader/full/ds3-authenticationregulationsguidelinescompliance 2/2

Copyright © DS3 - Data Security Systems Solutions Pte Ltd 2011 - www.DS3global.com - [email protected] All rights reserved

Features 

Defense against Man-In-the-Middle Attacks

The DS3 Authentication Server supports the followingmechanisms to defend against MITMA attacks: 

  SMS Out-Of-Band Transaction Signing 

  VASCO token signing 

  OATH OCRA transaction signing (coming soon)

  EMV CAP Mode 1 transaction signing

The Out-Of-Band authorization via SMS Transaction

signing is achieved by transmitting an SMS message to the

user’s pre-registered mobile number containing the

transaction details and the transaction-signing

au th or iz at io n c od e to be entered in order to confirm the

transaction.

Strong Authentication for Critical Systems

The DS3 Authentication Server can be used and integrated

with to enforce strong authentication for critical systems

such as: 

  Windows Servers (via GINA)

  Linux, UNIX Servers (via PAM)

  Citrix Servers (via RADIUS)

  VPN (via RADIUS)

  Tivoli suite: TAMeb, TAM esso, iTIM, TFIM

In compliance with:

MAS IBTRM Guidelines addressed Section 4.4 

PCI DSS Requirements addressed Section 8 & Section 1c 

End-to-End Encryption – HSM FIPS-140 – PKI

Securing End-To-End Encryption (E2EE) for PINs, passwords,

transactions and other customer information is ensured by 

providing the necessary Java Script / Applet for the frontend

and backend HSM cryptographic operations. 

In order to perform secure cryptographic operations, the DS3

Authentication Server can embed a FIPS-140 Level 3 certified

HSM. 

Additionally transparent key management features allow

financial institutions to generate, use and renew

keys without any key information ever leaving the

appliance.

EAP-TLS PKI certificates can be issued to support strong

authentication services via 802.1X. 

In compliance with:

MAS IBTRM Guidelines addressed Section 4.1 

PCI DSS Requirements addressed Section 4.1 and 8.4 

High Availability and Scalability 

High Availability architecture is available with two Production

and two Disaster Recovery servers. This can be further

scaled horizontally up to 12 servers in an active-active cross

site architecture to deliver up to 99.999% availability. 

In compliance with:

MAS IBTRM Guidelines addressed Section 4.3 

Comprehensive ID-Management 

The DS3 Authentication Server is able to enforce strong ID

management for administrator and non-administrator

accounts including: 

  ID Creation/Modif ication/Deletion

  Password locking / resets / force change

  Inactivity lockout 

  Password policy enforcement 

Each user is managed by a unique UserID having a set of 

authentication access controls assigned to him. 

In compliance with:

PCI DSS Requirements addressed Section 8.1 and 8.5 

Summary 

The DS3 Authentication Server is a complete Authentication

Security solution in an appliance (also available under

VMWare®), which has received certifications from industry

leaders and incorporates some of the best practices

employed in the industry. 

By effectively addressing industry guidelines and

requirements, DS3 can help your organization achieve

compliance in a timely and cost-effective manner. At the

same time offering the freedom of choice of authentication

method and token vendor a lower total cost of ownership canbe achieved.

Singapore Headquarters North Americas Tel: +65-6479-5688 Tel: +1-408-834-4430

Email: [email protected] Email: [email protected] 

Japan Middle East 

Tel: +81-3-5829-9757 Tel: +971-50-519-4873

Email: [email protected]  Email: [email protected] 

Europe India 

Tel: +32-478-34-99-15 Tel: +91-981-968-5840

Email: [email protected]  Email: [email protected]