CA Strong Authentication UNIX Installation Guide › Understanding the Basics

Understanding the Basics

With the exponential increase in cases of Internet-based fraud over the last few years, relying on user names and passwords for authentication is no longer sufficient. The need for stronger authentication can either be to protect end users or to comply with government-mandated security requirements, internal policies, or best practices.

However, adding stronger authentication often creates conflict between compliance requirements and user convenience. Organizations want to increase the security of their authentication processes by reducing complexity.

Organizations also want to reduce the risk of financial losses or brand damage while increasing customer and partner access to applications and data.

CA Strong Authentication is a strong authentication service that enables your application to verify and protect the identity of your end users by:

• Not transmitting passwords (either in clear or encrypted form) over the network.
• Enabling you to select the authentication method that best suits the security and convenience of different types of users.
• Using CA Auth ID® and CA Auth ID OTP, which are based on the patented Cryptographic Camouflage technique to protect keys.

  In Cryptographic Camouflage, the keys are not encrypted with a password that is too long for exhaustive attacks. Instead, keys are encrypted such that only one password can decrypt it correctly, but many passwords can decrypt it to produce a key that looks valid enough to fool an attacker. This method protects a user's private key against dictionary attacks and Man-in-the-Middle (MITM) attacks, as a smartcard does, but entirely in the software format.

  See "How Cryptographic Camouflage Works" for more information.

This guide provides information for planning the deployment of CA Strong Authentication based on different solution requirements. Each solution consists of multiple components that interact with each other and other systems in an enterprise or multiple-network systems.

Note: CA Strong Authentication still contains the terms Arcot and WebFort in some of its code objects and other artifacts. Therefore, you will find occurrences of Arcot and WebFort in the documentation. In addition, some of the topics in this guide do not follow the standard formatting guidelines. These inconsistencies will be fixed in a future release.