CA Strong Authentication Windows Installation Guide › Introduction

Introduction

With the exponential increase in cases of Internet-based fraud over the last few years, relying on user names and passwords for authentication is no longer sufficient. Organizations want to increase the security of their authentication processes by reducing complexity. Organizations also want to reduce the risk of financial losses or brand damage while increasing customer and partner access to applications and data.

CA Strong Authentication is a trusted service that verifies and protects the identity of your end users by:

• Securing passwords (either in clear or encrypted form) over the network.
• Enabling you to select the authentication method that best suits the security and convenience of different users.
• Using CA Auth ID and CA Auth ID OTP, which are based on the patented Cryptographic Camouflage technique to protect keys.

  In Cryptographic Camouflage, a series of keys are generated which look valid enough to fool an attacker. This method protects a user's private key against dictionary attacks and Man-in-the-Middle (MITM) attacks, as a smartcard does, but entirely in the software format.

  See "How Cryptographic Camouflage Works" for more information.

This guide provides information for planning the deployment of CA Strong Authentication based on different solution requirements. Each solution consists of multiple components that interact with each other and other systems in an enterprise or multiple-network systems.

CA Strong Authentication enables upgrade to CA Auth ID for authentication, without changing the user login experience or critical business processes. CA Strong Authenticationis also a Versatile Authentication Server (VAS) because it supports the implementation of a wide range of proprietary and open authentication mechanisms. In addition to supporting authentication by using Public Key Infrastructure (PKI) and one-time password (OTP/Activation Code), it is also designed to plug in any existing authentication methods.

The VAS functionality enables you to select the authentication method that best suits the needs of your end users. You can choose to:

• Integrate with a variety of standard authentication interfaces.
• Implement standards-based hardware or software authentication methods.
• Add new authentication methods, such as CA Auth ID, while continuing to support legacy technology, such as OTP/Activation Code tokens.
• Extend CA Strong Authentication VAS through plug-ins to perform proprietary authentication.

Important! This documentation contains the terms Arcot, WebFort , RiskFort, WebFort, RiskMinder, and AuthMinder in some of its code objects and other artifacts. The term ArcotID is now called as CA Auth ID. In addition, some of the topics in this guide do not follow the standard formatting guidelines.

This section contains the following topics:

System Architecture

Plug-ins

User Authentication

CA Auth ID Key Concepts