The Advanced Authentication service provides the following features:
Strong authentication addresses the exponential increase in internet-based fraud over the last few years. The basic user name-password model for authentication is no longer sufficient.
Strong authentication uses two-factor authentication, where an end user is required to provide more than one form of identification. For example, in addition to the typical user name-password (something the user knows), the end user also has to provide an additional hardware or software credential (something the user has).
The Advanced Authentication service provides proprietary software credentials, which can be used as the possession factor (something the user has) for authentication. The end user's password or PIN is used as the knowledge factor (something the user knows). As a result, end users retain the familiar user name-password login process. They need to know only their user name and password or PIN, but are protected by a strong authentication solution that works in the background.
The following strong authentication credential types are available to protect resources in an organization:
These credential types are discussed in detail in later topics.
When an end user tries to access a protected resource, the Advanced Authentication service first collects a wide range of data, such as details about the following:
The service evaluates that data using risk evaluation rules.
A risk evaluation rule is a set of conditions against which the end user or device data is validated. The result of each rule is then evaluated in the order of priority that is set by an administrator. A score and advice are generated based on the first rule that matched (the higher the risk score, the greater the probability of a fraud). Based on this advice, the end user is granted access, denied access, or asked for additional authentication.
Risk evaluation rules are listed and explained in a later section.
The Advanced Authentication service provides a set of predefined flows that have been derived based on a combination of strong authentication and/or risk evaluation. A hosting administrator can configure these flows based on the organization's needs. Each predefined flow defines the steps that must be performed, in a specific order, to authenticate end users who have been given a specific type of credential.
The predefined advanced authentication flows are as follows:
These flows are described in detail in a later section.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|