AT&T GSMS Authenticator enables financial services organizations and corporate customers to exploit the penetration of mobile devices, to dramatically improve the authentication of online access to services or corporate environment.
AT&T GSMS Authenticator manages the issuing and validation of one-time passwords and cryptographic check-sums, communicating these to staff or customers using a secure mobile channel. The system provides similar security to that which can be achieved using dedicated hand-held security tokens and soft tokens, without the cost and management overheads that have traditionally limited the application of such devices in real commercial environments.
Delivered via the web as an online application, you are in control of employees and customers that have access to the 2-Factor solution, you can configure the system to augment your existing 2-Factor solution and migrate customers and employees to AT&T GSMS Authenticator or deploy the solution as a more robust and economical 2-Factor authentication solution.
|
Figure: AT&T GSMS in a Mobile Finance / Banking Scenario
Security AT&T GSMS Authenticator operates on 2-factor authentication security. This normally entails using a standard user name/password authentication, with a hardware or USB token key to display one-time passwords that are generated according to a time-synchronous seed generation algorithm. 2-factor authentication provides key security benefits such as:
•Protection against identity theft and password phishing;
•Protection against key stroke loggers;
•Thwarting packet sniffing attempts
However (from a features/benefits point of view), in providing not only cost savings through SMS one-time passwords (without the associative costs of tokens), Authenticator enhances 2-factor authentication security by sending cryptographically generated passwords though a mobile data channel i.e. SMS. This further negates any packet sniffing capabilities over the network. |
Benefits AT&T GSMS Authenticator supports organizations that wish to grant remote access to employees through virtual private networks (VPN). VPNs provide access to corporate tools such as emails, partner extranets, supply-chain applications and inventory tools.
A common mechanism for securing VPN access incorporates 2-factor authentication through the use of hardware token based one-time passwords (OTP) and personal credentials. This provides another layer of authentication, distinct from standard login password systems and their web-based equivalents. Security vendors such as RSA and Verisign offer various forms of USB, software and hardware tokens that display OTP, working in conjunction with user login and passwords.
AT&T GSMS Authenticator is deployed as a ‘drop-in’ solution into the customer’s existing infrastructure. Primarily it provides easy compatibility with existing VPN infrastructure and is designed to co-exist with or replace a hardware token-based VPN access regime. There are significant costs associated with the purchase and support of hardware tokens and their associated infrastructure; which AT&T GSMS Authenticator is designed to enable customers to avoid. |
Enhanced security
The primary purpose of AT&T GSMS Authenticator is to cost effectively enhance user authentication in situations where a large population of staff or customers is accessing an online service. Key security services facilitated by AT&T GSMS Authenticator include:
•Strong (2-factor) user authentication
•Protection from identity theft
•Rapid re-provisioning of tokens (lost or stolen)
•Enhanced non-repudiation
•Enhanced access control
•Information confidentiality
•Single sign-on, and data integrity protection |
Cost savings
Eliminate or reduce the labour-intensive manual processes currently used to compensate for the security exposures of existing practices
The existing hardware token life-cycle, administration, logistics, registration, support and problem management disappears saving you more than significantly on per managed token per annum / Security appliance capital investment and on going internal and external operational expenditure for support.
Hardware tokens have a built in expiry date, making it necessary to repurchase and redeploy after a finite period which is overcome by using a mobile phone. |
Compatibility and Support
AT&T GSMS Authenticator can be used to replace or enhance current VPN infrastructure. This includes Authenticator working as an integrated part of an organization’s security infrastructure. Cost savings and support benefits include:
▪Compatibility with major industry firewall, VPN, RADIUS and AAA (Authorization, Authentication and Accounting) software. ▪Support for industry names such as F5, RSA, CISCO, Nortel, SonicWall and Checkpoint. |
Ease of implementation
AT&T GSMS Authenticator integrates with your existing Network Access Server or VPN Aggregator like all 2-Factor solutions.
Using standards and proprietary based protocols integration into VPN solutions is easy.
A full web based interface (itself secured with AT&T GSMS Mobile Authenticator) allows your administration staff to register employees, customers and suppliers as required, with simple integration from Active Directory employee listings. |
Flexible and Scalability
AT&T GSMS Authenticator has the flexibility and scalability to be deployed:
•As a single site solution allowing the employees to registered and managed easily
•A multi site solution allowing the roaming of employees and staff from site to site
•As a internet portal solution allowing millions of customers to access your site securely
•Use 2-Factor as a transaction id for certain business processes that require a particular audit trail.
•Can be configured to operate in “pass through” mode for unregistered customers. This facilitates staged implementation and tolerance to partial customer adoption |
No Lost Tokens
AT&T GSMS Authenticator has no tokens to lose, replace, synchronize or repair.
Your customers, employees or suppliers simply use their mobile phone to receive the token that is generated from your premises. |
Reliability and Quality of Service
AT&T GSMS Authenticator is built in with 24*7 high availability uptime in mind. This features load balancing and automated process monitoring functions. Each process monitor includes alarms and logs to record failures. AT&T GSMS Authenticator is built with fault tolerant fail-over in mind so as to achieve carrier-grade robustness even at peak load levels. |
Helpdesk and Operational Support AT&T GSMS Authenticator is designed to facilitate support personnel for help desk and administrative roles. This feature provides, fault logging, operations management, and assists users in troubleshooting. |
Reporting and Analysis AT&T GSMS Authenticator features report generation capability, allowing support or systems analysts to view and print data such as login statistics and platform operations. This is beneficial for security audits or statistical purposes.
Common reports on usage and performance are available through the AT&T Global Smart Messaging Suite powered by Soprano portal. |
Deployment Options AT&T GSMS Mobile Authenticator has various deployment models:
•Appliance within an Enterprise Environment, with a secure connection to AT&T Global Smart Messaging Suite powered by Soprano for carriage
•Hosted within the private cloud AT&T Global Smart Messaging Suite powered by Soprano platform
One Time Password component can be generated:
•by enterprise software
•by AT&T GSMS Java API
•by AT&T GSMS .NET API
•-by AT&T GSMS Mobile Authenticator appliance/platform
AT&T GSMS Authenticator may require the AT&T GSMS Authentication Proxy to be deployed, integrating into enterprise VPN concentrator/AAA server, to maintain token information.
Delivered as a Software as a Solution, web based application, you do not need to be concerned with deploying and new hardware. |
Enabling AT&T GSMS Authenticator
Please contact your AT&T GSMS Account Executive or email help@sopranodesign.com for more information on AT&T GSMS Authenticator.