what is OTP?
A one-time password (OTP) is type of password that is valid for only one use.
It is a secure way to provide access to an application or perform a transaction only one time. The password becomes invalid after it has been used and cannot be used again.
Trust sec provides full integrated OTP solutions starting from back end to user interface
OTP Backend (Radius System)
the system administrator can add, delete or suspend users from using the service. The following are complete actions that can be done using the web management features
- Adding users to the system database or user directory.
- Changing specific user settings or current status.
- Remove user:s from database or user directory.
- Sending OTP in mobile SMS to user via proper configuration with SMS server
- Synchronize with AD: if administrator enables this option, any updates applied to system users will be the same on Active Directory.
- Print Scratch Passwords: to generate OTP sequence for certain user to be used later for authentication.
- Assigning token to User either hardware or software token.
- Tthe ability to generate OTP in QR-code form for better provisioning.
OTP server is a standalone server based on Linux operating system. The server uses standard RADIUS protocol to provide the authentication service. Any client implements the selected protocol can communicate with the server. Almost all programming languages provide libraries to communicate with the radius server. Also, all operating systems support different RADIUS protocols.
Tokens management allows the admin to add OTP tokens and change the token status. The actions available using this feature are:
- Adding token
- selecting the password length.
- Renaming Token
- Importing from Files
- Deleting a token from the token list.
Web Application Server Management
The system admin can use this feature to manage application servers that contact OTP server to authenticate users. The admin will configure the communication to that application to the OTP server. This feature enforces more security on the authentication process as the OTP server will response only to trusted application servers. The communication with this application server is encrypted with shared secret to secure the authentication request and response to eliminate masquerade attack