One-time-password

OTP – One Time Password

A one-time password (OTP) is a type of password that is valid for only one use. It is a secure way to provide access to an application or perform a transaction only one time. The password becomes invalid after it has been used and cannot be used again.

SOFT-OTP
trustsec-otp-backend-system
OTP Backend system & Frontend user interface

TrustSEC OTP Turnkey Solution

TrustSEC provides a fully integrated OTP solution that includes a very dynamic backend system with an easy-managing interface in addition to a variety of client end-user interfaces that varies from soft-OTP (Android and iOS) to pin-pad OTP hardware and smartcards.

  • Easy to Use
  • High Performance
  • Very Secure
  • Easy to integrate
  • High Flexibility
  • Friendly Interface

Client End-users Interfaces

Soft OTP

Client end-user authenticator App for iOS and Android.

Two Factor of Authentication

Hardware Devices

Client end-user hardware authenticator.
Two-factor authentication OTP devices

( Pin pad / Pin pad OTP Card/ Biometric OTP smartcard)

Features

OTP Features

OTP Backend (Radius System)

User Management

The system administrator can add, delete or suspend users from using the service. The following are complete actions that can be done using the web management features.
  • Adding users to the system database or user directory.
  • Changing specific user settings or current status.
  • Remove user:s from the database or user directory.
  • Sending OTP in mobile SMS to the user via proper configuration with SMS server
  • Synchronize with AD: if the administrator enables this option, any updates applied to system users will be the same on Active Directory.
  • Print Scratch Passwords: to generate OTP sequence for a certain user to be used later for authentication.
  • Assigning a token to the User either a hardware or software token.
  • The ability to generate OTP in QR-code form for better provisioning.

Token Management

Tokens management allows the admin to add OTP tokens and change the token status. The actions available using this feature are:
  • Adding token selecting the password length.
  • Renaming Token
  • Importing from Files
  • Deleting a token from the token list.

Server configuration

Enabling system administrator to change the configuration of the OTP server such as IP address and add system admins. Also, change the password of each user.

Web Application Server Management

The system admin can use this feature to manage application servers that contact OTP server to authenticate users. The admin will configure the communication with that application and the OTP server. This feature enforces more security on the authentication process as the OTP server will respond only to trusted application servers. The communication with this application server is encrypted with the shared secret to secure the authentication request and response to eliminate masquerade attacks.

Compatibility

OTP server is a standalone server based on Linux operating system. The server uses standard RADIUS protocol to provide the authentication service. Any client that implements the selected protocol can communicate with the server. Almost all programming languages provide libraries to communicate with the radius server. Also, all operating systems support different RADIUS protocols.

User directory management and configuration

This feature is used to add a new user directory or add a new database. When using this OTP system with enterprises serving a large number of customers, then it is required to connect to the user directory or database. This feature makes the system integer-able with any database system like oracle- SQL- MySQL-SQLServer….etc. or any user directory like LDAP or AD.

Software Tokens

TrustSEC OTP Backend System provides different end users with various software tokens with different supported algorithms. TrustSEC provides its customized software token to be used over Android OS devices and Apple iPhones.

Radius Protocol

The Remote Authentication Dial-In User Service (RADIUS) is a client/server security protocol. Radius protocol controls the communication between the web application server and the OTP server through multi-purpose protocols as PAP, CHAP, and MSCHAP.
PAP: The Point-To-Point protocol was one of the first protocols used to facilitate the supply of a username and password, the password is plain while transmitting between the user and the web server, however, it will be encrypted when the web server forwards the request to the OTP server.
CHAP: The Point-To-Point protocol was one of the first protocols used to facilitate the supply of a username and password, the password is plain while transmitting between the user and the web server, however, it will be encrypted when the web server forwards the request to the OTP server.
MS-CHAP: Microsoft Challenge-Handshake Authentication Protocol with little differences, it supports some of Microsoft implementations..