The CRYPTO-MAS managed service from CRYPTOCard

As companies fight to secure their data from unwanted intrusion, they are now expecting their staff to remember an ever increasing number of username and password combinations. In light of this, it's hardly surprising that support departments are spending more and more of their time resetting forgotten passwords. Two factor authentication (2FA) is a popular alternative as it reduces this complexity by requiring users to own something and to know something - the two factors.

However, even here, there are support issues as systems have to be installed and deployed and the users educated. CRYPTOCard's new CRYPTO-MAS service, aims to take the strain by providing a fully managed 2FA service. It functions by redirecting user login requests from a company's authentication device to its own secure servers. If the correct credentials are provided, the user is allowed to access permitted network resources as normal. CRYPTO-MAS supports most authentication devices and essentially assumes the RADIUS authentication process, requiring a device reconfiguration to relay incoming user login requests to the remote servers.

There's really nothing to it as you just configure your device to use an external RADIUS server - the CRYPTOMAS servers. In general, you'll provide their FQDNs (fully qualified domain names) along with the authentication port numbers and shared secrets. For OTP (one-time password) creation, CRYPTOCard offers a choice selection of hardware and software tokens. Three types of key chain tokens are available, and one contains a transponder for opening security doors.

The service uses calculator style tokens, but the most costeffective is the SMS token where OTPs can be sent to a standard mobile telephone. You can mix and match tokens within your company and provide selected users with more than one type if required. The hardware tokens have a long life span and some come with replaceable batteries. Registration starts by completing a form on CRYPTOCard's web site to record details of your authentication devices. CRYPTOCard then provides configuration instructions and sets up an administrative account for access to the CRYPTO-MAS portal; it is from here that you can manage both users and tokens.

The portal interface is simple to use and you can start by organising your users into groups which can identify areas such as the department that they belong to, or their access method. Token management is nicely handled as pools containing their serial number fields are populated by CRYPTOCard ready for use, so all you need to do is assign specific tokens to your users. When users receive an advisory mail, they go to the self service portal, activate their token, and change their PIN from the default value. Through the administration portal you can reassign tokens or apply start and end dates, allowing you to strictly control the time period that each will be valid for.

You can also request that users change their PIN at predefined intervals or force a change at login. The PIN is the only thing the user needs to remember and as they have their token generating OTPs for them, this doesn't have to be as complex as traditional passwords. Naturally, you need to safeguard against intruders, possibly with lost or stolen tokens, and you can set a limit on the number of failed authentication attempts allowed. Once this threshold has been breached the token is automatically blocked from further use until it is unlocked. Token usage is monitored closely, and full usage reports can be generated. 2FA is a far more elegant solution to traditional access security methods and the CRYPTO-MAS managed service simplifies it even further. It offers very strong security and it is simple to deploy and manage, and, with prices starting at a mere £2 per user, per month, it promises to be an extremely cost effective solution. NC

Product:

CRYPTO-MAS Supplier: CRYPTOCard
Tel: 0870 7077 700
Web site: www.cryptocard.com
Price: From £2 per user per month, excluding VAT