Mobile One-Time Password About Changingtec - Member of group - Focus on IT security software Company Changing Information Technology Inc Set up April 1998 Capital About US$ 2.8million Employee About 50 Location Hsinchu science park Taiwan Page 2 About Changingtec Focus on networking security solution Develop complete networking security product line based on core PKI technology MSS RA Registration authority SS PKI Secure Server Mobile Security solution Toolkits CA Certification Authority GuardKey VA Validation Authority Security USB MOTP Mobile one time password • Generate one time password by mobile. • Solving phishing、Trojan 、 website attack problem。 Page 3 About Changing Software developing experience for over 10 years. Best market share in Taiwan authentication market. Banking 80% Financing security 90% Medical no.1 Gaming no.1 Page 4 Ministry finance Electronics receipt system is developed and maintenance by Changingtec Changing success case Page 5 Page 6 MOTP the best information leakage prevention tool MOTP (Mobile One-Time Password） - 「one time password」or「dynamic password」； OTP is“not predictable、not reusable、not repeatable” . - Two factor authentication protect confidential information by higher security level. - What is two factor authentication? Page 7 MOTP two factor authentication 1. User log on 2. Input ID PW User known information 3. Generate OTP by mobile/ OTP token 4. Input OTP 5. Press [log on] 6. Enter system User owned object Page 8 MOTP system architecture Page 9 Application Radius application (VPN, Citrix, firewall, UTM). IIS/Tomcat Filter (web server). Windows Log on. OWA (Outlook Web Access) Web Outlook Email. Customized ID/Pass webpage. Page 10 VPN VPN log on 1 VPN server MOTP Server 2 3 5 4 1. generate OTP by OTP token，enter to SSL VPN log on screen (Web or client). 2. VPN Client transfer OTP to VPN server. 3. VPN server transfer OTP to MOTP server by Radius protocol. 4. MOTP server reply authentication result. 5. VPN server connect user to internal system. Case study： OTP Token Page 11 Web page Web application system MOTP server 2 3 1 1. generate OTP by OTP token ，input into log on page. 2. Web system check PW and transfer OTP to MOTP server. 3. MOTP server reply authentication result and allow user log on. Case study： OTP token Page 12 Web Filter Confidential web page Filter authentication 2 MOTP server 3 4 1 1. No need OTP authentication when browse generate webpage. 2. Connect confidential webpage, refer to OTP web filter. 3. MOTP server authenticate OTP before allow user browse confidential page. General webpage 4. Enter protected confidential webpage. Page 13 Windows Logon Windows log on 2 AD server 5 1 3 MOTP server 4 1. Generate OTP. Input in Windows log on screen. 2. MOTP Winlogon agent pass OTP to AD server for authentication. 3. FSDCProxy transfer OTP to MOTP server. 4. MOTP server reply authentication result. 5. FSDCProxy reply to user PC and allow user log on. OTP token Case study： Page 14 Web Outlook 2 MOTP server 3 1. Generate OTP by Token. Input Web Outlook log on screen. 1 2. OWA system authenticate PW and transfer OTP to MOTP server. 3. MOTP server reply weather OTP authentication is passed or not. OTP Token Page 15 Easy installation 1 installation 2 integration 3 registration 4 token installation 5 activation Set up server Build up system integration Register MOTP User 使用 Download and install software token 使用者開始使用 MOTP登入網頁 Activate MOTP User ID PW and OTP Page 16 MOTP benefit for MIS (IT manager) • • • • • • Prevent information leakage. Easy installation Easy maintenance. Support role authority for lamination mgt. Centralize in-out side access control by token management. Audit Log. Support HA (fail over). Page 17 MOTP benefit for end user • • • • • No need to maintain ID PW periodically One account can use multi-tokens Support temperate account PW. No need extra PW memorization Various Token type optional Page 18 MOTP support full range token • support full range token series: hardware, software token optional Page 19 MOTP 3.0 advantages： Easy to manage IE based Administrator UI. Easy to management International protocol Standard Radius protocol apply to over 90% SSL VPN Audit program Complete OTP user history and analysis log. Support system changing, user search function and abnormal status notication function Scalability Support from 1 to thousands users by adding authentication server Stability Compliance with existing security system. Support high ability (HA), stable and safe. Page 20 Thanks~ Please feel free to contact for any inquiry.