Feitian OTP Authentication System
Within the FOAS system the process of token integration can be simple and intuitive. Typically there are three integration methods:
Essentially FOAS is comprised of three main components:
The authentication agent functions as a bridge between the authentication server and an application server. When an end-user logs in the application server, an authentication request is sent and a result received from the authentication server through the agent in order to decide whether the request is valid. The authentication agent is not necessary in every deployment scenario; applications integrated through Radius have no need for an agent.
The management tool has an easy-to-use web interface to provide remote management and maintenance of end-users, OTP token, authentication servers, authentication agents and log information from the database. The database management system is the foundation of the OTP Server Authentication System containing most of the system data. Database management system can be chosen according to the specific demands of the client.
Supports a Wide Range Of Platforms
FOAS can integrate smoothly into all major operating systems and support multiple databases with ODBC or other specific interface connection. The FOAS system also maintains full set development interfaces in various programming languages.
Centralised System Management
The web base management tool provides for secure remote management. Administrating a host of flexible settings is regulated through central authentication for networks or computer operating systems. Support multiple authentication services with different authentication settings on one computer.
Proven Track Record For Large Scale Deployments
FOAS handles load balancing for multi-authentication services with a concurrent service rate which can execute thousands of authentication per second and support more than ten million end-users. The system was engineered for co-operability with various authentication agents.
FOAS Enhanced The Security Of Application Servers
Dynamic passwords are randomly generated unique numeric sequences used as log-in credentials. Use of dynamic passwords can prevent threats like replay, peep or monitoring. Fixed password can be used together with dynamic passwords to form two-factor authentication.
FOAS Supports The Entire Suite of Feitian OTP Hardware Tokens
With FOAS as a stable back end foundation, users can adopt the Feitian hardware solution that best fulfills their specific demand. OTP c300 token is improved by PIN protected access, both the challenge code and time-factor component are necessary to initiate a challenge-response dynamic password or transaction signature. End-users can choose to cross validate an application server and vice versa, preventing leakage of sensitive personal data.
The authentication server has the flexible feature to automatically synchronize a token during authentication if the token is found to be out-of-sync.
Multiple Token Supports
As for hardware tokens, FOAS supports event-based OTP c100, time-based OTP c200, challenge-response OTP c300 and event-based-and-PKI-combined OTP c400 tokens as well as mobile OTP tokens based on event, time or challenge-response.
Multiple Authentication Methods
RADIUS Server Support
According to pre-configured settings, the authentication server can send authentication request to a designated RADIUS server and collect authentication result to send back to the application server
The authentication server supports more than ten million concurrent end-users, and single server can reach concurrent processing rate of 3000 times per second.
Prevention of Dictionary Attack
The authentication server is able to detect that a particular end-user has executed a number of failed authentication (configurable retry counter), it will lock out that end-user. During this account locked period, the authentication server will refuse any authentication request submitted by this end-user until the account is unlocked and reset to operational state. This is an effective prevention for dictionary attacks.
Prevention of Denial-of-Service Attack
The authentication server will delay sending a failed authentication result, which effectively prevents denial-of-service attacks.