PeopleNet isKey OTP

PeopleNet International BusinessPeoplenet  Beijing. Shanghai, China

peo

Executive SummaryThe main Problem with Traditional (static) Passwords

Along with the increasing dependence on the Internet, using static password to gain access to a system is no longer safe. This is because static passwords can be cracked, guessed or stolen. Using static password also present a hassle for users, who have to remember different static passwords for their various applications. And these password includes capital letters and numbers. Meanwhile, static passwords are susceptible to leakage. The user never knows when he/her password is stolen until it’s too late!

The Problem with SMS verification

Today, as mobile application becomes more popular in the world, most financial services providers have adopted the SMS verification to enhance static password-based authentication in electronic banking. However, due to its inherent security infrastructure, SMS is easy to hijack through a telecom fraud or intercept (through fake base stations, malware, etc.)

isKEY OTP Solution - a Strong Authentication Technology

OverviewIn an environment of constant change and increased fraud attacks, enterprise (including SMEs and banks) need a security solution that is adaptive and reacts to market changes. A strong, comprehensive, scalable and cost-effective solution that allows freedom of choice - without compromising on the security, speed of deployment and features offered to end-users.

A one-time password (OTP) is a password that is unique & valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks.

PeopleNet isKEY Solution offers One-Time Password (OTP) Two- factor authentication for Mobile workers who want to access to their enterprise resources: VPNs, mail, web pages, etc.

3

This solution offer consists of and Authentication server (isKEY Server)and Authentication tokens (Hardware tokens).

Figure i OTP Solution Components

4

isKEY OTP Solution Specifications

isKEY OTP Token Parameters

Parameter isKEY100TOTP tokens

isKEY500Standard OCRA OTP token

isCardHOTP, TOTP, OCRA cards

Algorithms OATH RFC6238 OATH RFC6238RFC6287TOTPChallenge ResponseSignature

OATH RFC6238, RFC4226,RFC6287

Battery lifecycle

>5 years >5 years >3 years

Timing Interval

30/60 seconds

OTP Length 6/8 digits Operating temperature

-10 — +70 ℃ ℃ -10 - +40 ℃ ℃

Storage temperature

-25 — +70 ℃ ℃ -10 - + 50 ℃ ℃

Screen LCD EPDHumidity 0-100% without condensationPhysical Resistance

IP 65 Optional

Physical Resistance

System Specifications

Parameter Details

User capacity 10 - 100 millionsServer processing ability

Long-time connection:10000 times/sShort-time connection:5000 times/s(Test Server specifications: Dell 6850; CPU: 4 core Intel(R) Xeon(TM), 3.00GHz*, 4pcs; Memory: 8GB)

Response time <5msOccupied bandwidth <1MRedundant disaster backup

Cluster backup

5

Programming language

C/C++, .Net, JAVA, PHP; other custom languages supported

Protocols TCP/SSL, SOAP/HTTPS, RADIUS, LDAPand other API protocols according to customer’s demand.

Stability Up to 10,000,000,000 authentication times as full power continuous operation

Accuracy Up to 99.99999% accuracy rate as full power during continuous operation

Dynamic password length

6 / 8 Digits

PIN code SupportedAutomatic Key import Supported

Server Deployment Requirements

Operating Platform Server X86, X64, minicomputerOperating System Windows: Windows 2000/XP/2003/2008

Linux: Linux 2.4 core and aboveUnix: HP-UX, AIX

Database Oracle, DB2, MySQL, SQL Server

System Architecture isKEY Authentication Server—the core part of system: The server can

be connected with application system server via Local area network (LAN). It provides an accurate identification mechanism for users accessing system resources—based on different privileges as assigned by the application system.

Application Programming Interface (API): Supports multiple APIs including C/C++, .NET, JAVA. PeopleNet can provide full API customization based on customer requirements.

isKEY Token Management Center: includes three parts—the client-end management, authorization module and management module. System operator could accomplish authentication, token initialization and exporting token on Token Management Center.

isKEY one-time password Token: Chip embedded with encryption algorithms. 6/8 digits will be changed in one minute.

6

Solution Advantages

Security Enhance security without a direct connection to host computer, effectively

prevent password from being copied and cracked. Prevent identity leakage through by avoiding static password transmission

through open channels Generate Dynamic passwords that can only be used in once; and invalidated

after successful verification or timeout.

Wide application scope PeopleNet isKEY authentication solution can be used in every identity

authentication scenario to strengthen or completely replace static passwords

Friendly user experience Compatible with existing authentication procedures, no need to install/ setup

complex IT infrastructure for migration

Reliability Once OTP token is lost, the system will provide a temporary password via

email, SMS or other transmission modes. The system features an intelligent high technology and industry’s best

automatic synchronization mechanism. The tokens are waterproof, shockproof, features anti-static shock and anti-

violence dismantling.

isKEY OTP Solution Benefits Low Cost way to deploy strong authentication Simple integration with existing Infrastructure Easy to deploy and manage Allows easy upgrade to PKI-based authentication in the future

7

PeopleNet ContactsPeopleNet Security Technologies Co., Ltd.Building 6, Beiwu Innovation Park, No. 23 Beiwucun Road, Haidian District, Beijing, PR ChinaPostcode：100094 Tel：+86-10-64669133；Fax：+86-10-64669135Email: info@peoplenetsec.com

8