Strong Authentication & Identity Management Solutions

Authernative develops, markets, and sells innovative patent-pending software security solutions offering
comprehensive user identity and access management (I&AM) capabilities over electronic networks including strong
authentication, authorization, administration, and auditing (AAAA). The companys products are used to prevent
unauthorized access to confidential data, identity theft, and financial loss. They allow businesses to lower the cost of
providing, deploying, and managing strong user authentication and authorization capabilities for enabling e-
commerce, regulatory compliance, secure business communications and transactions with customers, suppliers, and
employees.

AuthGuard Strong Authentication

The AuthGuard user authentication product addresses and overcomes the low level of security inherent in
conventional password-based authentication mechanisms without the use of tokens, smartcards, biometrics,
software clients, TAN lists, preprinted cards, inert tokens, or personal information questions to authenticate users.

AuthGuard patent-pending what user knows- based authentication algorithms initiate a One Time Pin through
cognitive association. This authentication technology offers the high security found in hardware tokens or biometrics
while preserving the cost-effective electronic mass deployment and the ease of use, typical of passwords. As a
result, AuthGuard provides a high level of security to mass users without the costs, deployment issues, or help
desk complexities associated with other authentication offerings.

AuthGuard protects against a number of attacks jeopardizing user authentication credentials including phishing
attacks, shoulder surfing, password guessing, replay, spy-ware, Trojans, key-loggers, dictionary/ brute force,
videotaping, man-in-the-middle, network sniffing, keyboard memory buffer sniffing and password file theft.

AuthGuard overcomes user authentication challenges of todays enterprises and e-commerce businesses by
fulfilling most demanded requirements in the industry including: (1) High Security (2) Electronic Deployment (3) User
Friendliness (4) Cost Effectiveness (5) Self-Service capability.

Key capabilities include:

Strong Authentication - AuthGuard offers two algorithmically and parametrically different authentication methods
providing strong authentication utilizing what user knows approach (a shared secret between client and server)
similar to passwords in terms of cost, electronic deployment, and user friendliness, yet strongly secure.

Multi-Factor, Multi-Channel, & Mutual Authentication - AuthGuard offers the standard password capability
along with the two new authentication factors providing one-, two- or three-factor knowledge-based strong
authentication. In addition, the product provides multi-channel (out of band) and strong mutual authentication. All
these capabilities are integrated into one authentication console allowing to personalize the level of security and the
ease of use particular to the users needs or companys policies.

Self-Service - AuthGuard provides online self-service capabilities allowing users to select the login mode and
security level; conduct an account set up; and self-reset their credentials without contacting help desk.

Credential Protection - AuthGuard includes a proprietary client-server session encryption key management
system and separately, RDBMS- or LDAP-based user store encryption scheme. Each of them protects user
authentication credentials. Integrated with SSL, the product also protects the content exchanged between client and
server during the communication session.
 Altogether, it is the product of choice in authenticating users over distributed network environments whether at
service providers with millions of users, global enterprises, ASPs, or small and medium businesses. The product
provides solid protection against multiple intruding attacks at credential input devices, communication lines, and
back-office user stores and it is most relevant in protecting key communication, database and command hierarchy
infrastructures.

PassEnabler Identity & Access Management Suite

PassEnabler is a secure authorization, Authentication Authorization

administration, and auditing engine natively Standard, Elevated & High Single Sign On (SSO),
integrated with Authernative AuthGuard security level authentication User Access, Permissions,
strong user authentication technology. Roles & Configuration
Management

PassEnabler offers a highly modularized,

affordable, convenient, and easy to manage Identity & Access
AAAA centralized solution for enterprises, Management
ASPs, company departments, or small and
Account set up,
medium businesses. Credentials self-reset,
Account status change, User & Administrator
RDBMS/LDAP configuration Logs, Queries

Administration Auditing
PassEnabler key capabilities include:

Strong Authentication PassEnabler is integrated with AuthGuard multi-factor, multi-channel & mutual
authentication algorithms and capabilities.

Secure Authorization PassEnabler secure authorization engine offers configuration control, single sign-on, user
account provisioning, online account set up and credential self-reset capabilities. Also, it enables an organization to
securely authenticate and manage internal and external users access to network resources, ensures that only
legitimate users get access, and provide fine-grained control of who can access what.

Flexible Administration PassEnabler powerful management console enables the entire product suite
configuration, including the security and user session parameters. This administration utility also contains
customizable user personal profile templates, automatic logout when exceeding a pre-set idle session time parameter,
automatic account lockout after exceeding a pre-set number of incorrect authentication attempts, policies for online
authentication credential setup, connections to user stores at SQL databases or LDAP directory services.

Comprehensive Auditing PassEnabler comprehensive auditing capabilities allow logging all user activities,
including those of tool administrators. Extensive query-based search dialogues with rich sets of audited objects allow
complete security reviews and other auditing analyses.