Professional Documents
Culture Documents
AutoPassword
Dynamic Interactive Smart Authentication
Kang, BongHo
eSTORM Co., Ltd. / DualAuth LLC.
April 05, 2018
Automatically generates and enters passwords
Contents RFD
AutoPassword™
• Introduction to eSTORM
• Static memorized password issue
• AutoPassword overview
• AutoPassword basic architecture
• AutoPassword usage and use cases
Dynamic Interactive Smart Authentication
• AutoPassword disruptive features
DualAuth • AutoPassword integration
AutoPassword.com • AutoPassword references and partners
• Contact
Hard to
Exposed to memorize
phishing passwords
attacks
Revealed to Annoying
pharming to enter
attacks passwords
X Free from
password stress
Prevent
Phishing
X
Prevent
Pharming
• AutoPassword concept
• A service eliminates the user’s need to memorize or type password by automatically creating and entering password for you.
• Please click below video link to understand concept in 30 sec and also retrieve “AutoPassword” movie clips in the YouTube.
AutoPassword™ Service
Service Terminal
(Browser, Mobile App, Existing Service Server
PC App, Windows … )
Verifying
Provides Accesses
Service
Authentication Authentication APIs
Service
Windows PC (7/10)
AutoPassword Logon Server
Authentication
Active Directory
1. ID/PW
(Optional)
2. Offline PC OTP Provides Accesses
3. AutoPassword Authentication Authentication APIs
Service
• PC application login
• AutoPassword is good for the login security enhancement of PC application.
• To logon to the PC application, user just enters ID on the login window and click logon to get the Service password.
• Service password will appear under the ID window and at the same time the user will get notification from the server.
• The user validates the service and when it is valid, the user will approve to login to the service.
• AutoPassword can be used as single step single factor or single step multi-factor authentication by turn on fingerprint or PIN
option.
• Also, AutoPassword is affordable for the two step multi-factor authentication which user is authenticated by ID/password
method and then, automatically AutoPassword authentication service will be appeared.
• If there is sensitive information, the service can request AutoPassword authentication again to check user verification.
System Account and VPN login 2nd Step Verification on CLI environment
❶ ❷
Service first asks Mobile Authenticator
user approval generates OTP by using
contexture parameters
Service
Authentication
(Secret Key x Time x Mobile IP x Push ID x
Session ID)
❸
Check the numbers are identical
User approves or
cancels the login
to the service
Service
Authentication
(private key x Time x Mobile IP x Push ID x
Session ID)
User
Authentication
Private Key x Time
Automatic User
Authentication
Fintech IoT
Portal Windows
PKI
Biometric
Authentication
6. Performance Factors
• 300 user login completion per one second
- One login means from initial login attempt to the service login success.
• 8 Core / 8GB Memory
- Shows best performance on the generic servers.
• 1,000 Simultaneous Users
- Concurrent number of users for one server is 1,000 and it is limited because of Tomcat service concurrency.
• 100 Byte for one message
- The size of a message payload from mobile phone to the server is about 100 bytes and requires low bandwidth.
Relay Server
End User Service Connection JDK
• Provides RelayServer Java Application
Customer
Service JRE
JVM • Provides RelayServer Integration Guide and Sample
Host OS • To provide JDK / JRE / JVM Environment
User Terminal
Communication for Customer Service Server
Authentication SSL/VPN
AppStore
• Preparing Authentication Service to government organizations with OPA (government related association)
• Integration has been done and preparing product for customer with Korean Cloud Service provider.
• Integration has been done for SSL VPN 1st step verification and 2nd step verification.
• Registered as IBM business partner and Integration with IBM Security Access Manager has been done.
https://exchange.xforce.ibmcloud.com/hub/extension/22500d4920e3f36aa9b3c67c2ecba585
• Using for enterprise secure network file service solution login protection and groupware login.
• Using for enterprise secure network file service solution login protection and groupware login.
• Using for enterprise secure network file service solution login protection and groupware login.
• Using for enterprise secure network file service solution login protection and groupware login.
• Website: www.DualAuth.com
• Email: sales@dualauth.com
• Phone: +1-813-445-7472
• Phone: 280 Worcester Rd Suite 102 Framingham, MA 01702