i-Sprint Innovations: Universal Identity, Credential and Access Management Solution

i-Sprint Innovations (i-Sprint) is a premier Identity, Credential and Access Management Solutions provider for global financial institutions and high security sensitive environments. i-Sprint maintains the highest value and reliability rankings among its clients, and is one of the most recognized names in the financial world. http://www.i-sprint.com/


UNIVERSAL IDENTITY, CREDENTIAL AND ACCESS MANAGEMENT SOLUTION


i-Sprint AccessMatrix™ UNIVERSAL AUTHENTICATION SERVER

AccessMatrix™ Universal Authentication Server (UAS) enables organizations to deploy a wide variety of authentication methods to address the business requirements for strong authentication and evolving authentication mechanisms, through a single, unified framework. AccessMatrix™ UAS is a future-proof authentication infrastructure. It supports multiple authentication mechanisms for strong authentication and authorization requirements. UAS enables organizations to rapidly deploy a wide selection of authentication methods to address their authentication requirements. Based on the proven AccessMatrix™ Integrated Security Architecture, UAS provides security Administration, Authentication, Authorization, and Audit services (4As) for business applications. 2FA implementations includes:

  • Security services APIs for application integration and shield the complexity of token integration
  • End-to-End Life Cycle Management for OTP Tokens
    Radius ready server to integrate with network devices
  • Administration module for administration delegation and user management
  • Audit and reporting module
  • HSM interface to leading brands of HSM devices
  • Administration module for administration delegation and user management
  • PIN mailer interface for mail merge and secure printing
  • Enforcing password policy in addition such password history, password aging, password quality check, etc

Supports for multiple authentication methods such as IDs/Passwords, dynamic passwords, certificates, biometrics, or security tokens is achieved through a simple Pluggable Authentication Module (PAM) approach. The selection of the authentication methods can be done without changing the source code of the application. Benefits include reduced cost, time to market and minimal effort for customization or “hardcode” of the application. With AccessMatrix™ UAS, multiple web applications and network devices allow access to a common set of security services via tight integration with the AccessMatrix™ security server.

Ready To Deploy Solutions

Some of the AccessMatrix UAS Modules include:

  • Token Management Module for Hardware and Software tokens from various vendors (VASCO, RSA, GEMALTO, OATH compliant vendors, etc.)
  • E2E Encryption for PIN and Transaction Protection
  • Short Message Service (SMS) One Time Password for VPN Access
  • Short Message Service (SMS) One Time Password for Web Access
  • AM Module for leading authentication servers and tokens such as IBM Tivoli Access Manager, CA SiteMinder, Sun ONE ID Manager, etc

i-Sprint AccessMatrix™ UNIVERSAL SIGN-ON

AccessMatrix Universal Sign-On (USO) is a non-intrusive Enterprise SSO solution that enables organizations to achieve single sign-on to multiple applications and systems. In most organizations today, users are often required to remember many IDs and passwords in order to perform their various job functions. By deploying our enterprise single sign-on solution, our clients will improve staff and customer satisfaction, resulting in improved productivity and reduced administration costs. Client/server, host-based, Java-based and web-based applications are supported without source code changes. Unlike other single sign-on products, manual client software installations are not required on the users’ desktops.

The USO solution is built on the AccessMatrix security server. By leveraging on the AccessMatrix security server as the single sign-on server, the user benefits from additional security services like administration, audit and application level authorization. USO’s facilities for auto-installation, auto-configuration and self- service greatly simplify deployment and reduce maintenance effort. The central security server stores the users’ security- related properties for each application.


i-Sprint AccessMatrix™ UNIVERSAL ACCESS MANAGEMENT

Web Access Management, Federated SSO & Externalized Authorization Management

AccessMatrix™ Universal Access Management (UAM) is a comprehensive web single sign-on (SSO), web access management, federated single sign-on (SSO), externalized authorization management, and hierarchy-based delegated administration system. Leveraging on the AccessMatrix™ technology, UAM fulfils the most rigorous form of application security by providing secure Administration, Authentication, Authorization, and Audit services (4As) to business applications within your organization. Built on the regulatory requirements and standards in banking & finance sector, UAM enables custom enterprise / internet applications to access a common set of IAM (Identity & Access Management) services and lowers the integration cost.

Improving Application Security

UAM provides a set of security APIs for developers to tightly integrate web and non-web applications. With UAM’s Web Security Agents (WSA) and Application Security Agents (ASA), access to the resources within web servers and application servers are protected based on the access control policy defined by the security administrators.

This policy-driven approach greatly simplifies user administration and application integration. UAM is built on the AccessMatrix framework and UAM inherits the salient features of AccessMatrix, in addition to its own features.

 

PROVIDING FLEXIBLE AGENT TECHNOLOGY AND POLICY-DRIVEN ACCESS CONTROL

The UAM security infrastructure is designed to secure multi-tier applications, either web-based or non web – based, running on multiple heterogeneous platforms. The AccessMatrix hierarchical model allows organizations to deploy a single security infrastructure for easy integration with multiple applications. All access control decisions are made by the AccessMatrix security server. The UAM solution is highly scalable, promotes software re – use and reduces application maintenance and support efforts.


i-Sprint AccessMatrix™ UNIVERSAL CREDENTIAL MANAGER

AccessMatrix™ Universal Credential Manager (UCM) provides a virtual password safe deposit box with strong encryption using HSM devices to store privileged account IDs and passwords (aka credentials). UCM provides the security features to address the major audit and operational challenges faced by organizations in managing credentials and its session activities. The common challenges are:

  • Manual Management of IDs and Passwords
  • Lack of Privileged Session Activities Tracking and Control
  • Hard-coded Privileged IDs and Passwords in batch jobs and applications
  • Provide forensic trails and visual recording of privileged access to critical servers and computing resources

What Does UCM Offer?

Privileged User Access (PUA) Module: UCM provides a secure approach with multi-level approval flow and empowers organizations to manage security administrators to retrieve and deposit privileged credentials. This enables authorized users to check in and check out privileged credentials to perform their duties or during emergency situations.

Interactive features include:

  • Flexible access control for credentials based on reporting hierarchy
  • Audit trail with command captures and video session recordings
  • Strong authentication with multi-factor authentication support
  • Multi-level dual control workflow approval
  • Manual, single-sign-on or auto login into target resource after check-out
  • Automatic password management using agent-less technologies
  • Flexible APIs for integration with external workflow or ticketing software

Privileged Session Manager (PSM) Module: UCM provides add-on Windows RDP Gateway Recorder and set of network protocol Proxy Modules to monitor and record privileged sessions. It supports video and keystroke recording playback for forensic analysis. It also supports command access control for selected protocols.

Application Password Manager (APM) Module: UCM enables organizations to retrieve user IDs and passwords for specific applications during run time so that the user credential information does not need to be hard-coded in applications or command files. UCM provides two integration approaches:

  • Application APIs – a set of flexible and simple APIs retrieves the current IDs and password from the UCM server
  • Audit Password Consumers – Enables dynamic and transparent replacement of IDs and Passwords in command protocols such as ODBC, JDBC, ADO.NET, Windows and Unix scripts

More information

Contact Bangkok System Software, the authorized distributor of this product in Thailand, at Kris, IT Security Solution Manager via 085-552-2333 and krisnawani@bangkoksystem.com for more information, request for presentation and demonstration or price inquiry. You can also visit vendor's website at http://www.i-sprint.com/.