Axiom Protect

What is Axiom Protect

Axiom Protect is a Multi Factor, Multi Layered Identity Protection and Authentication Platform. It transforms security from weak ‘at start’ protection to ‘choice’ driven, ‘continuous’ security enabling organizations to select the security layers which best suit their business needs. Axiom Protect simplifies your IT Security Policy Compliance and secures your business transactions.

What's in it

A Feature Rich, Customizable Solution

OATH time based One Time Password, OATH OCRA Signature One Time Password, Biometric (Facial, Finger-Print, Hand Signature), Device Profiling, Geo Fencing, Digital Certificate, Dynamic Image With Sweet Spot, User Behaviour Analytics, Question & Answer, Password and Push Notifications give enough security layers and options to pick from, to build your own multi-factor authentication solution for your business needs. No other solution offers these comprehensive security layers in one platform.

Innovative Value Adds for Robust Security

Make your security robust with innovative solutions added to the existing layers. These are human intention based security called INTEND, Two Way Push Notification (using push, sms, email), Secure Vault for Storing Credentials, World’s 1st Pure Web Trust SDK, Remote Signing Service (SOTP+PKI), Automated Certificate Discovery, QR Code Security, Handwritten Recognition.

Compliance Taken Seriously

PCIDSS, HIPAA, SIWFT, 3DS2 and most Centrals Banks demands IT Security compliance. Very directly all of them demands need Multi Factor Authentication for web and mobile access. At rest and at transit data is also needs proper access control as well as data protection. VPN and Virtualization needs 2FA in place. All these can be done using Axiom protect, it offers Active Directory Federated Service 2.0 plugin, SAML plugin, RADIUS interface, socket and webservices for integration.

Who can use it

Issue: Corporate Bank users need choice to suit their business style. It will be mostly C level that needs to approve the transactions on the go.  Corporate banking requires three things. The first, the ease of use in terms of security usage, second is the mobility aspect and also third most important factor, non repudiation as the value of transaction is high

 

MFA Approach: is firstly it should have the option of user to choose whether he wants the software or hardware option. Second is that even if the user is moving from one particular device to another device he/she should be able to use the choice of the token. In the background are there should be a provision for digital certificate based non repduation so that each transaction is legally submissiable in the court of law.

 

Recommendation:

  • Pure Software Option: using mobile multi-factor software token with push notification and mobile PKI to address to each transaction with strong authentication and non repudiation.
  • Hardware but it will be limited: using OCRA OATH Signature One Time password (that is hardware token or Web software Token) with remote server signing (using digital certificates stored at authentication server side).
  • Mobile App Security: If you have commerce portal app (mobile web or native app) then use embedded in app security, Mobility trust SDK will be able to give data security, transaction protection, non repudiation, device profiling along with geo restriction.

Issue: Retail banking is all about velocity, volume and value. Volume essentially means that the number of users which will be from different demographic and very large number. Velocity will be ability to deliver the new form of security and with their different lifestyles. Lastly the value is the number of transactions or net worth so that you can decide much time and effort you want to spend on that particular user.

 

MFA Approach: First consideration is “total cost of ownership” investment into new security, it should not increase with the number of users, infact it should decrease over time and more users. Second is high velocity in controlled rollout for large or segmented volume delivery (based on the demographics, geo region, user’s value etc). Lastly new security should be discouraging for hackers and user’s learning should be least.

 

Recommendation:

  • Mobile App Security: If you have commerce portal app (mobile web or native app) then use embedded in app security, Mobility trust SDK will be able to give data security, transaction protection, non repudiation, device profiling along with geo restriction.
  • Web App Security: using continous security that is tracking user behaviour, usage pattern, geo location, devices in the backgorund with strong authentication using Out of Band authentication and transaction approval.
  • Alternate to Web App Security: using transaction value driven authentication using multiple choises of tokens like mobile multifactor software token, two way push notification, hardware token or voice call. This is only ask if it is high risk otherwise allow it.
  • More Option: using image authentication with sweet spot coupled with time based signature one time password to ensure that user is on the right website with additional security for authorization.

Issue: Commerce is very similar to Retail banking is also about velocity, volume and value. However the important difference is the reputation and regulation. Regulation does not mandate too much security so there is no need to over spend. Reputation and brand protection are keen concern in this case. There will be two set of customers too – Customers And Partners (Merchants, Vendors, 3rd Parties Out Sourcing Companies, Regional Operation Team). Both need different form of security.

 

MFA Approach: Most important decision you need to make is what to give to Partners first and then go for customers. First consideration is “total cost of ownership” investment into new security, Second is high velocity delivery in controlled rollout for large or segmented volume delivery and thirdly new security should be discouraging for hackers and user’s learning should be least.

 

Recommendation:

  • Mobile App Security: If you have commerce portal app (mobile web or native app) then use embedded in app security, Mobility trust SDK will be able to give data security, transaction protection, non repudiation, device profiling along with geo restriction.
  • Web App Secuirty: Partners should be given Strong authentication token (Software token Or Out Of Band One Time Password Token) with access policy enforcement to ensure they are well protected. And for large volume customer base use continous security that is tracking user behaviour, usage pattern, geo location, devices in the backgorund with strong authentication using Out of Band authentication and transaction approval.
  • Alternate for Web App Security: For partner and customer both use image authentication with sweet spot coupled with time based signature one time password to ensure that user is on the right website with additional security for authorization.

Issue: News, Publishing and Data Companies are the easiest target for hackers as there is no regulation enforcing IT security on them. However you as News corp or Data Company has a lot to risk in terms of Brand and Reputation. There will be two set of customers too – Own Employees And Partners (Merchants, Vendors, 3rd Parties Out Sourcing Companies, Regional Operation Team). Both need different form of security.

MFA Approach: There will be daily access from remote or office premise by employees and partners. You need to give stable, solid, reliable security with “total cost of ownership” investment into new security should also reduce over time. Same Security should be able to handle email, remote, CMS portal, server ssh access and application access.

Recommendation:

  • Give software and hardware token with Software One time password (plus Push notification for each login to their trusted device) generation to your employees. Give time restricted access temparory tokens to partners (ideal will be software or Out of band token).
  • Integrate this new form of security with your VPN Remote Access (using RADIUS), Outlook and Office 365 Access (using Active Directory Federated Access 2.0 plugin) to ensure the perimeter authentication to get inside is well protected.
  • Integrate using Authentication Web Service with your core CMS for enforcing multi factor authentication for employees as well as partners.

Issue: Financial, Insurance and Regulation esp. in context of BFSI industry are going through massive disruption. Also to gain the confidence of end user and partnering Bank/insurance Company, you need to consider security at its heart as they do not trust youu system and it might be the vulnerable spot. There will be two user sets of your system- Customers And Partners (Merchants, Vendors, 3rd Parties Out Sourcing Companies, Regional Operation Team). Both need different form of security.

 

MFA Approach: Integrate proven security similar or better than banks into your workflow and system. You will need to convince regulations and partner banks of the same or better security which typcially will be ensuring them all is safe and secure esp. data and access between each other.

 

Recommendation:

  • Mobile App Security: If you have mobile app (mobile web or native app) then use embedded in app security, Mobility trust SDK will be able to give data security, transaction protection, non repudiation, device profiling along with geo restriction.
  • Web App Secuirty: Partners should be given Strong authentication token (Software token Or Out Of Band One Time Password Token) with access policy enforcement to ensure they are well protected. And for large volume customer base use continous security that is tracking user behaviour, usage pattern, geo location, devices in the backgorund with strong authentication using Out of Band authentication and transaction approval.
  • Alternate for Web App Security: For partner and customer both use image authentication with sweet spot coupled with time based signature one time password to ensure that user is on the right website with additional security for authorization. Another option is Continous Security.

Enable great value is Facial biometric and recognition to facilitate faceless, no branch visit and no in person onboarding with complete eKYC (You Know Customer) will also bring great cost reduction, automation and efficiency.

Issue: Apart from selling certificates Class 1,2 and 3 is very restrictive way of conducting CA business. There is oppurtunity in web, mobile and thinking our applications around digital certificate and non-repudiation can facilitate cloud with. Customers from Government and BFSI are looking for new ways of authentication and security that opens new doors for you.

 

MFA Approach: Extension of the core certficates services can be transformed into a end to end platform that gets deployed at client premise or dedicated cloud instance. The platform gives customer complete control to self manage their tokens (software, hardware), certificates, applications and synchronize the users with their LDAP/Active Directory. In addition, they can have certificate monitoring and scanning tools along with mobile and web browser

 

Recommendation:

  • Use certificate manager for issuing free and commercial certificates for the company. Free ones also give you a lot of value as customer will stay with you. You can also issue mobile and desktop with certificates to the users and applications.
  • Use certificate discovery tool for monitoring all the servers and apps in terms of validity and expiry along with security. Web vulnerability scanning can also be part of this system that you wish to give to customer.

Give cloud or onpremise facility to deploy CA extension management platform. All are possible with axiom protect platform that can become extension of your core CA engine.

What our clients have to say