Run an all-included service without the necessity for hardware tokens, for all your needs,
with full control and little effort.
No identity management, no local support nor training, no post mail, no specific skills or equipment, no back-office management, able to grow suddenly with little impact.
Self-service:
For users, includes registration, replacement and online training, all requiring a browser only; for IT staff, with nothing to distribute, ready interfaces and full compliance with the existing IAM processes.
Authentication is a critical function. Its unavailability may occur costs and risks. Inadequacies, losses, oversights, prohibitions, low connectivity, low batteries, all must be mitigated.
Multi-tokens:
Tokens for everyone everywhere: trendy smartphone apps from major public stores, SMS code on old-timer mobiles and grid cards for mobile-reluctant users. Registering many kills the need for rescue solution and complex replacements.
The identity of users is confidential; target systems cannot be adapted for stronger authentication; whatever the solution, it should be easy to complement or replaced with another one.
Standard interfaces:
Fast and non intrusive integrations: on-demand interfaces based on standard protocols; no change to the existing IAM repositories; on-the-fly learning of the associations between users and tokens with no storage of usernames.
Authentication is also needed to secure sensitive operations such as payments, subscriptions, and more generally any kind of approvals, including legal contractual signature.
Transactions and signature:
Whatever the token, authentication can be used to approve a particular transaction or document in a non-hackable and non-refutable manner, optionally leaving a legal signature in a PDF document.
So many scary stories about hacking these days, isn’t it risky to bet on software? May the hosting be delegated? Even in the cloud? And how secure are mobile apps in the public stores?
Appliance, encryption and native apps:
Every piece of software is built upon best practices against malicious users or hosting staffs: servers are sandboxed in hardened appliances, data storages are encrypted and mobile apps are delivered as obfuscated native code.