Gemalto's OTP - You Hold Your Own Keys
Gemalto’s takes your security very seriously and has
leveraged our strong background in security to design an
OTP solution ensuring your OTP keys cannot be compromised while being easy
to deploy and use. With multiple form factors (OTP token, OTP display card,
mobile OTP app), Gemalto has the right product to meet your needs. Some key
advantages to the Gemalto solution are:
Your Keys are Secure:
Easy and Flexible Deployment:
Random Key Generation (No Master Key) - Each
key (token seed) is randomly generated using secure crypto-processor HSM
(hardware security module). This ensures that no one person can have
unauthorized access to your OTP seeds.
No Individual Key Access – With no master key, and
using an HSM to generate true random seeds, no one person has the ability to
access or remove OTP keys. This ensures that no one can walk away with a master
key and no one terminal would be able to gain access to the token seed
Secure Key Management – Keys are communicated and
managed using the same system designed and certified for managing bank account
holder data in credit card production (process certified by MasterCard and Visa)
protecting over 500 million users records to date.
Live Provisioning (No Key Storage) – By using a
.NET based connectable OTP device (token or card) and/or mobile OTP products
does not require key storage by providing on-site provisioning of the device
where key generation on your premises. Gemalto does not store your keys.
Getting Started and Maintaining OTP Deployment
Co-exist with other security devices – If you
are in the process of phasing out one vendor and moving to Gemalto, the
Gemalto OTP solution can co-exist with your other authentication provider.
Open API – Gemalto provides an open API to provide
the ability to easily integrate with existing applications and Gemalto SA
Simple Authentication Server Installation –
Server can be installed on existing infrastructure and take less than ten
minutes for initial configuration. The server work with leading identity store
providers (i.e., Microsoft Active Directory) and can quickly sync between the
authentication server and existing user information for OTP seed provisioning.
Protiva Strong Authentication Service – A
flexible service offering to meet your business needs for implementing
strong authentication without the management overhead or OPEX needed to
provide OTP device fulfillment, user on boarding, and management of OTP
authentication. (Link to Protiva Strong Authentication Page)
Multiple OTP Form Factors – With the
solution, you have the option to provide different form factors to meet your
users’ specific needs. The form factors include a OTP token, OTP display card,
mobile OTP app
Automated Seeding Process – By syncing with an
existing identity store, SA Server simply links an OTP seed with the user
account. This allows the user to self-activate once they have received their OTP
device or downloaded the mobile OTP app.
Complete Fulfillment Service – Why maintain a
stock of OTP tokens? Gemalto can provide complete OTP fulfillment including
order handling, packaging, shipping, tracking and provisioning the OTP
hardware device (token or display card). For the mobile OTP app, Gemalto
provides a portal for redirection to appropriate app store based upon the
user’s smart phone device (i.e., redirected to Apple app store for iPhone
No Batch Fulfillment Requirement – Gemalto will
ship an individual hardware OTP device to and individual end user or provides
the option to ship in batches to a central distribution point.
Webstore Option – Gemalto can create a custom
webstore for your users to order their OTP device and provide shipping
information. For cost allocation, each device or batches of devices could be
purchased through the webstore attributing the cost to the specific group or
cost center associated with the user. .
Back to: Overview
Back to: Certificate Based Authentication
Identity and Access Solutions Overview