Authentication Server


​​​​Gemalto Confirm Authentication Server: The foundation for secure and convenient digital banking​

​​​​​​​​​​​​​​​​Digital banking is changing fast with ever-evolving standards, new threats and demanding consumers. Gemalto's Confirm Authentication Server (CAS) is a high-performance authentication engine which allows banks to protect their customers' identities and transactions at all times. Able to support multiple technologies and devices, this field-proven solution is the bedrock of secure and convenient digital banking services.

The multi-channel, have-it-your-way, multi-technology eBanking, eCommerce authentication server

Simple and easy deployment & operations

This server works with multiple operating systems and server configurations and modules support industry standard protocols for seamless integration with existing bank architectures. Admin and User features are available through Web Service REST API. It allows banks easy integration in their existing portal, further admin and user features​

Why complicate thin​gs when what’s important is getting the right tokens to the right customers – fast. Enjoy a quick and simple token integration with Gemalto CAS.​​​

Field-proven​​

​​The Gemalto Con​​​firm Authentication Server authenticates millions of online banking and e-commerce users every day, authorizes remote access and internet transactions and protects sensitive data from fraudulent online attacks. Various devices can be used, in combination, to provide a secure, yet flexible authentication realm. This allows banks to offer different channels - all being authenticated with the same server.​

Secu​​re implementation​​​

​​​​​Gemalto CAS has been designed and approved by both internal and external security audits. In addition, to provide the most advanced level of user identity protection, the software security module or an external hardware security module (HSM) is linked to an authentication server to store and use cryptographic keys. Using standard frameworks and protocols such as HTTP/HTTPS, authentication modules interact with existing data servers to maintain and update user authentication information. Multiple database options are supported.

Ezio-CAS-diagram.png

Futu​re proof

Future Proof

​Our solution is open and scalable and supports either an on premise or cloud deployment model. 

With Gemalto Confirm Authentication Server as your authentication solution you can secure your current investment as well as technology roadmap for the future. 

Multipl​e technologies​​

​​​Gemalto CAS is compliant with open standards and advanced authentication technologies. It supports both standard multi-factor authentication such as One Time Passwords (OTP) and Challenge/Response, and more advanced transaction verification and signing methods such as EMV/CAP/DPA, OATH and OCRA and the Gemalto patented Dynamic Signature technology.

​​

​​​Ezio Toolkit​

​​​​Ezio Toolkit Fast DeploymentThe banking business is changing and the need for cutting edge security solutions has never been bigger. Leveraging on successful online banking deployments worldwide, Gemalto presents a flexible and versatile SDK and software toolkit for strong authentication – the Gemalto Toolkit. 


Gemalto Toolkit supports major authentication technologies; standard multi-factor authentication such as One Time Passwords (OTP), Challenge/Response and Transaction Data Signature as well as device data management. It is based on open standards.

The Gemalto Toolkit has been designed to support the changing needs of the online banking business. Its modular and scalable approach allows for fast and simple roll-out of two-factor based authentication devices – accelerating time-to-market and enabling a seamless integration to existing backend solutions.

Being part of the Gemalto Digital Banking Suite, the Gemalto Toolkit enables state-of-the-art online banking security easily integrated with existing back-end systems securing online banking authentication and transaction signing.

Multiple chan​​nels and devices​

​​A key benefit of the Gemalto CAS is that it allows banks to pick and mix from our selection of channels and installations – from eBanking, mBanking, phone banking and from eCommerce to eBroker or Multi-Issuer setups. Or even as an Authentication-as-a-Service setup.

Multiple Channels and Tokens 

Thanks to its unique flexibility and the ability to support several authentication devices and solutions simultaneously, the Gemalto Confirm Authentication Server allows you to easily segment your customer base to support different customer needs. It allows banks to assign different kind of security devices for different use cases based on risk profile, usage pattern and preferences.

​​

Techn​​ical Specifications​

​KEY FEATURES

Identity assurance and access control

  • Strong 2FA of OTP
  • Multi-tenant ready architecture
  • Comprehensive audit logging and reporting
  • Clustering and load balancers support for high-availability and disaster recovery
  • Application firewalls support
  • Centralized web-based administration for managing the system​

OS

  • Red Hat Linux
  • Windows 2012 and 2012 R2
  • Windows Server 2008 R2

A Flexible solutions supporting open standards

  • Supports a wide range of 2FA tokens, both hardware and software
  • Lightweight Directory Access Protocol (LDAP)
  • Remote authentication dial-in user service (RADIUS)
  • Java application programming interfaces (APIs)
  • Initiative for Open Authentication (OATH)

Authentication & signing methods

  • OATH, OCRA (event-based, time-based)
  • EMV CAP
  • OATH Dynamic Code Verification
  • Dynamic signature enhancements

Authentication & signing form-factors

  • Mobile-based Authentication
    • SMS OTP
    • Mobile Token
    • Mobile Out-of-Band (Push Notifications)
  • OTP Tokens
    • 1 button
    • PinPad
  • EMV CAP readers
    • Connected or unconnected
  • Dynamic CV cards and mobile

Webserver

  • Apache Tomcat
  • IBM WebSphere
  • The chosen architecture allows "High Availability" and "Fail-Over" configuration relying on operating systems, databases and monitoring mechanisms.

Databases
CAS stores OTP related data and user data if needed (DB mode) in:

  • Oracle
  • MySQL
  • IBM DB2
  • MS SQL
  • Firebird
  • Any other SQL database could be supported through a specific development

User repository
CAS can be connected to the following LDAP when users' accounts are managed externally (mixed mode):

  • Microsoft Active Directory
  • Novell eDirectory
  • Open LDAP
  • Any other LDAP could be supported through a specific development

Authentication services interface

  • Web Service REST API
  • RADIUS requests
    • Microsoft NPS
    • ​FreeRADIUS
  • AD FS

Security modules

  • SafeNet Network API
  • SafeNet PCI-E HSM​
  • SafeNet Payment HSM
  • Thales PayShield 9000
  • Software Security Module
Performance
  • One Gemalto CAS node supports 400 OCRA transactions per second

 Download

 What customers are saying

In Gemalto's new platforms and services model, we have found a proven technology partner that can also offer the flexibility and scalability necessary to evolve with this fast-changing marketplace. Artie Debidien, ICT & Operations Manager, Knab, Netherlands​​
[Gemalto Ezio solution's] unrivaled scalability and user-friendliness is making a substantial impact and increasing our customer confidence and adoption. The Ezio Authentication back-end also proved to be very swift and smooth to install meeting our challenging time schedule. Enrique Guadamuz, Executive Manager of Innovations and Technology, Banco Nacional de Panamá​
We have selected the flexibility and scalability of Gemalto’s Ezio server, because it can easily support multiple strong authentication devices, and expand into the mobile phone and optical reader technology. Quinten Fraai, General Manager Direct Channels, ING, Belgium​​​​