Technical Specifications


​​​​​​​​​

​KEY FEATURES

Identity assurance and access control

  • Strong 2FA of OTP
  • Multi-tenant ready architecture
  • Comprehensive audit logging and reporting
  • Clustering and load balancers support for high-availability and disaster recovery
  • Application firewalls support
  • Centralized web-based administration for managing the system​

OS

  • Red Hat Linux
  • Windows 2012 and 2012 R2
  • Windows Server 2008 R2

A Flexible solutions supporting open standards

  • Supports a wide range of 2FA tokens, both hardware and software
  • Lightweight Directory Access Protocol (LDAP)
  • Remote authentication dial-in user service (RADIUS)
  • Java application programming interfaces (APIs)
  • Initiative for Open Authentication (OATH)

Authentication & signing methods

  • OATH, OCRA (event-based, time-based)
  • EMV CAP
  • OATH Dynamic Code Verification
  • Dynamic signature enhancements

Authentication & signing form-factors

  • Mobile-based Authentication
    • SMS OTP
    • Mobile Token
    • Mobile Out-of-Band (Push Notifications)
  • OTP Tokens
    • 1 button
    • PinPad
  • EMV CAP readers
    • Connected or unconnected
  • Dynamic CV cards and mobile

Webserver

  • Apache Tomcat
  • IBM WebSphere
  • The chosen architecture allows "High Availability" and "Fail-Over" configuration relying on operating systems, databases and monitoring mechanisms.

Databases
CAS stores OTP related data and user data if needed (DB mode) in:

  • Oracle
  • MySQL
  • IBM DB2
  • MS SQL
  • Firebird
  • Any other SQL database could be supported through a specific development

User repository
CAS can be connected to the following LDAP when users' accounts are managed externally (mixed mode):

  • Microsoft Active Directory
  • Novell eDirectory
  • Open LDAP
  • Any other LDAP could be supported through a specific development

Authentication services interface

  • Web Service REST API
  • RADIUS requests
    • Microsoft NPS
    • ​FreeRADIUS
  • AD FS

Security modules

  • SafeNet Network API
  • SafeNet PCI-E HSM​
  • SafeNet Payment HSM
  • Thales PayShield 9000
  • Software Security Module
Performance
  • One Gemalto CAS node supports 400 OCRA transactions per second