SSOcube provides the ESSO functionality not only for Web applications, but also for various types of applications including terminal emulator for mainframes that work on a Windows(R) client machine. Many SSO software products support Web applications only, by providing application programming interfaces (API) that enables customization for the SSO functionality. As such, Web-SSO products require custom development which can increase complexity of implementation and support. Whereas, SSOcube automates the presentation of IDs and passwords, and it also does not require source code changes of target applications. The agent software that communicates with SSOcube recognizes various login screens on the PC and it then enters the user IDs and passwords automatically. By this mechanism, ESSO can be achieved, and can be readily applied to many applications. Thus, SSOcube provides ESSO not only for Web applications, but also for other types of C/S applications that run on Windows(R), including Lotus Notes(R), Acrobat Connect(R), ERP applications, and terminal emulators for IBM and Fujitsu and other mainframe servers. Screen transformation for each target application must first be ‘trained’, and this enables ESSO for various applications. Configuration files for many different applications and training related information will be available from NetSpring’s website. End-User customers can take advantage of this resource for rapid deployment.
ESSO products are also vulnerable to threats if the master login ID and password are stolen. To mitigate this issue, SSOcube offers enhanced Second-Factor Authentication security. It employs a one-time-password (OTP) mechanism which is represented by an OTP made up of numbers arranged according to a pre-configured pattern, derived from amatrix that is displayed on the screen (challenge). The numbers displayed in the matrix are changed at every authentication session. The end user will only be authenticated when the correct information is supplied. The matrix pattern generates dynamic challenge numbers (random numbers), and it is considered more secure than static passwords. This can mitigate the risk of password leakage in using ESSO. This feature is available as a standard function in SSOcube, and can be used with the ESSO function in SSOcube without additional cost. The challenge numbers in the matrix can also be obtained ‘out-of-band’, on a mobile phone. It further re-inforces the security of the ESSO function in SSOcube. This feature is also a standard option of SSOcube.
SSOcube offers all the necessary functionalities such as ESSO, strong matrix-based authentication, user account management and systems management. As a standalone ESSO box, it enables organizations to deploy SSO immediately. In order to mitigate security vulnerability, SSOcube adopts patent proven authentication technologies from i-Sprint,Passlogy, combined with server technologies from NetSpring.
◆ SSO functionality: AccessMatrix(R) product suite (i-Sprint, headquartered in Singapore)
◆ Matrix authentication functionality: PassLogic(R) (Passlogy, headquartered in Tokyo)
◆ Authentication server: AXIOLE (NetSpring, headquartered in Tokyo) subset version
By integrating the above three products, SSOcube is able to offer other various features related to ESSO. SSOcube will inclue features such as authentication by IC cards, smart cards, mobile phones and biometrics and can serve as a SSO hub for the organization. Additionally, SSOcube can leverage NetSpring’s authentication server appliance, AXIOLE as an external user repository and provideESSO functionality to NetSpring’s authentication gateway product, FEREC.
With assistance from ID Networks (headquartered in Tokyo: http://www.idnetworks.co.jp/) with extensive technical expertise in AccessMatrix(R), NetSpring provides technical support not only for small to medium size enterprises using SSOcube, but also for large enterprise which requires systems integration.
◆ Easy deployment, easy management
All the necessary functionalities for ESSO are already embedded in SSOcube. Users can rapidly deploy ESSO with minimal configuration without selection and/or assessment of ESSO functionalities. Configuration and management can be done through a web browser. Administrators do not have to install OS or special software on their PCs. Import and changes of user IDs and passwords can also be done through web browser. ID management, SSO, and matrix authentication are embedded all together in SSOcube. Processing backup of user data, configuration data and other systems data can also be done as part of the All-in-One package.
◆ Strong-Authentication or 2FA server
The matrix authentication mechanism available in SSOcube can be used instead of a password, however, it can also be added to enhance password authentication. It is possible to selectively set for each user account, if matrix authentication is needed. Additional authentication methods such as biometrics and smart cards also be supported on this platform.
◆ Use of External User Repository
SSOcube has a user repository (LDAP) to manage user account information for standalone use, however, it is also possible to point to the external LDAP authentication servers including NetSpring’s AXIOLE and Microsoft’s Active Directory(R).
◆ Application Access Control
SSOcube offers access control features for each application based on user / group.
◆ Audit Trails / Logs
SSOcube can generate report logs that details applications accessed and when. This audit feature together with application access control enables SSOcube to improve productivity and ease of use while enhancing IT controls and policies inside the organization.
◆ ”100 ~ 1000” account Tiering models offers suitability of use by medium size company / departmental use
SSOcube offers a family of 5 models, bundled from a 100 account user package up to 1000 account users capacities.
