Comsign Authenticator

Methods of delivering the OTP

Comsign Authenticator delivers one-time passwords through the below optional OTP components:

• Hard token (hardware) – a token or a card.
• Soft token (software) – a mobile app.

How does it work?

Comsign Authenticator system is comprised of an Authentication server and personal tokens. Each token contains a unique seed based on a symmetric key and runs a password generation algorithm. The algorithm generates one-time passwords based on the seed and these methods:

• Time-based OTP (TOTP) – a new OTP is generated frequently, every predefined interval of time (e.g. 60 sec), in synchronization with the UTC clock.
• Event-based OTP (HOTP) – a new OTP is generated for each event (e.g. by pressing a button on the OTP device).

The generated OTP, combined with the user’s personal identification number (PIN), creates a passcode. This passcode is unique and extremely difficult to hack.

When a user attempts to gain access to an organization’s critical application or a VPN for instance, he is required to type his one-time password which is displayed on the token and his PIN. The passcode is sent to Comsign Authentication server which verifies it and decides whether to permit or deny access to the user. The communication between the application and the Authentication server is highly secured and data is protectedWorks anywhere, no internet is required

With Comsign Authenticator users do not need to worry about any internet/cellular or network connectivity issues. The Comsign mobile app algorithm doesn’t require internet connectivity to generate OTPs and not even a SIM card. With this mobile app users can work from anywhere, including airplanes using Airplane mode.

Wide variety of supported applications

Comsign Authenticator can protect every application that supports Radius server for authentication, including VPN and databases that require strong authentication. Among the supported applications and vendors, you can find the below:

• VPN – Checkpoint, FortiGate, Cisco VPN, Juniper (Junos), Citrix Secure Access Gateway and more.
• Database – PostgreSQL and Oracle.
• Internet websites – running on IIS or Apache.
• SSH
• Linux workstations – using GDM and KDM.

 Easy to install and deploy

Comsign Authenticator system can be installed by simply running a step-by-step installation wizard which is delivered as part of the installation kit. It is highly recommended to install it on two servers, Windows or Linux, to achieve High-availability.

Data base support

• Wide coverage – Comsign OTP supports all major database platforms such as Oracle, SQL Server, MySQL, IBM DB2 and more.
• Internal database – Comsign OTP installation kit includes an independent internal database which organizations may choose to work with.
• Database clustering – with Comsign OTP an organization can manage a group of identical data base servers, running the same schema, by a single instance of a data base server.
• Database replication and High-availability – Comsign OTP provides Database replication capabilities to obtain high-availability of data. Even if an instance goes down, the data is still available from other instances in the cluster. (Replication is a form of clustering where all instances in the cluster have the same schema and data.)

Easy to provision

Once users have been authorized as Comsign OTP users, the system automatically delivers the mobile app in two different ways:

• Sends a ‘download app’ option directly to each device as a Software update notification.
• Sends download instructions via email.

Friendly user interface

Comsign OTP mobile app presents functional and easy-to-use graphical user interface which enables the below:

• Biometric access to app using a fingerprint.
• Export seeds to another device.

 Comsign Radius Authentication system

Comsign OTP system lets organizations control and manage their users through a simple and intuitive web-based console.

Console’s key features:

• Dashboard – displays a ‘Live Activity’ report of all access attempts, including their result, e.g. access accepted or rejected, time stamp, user name etc.
• Create User – creates a new user or pulls an existing user from Active directory.
• Edit User – Sets user’s details such as email, phone, token type (TOTP/HOTP) and more.
• Settings / Users Management – creates users who are authorized to access the Comsign Radius Authentication system and assigns their permissions.

Advanced troubleshooting

Comsign OTP solution helps organizations to detect and fix problems by generating logs for troubleshooting, which provide information that often reveal the problems’ root cause. The below log types are produced by the Authentication server:

• Authentication log – records all login attempts, failed and successful, and provides essential information such as authentication’s failure reason.
• Error log – records application error messages and useful information that help troubleshooting problems and diagnosing their root cause.

Various ways to access logs

Comsign OTP system delivers and displays logs through various ways:

• Database
• EventLog
• Log files
• ColoredConsole – Writes log messages to the console with customizable coloring.
• Console – Writes log messages to the console.
• Mail
• Network – Sends log messages over the network.
• Websrevice – Calls the specified web service on each log message.

And more…