(OTP + TAN) / OOB = AZUAN® UNIQUE LEVEL ACCESS


Do you want to offer OTPs and TANs easily and profitably? Then this is what you are looking for.

Azuan® AzULA is the most flexible and simple way of adding an additional authentication factor to your customers.

Azuan® AzULA provides a two-factor authentication system by using a one-time passwords (OTP) and transaction authentication numbers (TAN) with limited duration which are delivered through alternative out-of-band (OOB) communication channels.
Using single use keys allows more control of the authentication process or during the transactions made by users that are outside a
secure network. The keys generated by Azuan® Azula have the following advantages:


Security
Azuan® Azula provides additional security to the traditional user/password system, making the system even more secure than the use of a second password. The solution uses a different communication channel between the company and the user (OOB) to deliver the key to be used when authenticating, which makes it harder for an attacker to intercept the requested key.

Reliability
The algorithm generates semi-random numbers which makes it virtually impossible to predict the next key that will be generated. Number generation is done following the guidelines of RFC 4086 issued by Motorola Laboratories, which specifies the Internet Best Current Practices in Randomness Requirements for Security..

Peace of mind
Any company which uses Azuan® AzULA can be sure that the seeds used to generate each key uniquely identify each user. Therefore, an OTP used by one user cannot be used to authenticate another, and a TAN that is used for one transaction is useless for another. Additionally, Azuan® AzULA uses an innovative combination in which time is included as an additional factor, causing a new key to be generated after a required time has passed (default is 3 minutes). When several seeds are combined into a single one per user, an algorithm based on the Hash Message Authentication Code (HMAC) is applied.

Ease of use
Azuan® AzULA is easy to install and use.
The user can take Azuan® AzULA anywhere he/she takes their mobile phone because the solution was made to work with a large array of mobile phones and to have minimal use requirements (a phone with Java Virtual Machine and the ability to configure the phone so that it has the same time as the server). A separate device (such as a token or card) is not required and a new key is generated every three minutes. To access your application, the user instantly receives a new key. In addition a timer tells the user how much time the current key will be valid. The key can also be delivered outside the Java applet through SMS, MMS, HTTP, and SMTP.

Characteristics

 Uses the most recent OTP/TAN generation algorithms.
 
---------------------------------
Delivers OTP/TAN through diverse OOB channels: SMS, MMS, and SMTP.
 
---------------------------------
Open architecture for easy integration with your systems.
 
---------------------------------
Clients for mobiles are generated on demand, individually for each user.

System, client, and server requirements.

Client

  • HTTP enable application.

Server.

  • Azuan® Server AzXS + AzULA server component
  • Java Wireless Toolkit
  • SMS Direct to mobile, SMS-C Gateway or SMTP Gateway

Mobile Client.

  • Mobile device with J2ME Java Virtual Machine
  • Operating system: Symbian, Windows Mobile, Android, Palm OS, etc.
  • Devices supported: Nokia, Samsumg, HTC, Palm, Sony
  • Ericsson, LG, Blackberry, Motorola, among others.

Other important characteristics

  • Customizable Key validity time (3 minutes default)
  • Alphanumeric OTP of variable length (6 characters by default)
  • Maximum portability to different mobile systems
  • Flexible seeds: Identifier of user, time, transaction, etc.
  • Resulting strings do not contain any of the information used as seed and there is no viable mechanism to obtain this information based only on the OTP/mTAN string.
  • J2ME mobile client is generated for each user individually, achieving the highest security in identity and transaction certification.
  • Flexibility in the delivery of the OTP/TAN string: SMS, SMS-C, MMS/WAP(1) and SMTP
  • Queries to the Azula core via web services or HTTP queries.
  • AzWeb administration interface.

Go to the AZULA Demo Page


AZUAN®
solutions
a single click
away
AZUAN® (571) 226 2080 - Bogotá Colombia - www.azuan.com