Strong Authentication, Anti Phishing and Anti-Fraud

engita
home  |  server  |  devices  |  applications  |  authentication as a service  |  company  |  contacts
demo_highlights_1.png
IRETH IAP800
Strong Authentication & Anti Fraud

IAP800® has been the first worldwide full OATH Strong Authentication Solution. OATH is the reference standard for modern authentication solutions to IT resources.
IAP800® can also integrate a powerful Anti Fraud Engine (through the IRETH AFT algorithm), allowing total on-line transaction integrity and security.
The deployment of the IAP800® authentication infrastructure can be acquired also as a service (SAAS mode, for smaller organizations).
IAP800® is particularly suited to secure Strong Authentication services for Home Banking, on-line Payments, Remote Access, Web-Health, e-Auctions, etc.

IAP800® is a solution:

  • Zero Client Impact: its authentication devices work in unplugged mode without any connection, desired feature for successful web retail services
  • Full OPEN: it allows companies to be "Un-Bound" from monolithic proprietary logics of a unique vendor, allowing to focus on the service quality. Server platform and OATH devices can be changed anytime with other OATh devices.
  • Complete: both server and client side.
    Server side, the solution has all the features of a full OATH Authentication server and furthermore presents an Anti Fraud Module, able to manage transactional on-line services, ensurign total protection from any falsification during critical data transfer.
    Client side, IRETH produces several authentication devices: from authentication Displaycards to Tokens, from Paayment Displaycards to Phone Apps (compliant with App Google Authenticator), OTP via SMS, etc.
  • Scalable: in terms of huge amount of users and concurrent accesses.
  • Integrable: Web Services, Radius, RAST. No effort is required for client application integration; IAP800® is perfectly interoperable with any other security platform (IAM, AC, SSO, Remote Signing, Digital Sign Systems, etc.).
  • Secure: even in terms of "business continuity", thanks to High Reliability schemes.
  • Flexible: in terms of evolution and customization, being able to add several useful funcionalities for new authentication, fraud protection, payment services, etc.
READY TO THE REAL WORLD
A Complete Suite of Devices
Client side, IRETH proposes several authentication devices, with OATH algorithms (HOTP, TOTP, OCRA) or other algorithms developed by IRETH (RCR, CRT, AFT).

The best among IRETH OATH devices are D800™ Series,  easy to use and portable Displaycards, in OATH standard, event-based (HOTP), time based (TOTP) or OCRA Challenge-Response.

D800™ Series Displaycards can also integrate financial functionalities: secure authentication and financial services combined in only one device, the D800™ Pay Displaycard.

However IAP800© fully supports also many other devices both hardware (tokens) and software (Phone App), even custom-made (one OTP per request, OTP list for next authentications, OTP only device).

The simple and effective working logic is obtained since the user, in order to authenticate itself to the remote service, uses credentials composed by three elements:

1 - One UserID (something he knows)
2 - One PIN (something he has, for example the device serial number)
3 - One OTP code (one time generated by device)

Get Adobe Flash player

IAP800 VERSIONS
Different Editions for Different Requirements

IRETH proposes on the market different editions of IAP800®, in order to fully satisfy all the different requirements from its customers. In particular:

  • Multi-Level Administration: it allows to create sub-groups of OTP devices, that can be administrated independently from other groups through dedicated administrators.
  • Supported Algorithms: IAP800® can manage any type of OATH standard device and can support several other algorithms like IRETH RCR and CRT for authentication issues or AFT Anti Fraud for the on-line transactions integrity.
  • Fraud Detection: Through many customizable filters, the FD module provides several utilities to detect frauds, like the verification of access requests reliability referred to space and time, the verification of geographical IP, the real-time alarms management, etc.