MFID SECURE ACCESS

AND AUTHENTICATION
The threats from within are increasing on a
daily basis. 78% of all information security
breaches happen internally

Innovation For You

Private and Confdential -INNEFU LABS

ABOUT INNEFU LABS

ABOUT US

Team Forty Two B.Tech / M.Tech inclusive of

Senior Management consisting of three IIT
Alumni
Largest trained manpower for Cyber Intelligence
available with a private company in India
More than three years of experience in Cyber
Intelligence

Private and Confdential -INNEFU LABS

Research Oriented Information Security

Organization

CONTD.

Patent Pending Technologies

Caf Surveillance
Tactical Internet Monitoring System
Two Factor Authentication

Copyrighted Products
Intelinks

Link Analysis and Data Mining for

different sets of Data including CDRs, Interrogation
reports etc

Private and Confdential -INNEFU LABS

Cyber

TWO FACTOR AUTHENTICATION

Unbreakable security for Mails, fnancial
transactions
99% security from phishing attacks and
infections
Only Indian company to have developed
indigenous Hard Token

Private and Confdential -INNEFU LABS

INTERNET MONITORING SYSTEM

Indigenously Developed
Deployed in UP Proven to be better than
existing system

Private and Confdential -INNEFU LABS

DATA MINING AND LINK ANALYSIS

Created on lines of i2
Interrogation reports Management System

Private and Confdential -INNEFU LABS

CYBER CAF SURVEILLANCE

Map uses identity to his mobile phone number
Activity monitoring for suspect mobile phones

Private and Confdential -INNEFU LABS

PARTIAL LIST OF CLIENTS

Private and Confdential -INNEFU LABS

AGENDA
Why do we need Two Factor Authentication?
What is Two Factor Authentication?
Different Tokens with their architecture
Different Applications

Private and Confdential -INNEFU LABS

DATA CENTRE ARCHITECTURE

(ASSUMPTIONS)

Web and Application Servers Critical

Applications

Firewalls / IPS / IDS /

UTM

Private and Confdential -INNEFU LABS

Email Servers

Database
Servers

Private and Confdential -INNEFU LABS

INDIVIDUAL INFORMATION
SECURITY - CURRENT

Private and Confdential -INNEFU LABS

Data Leak prevention / IPS / IDS

Anti Virus

Firewalls

People and Processes

Connection to Internet, Barring Pen Drives etc

ORGANIZATIONS TODAY ARE USING UTM,

etc

FOR

COMPREHENSIVE

PERIMETER SECURITY. AS A HACKER,

WHO WOULD YOU IDENTIFY AS THE
WEAKEST LINK IN THE CHAIN?

Private and Confdential -INNEFU LABS

IPS

Point of Attack

Authentication Response

Private and Confdential -INNEFU LABS

User Name, Pwd

IDENTITY THEFT
Fastest

growing white collar crime

900,000 new victims each year

Cost to businesses more than $50 billion

Cost per incident to company $6,383

Hours

spent per victim resolving the problem as

shown by identity theft statistics: 30

Private and Confdential -INNEFU LABS

Private and Confdential -INNEFU LABS

Private and Confdential -INNEFU LABS

POINT OF ATTACK
Individual Ministry officers

IT Managers of respective departments

Private and Confdential -INNEFU LABS

METHODS OF ATTACK

Private and Confdential -INNEFU LABS

Viruses
Targeted Phishing

Worms

Trojans

 Map

Unique Two Factor Authentication Mechanism

Identify

the user based on

Something

he knows (user name / password)

Something in the users possessions

Private and Confdential -INNEFU LABS

the physical identity of the user to the

server

INNEFUS AUTHSHIELD OTP

GENERATION
Private and Confdential -INNEFU LABS

E-Token

Smart Phone BB /iphone / Android

Hard Token

SMS

HARD TOKEN

The token generates a new password

after every 90 seconds
Each token is unique to the user and
synchronized with the AuthShield
server based on time
The password is based on a pre defned
unbreakable randomized algorithm.

Private and Confdential -INNEFU LABS

Security device (Hard Token) given to

authorized users

HARD TOKEN IDENTIFYING THE

USER ON THE BASIS OF HIS KEY
User Name, Pwd and OTP

Client s Application Server

LDAP / MS Active Directory

User Name, OTP

1. OTP verified by IAS server

2. User Name / Pwd
authenticated normally

Private and Confdential -INNEFU LABS

User Name, Pwd

3. All requests are SSL

encrypted
Innefus AuthShield Server
(IAS)
The architecture may change based on the deployment architecture

SOFT TOKEN Encrypted request sent to AuthShield

server with the User Name

IAS server generates a One Time

Password (OTP) and sends it to the
registered Mobile Phone Number
The database of numbers may be stored
in the IAS server or sent with the
request
The user logs in with the OTP provided
to him via SMS

Private and Confdential -INNEFU LABS

SOFT TOKEN IDENTIFYING THE

USER ON THE BASIS OF HIS PHONE
User Name, Pwd

User Name

OTP Verification

True Authentication

OTP Sent via SMS

Private and Confdential -INNEFU LABS

True Authentication

Authshield Server

SMS receiving Capable Device

MOBILE TOKEN FOR SMART

PHONES

BB/ iPhone / Android

Application sends a request via

GPRS / 3G connection to the IAS
The server generates an OTP and
sends it back to the device
Available for all smart phones

Private and Confdential -INNEFU LABS

Application installed on smart

Phones

MOBILE TOKEN ARCHITECTURE

4). Token Generated
5). Credentials Entered

2).Request Sent to BES

BES
1). User accesses the token generation
application on his BB device

IAS & AD

3). Request Forwarded to IAS

3).

IAS
6). Access

Private and Confdential -INNEFU LABS

Application
UN+PWD+TOKEN

AUTHSHIELD - E-TOKEN

Encrypted signature wallet

stored on the token

Passwords
Digital Signatures
Certifcate Store
Online Subscription
credentials

Customized Driver to detect

the E-Token
PKCS# Certifcation
compliant

Private and Confdential -INNEFU LABS

APPLICATIONS

Continuous Polling to
ensure Session Timeout

Disk Encryption No
decryption without Token
Encrypted Mails, Messages

Access to Critical
Applications and IT
Infrastructure

Private and Confdential -INNEFU LABS

Protect Licensed software's

FEATURES

Seamless Integration with the current business and

security architecture
Optional Integration with Risk Based Transaction
Algorithm
All logs are stored in a secured database (completely
encrypted) for future analysis
Date and Time
User
IP Address

Private and Confdential -INNEFU LABS

OS Independent Authentication Mechanism

MANAGEMENT PANEL

Management Portal to
Add

/ Delete users
Associate a Token with a User
De-associate a Token with a User
Lock a lost Token
Transfer a Token to another User

Private and Confdential -INNEFU LABS

Complete Management control

with the Clients IT Team

CASE STUDIES

Mail Solutions
Windows LogOn
with / without
Domain

SSL VPN Juniper /

Citrix

Critical Intranet Applications

including Core Banking
Solutions

Wireless

Private and Confdential -INNEFU LABS

Web Enabled
Applications

Integration with
LDAP / MS Active

Servers

WEB ENABLED APPLICATIONS /

MAIL SOLUTIONS / CRITICAL
APPLICATIONS

Client wanted Two Factor Authentication with

Enable Application (PHP Based)
Inhouse built Finance Portal
Mail Solutions

Source Code available with the Client

Changes made to the Authentication Module of
the client application

Private and Confdential -INNEFU LABS

Web

PROCESS
User Name, Pwd, OTP

True Authentication

True Authentication

User Name, OTP

Private and Confdential -INNEFU LABS

Access

User Name, Pwd

WINDOWS 7, XP WITH MS AD 2008

Client wanted Two Factor Authentication with

Windows XP with MS Active Directory 2003
Windows Vista with MS Active Directory 2003

Changes made to the Login dll of Windows

Innefus server module was installed on Active
Directory
Seamless integration done with Active Directory

Private and Confdential -INNEFU LABS

PROCESS
User Name, Pwd

Active Directory
True Authentication

User Name, OTP

AuthShield Server

Private and Confdential -INNEFU LABS

True Authentication

APPLICATION (MAIL SOLUTION)

INTEGRATED WITH LDAP

Client wanted Two Factor Authentication with

Intranet Application (Java Based)
Mail Solutions

Both the applications were integrated with LDAP

Source code not available for any of the applications

Innefus server module was installed on the LDAP

server
No changes were made to the application

Private and Confdential -INNEFU LABS

PROCESS
User Name, Pwd Authenticated by LDAP
User Name, Pwd, OTP
Private and Confdential -INNEFU LABS

True Authentication

User Name, OTP

INTEGRATION WITH SSL VPN

(JUNIPER)

Client wanted Two Factor Authentication with

SSL VPN (Juniper)

Changes made in Juniper VPN confguration

RADIUS Server was integrated with Juniper VPN

RADIUS Server authentication requests integrated

with IAS Server
All requests forwarded to the IAS server which
authenticates the request

Private and Confdential -INNEFU LABS

PROCESS
User Name, Pwd

Active Directory
True Authentication

User Name, OTP

AuthShield Server

Private and Confdential -INNEFU LABS

True Authentication

ADVANTAGES
The

User Gets

Extra Codes to remember

Easy access to resources
Use whatever device that is convenient to the
user
Works Worldwide

Private and Confdential -INNEFU LABS

No

CONTD.
The

organization gets

user administration.
Seamless Integration with current setup
Simple price set up
Better use of the IT systems already in place
100% control of 'who can access the system'.
Zero maintenance on Identity theft

Private and Confdential -INNEFU LABS

Zero

WHAT WE OFFER
Indigenous Technology

Customization to suit specifc client requirements

Our Expertise in dealing with various Government

Agencies

Unparalleled Support

Competitive Advantage

Robust and Proven Technology

Private and Confdential -INNEFU LABS

PREVENT IDENTITY
THEFT!!

Private and Confdential -INNEFU LABS

COUNT ON

QUESTIONS WELCOME
INNEFU LABS PVT. LTD
www.innefu.com

+91-11-47065864 / 66
contact@innefu.com, info@innefu.com

Private and Confdential -INNEFU LABS

THANK YOU