Diamelle Technologies Releases a Low Cost Authentication Server to Deter Account Fraud and Identity Theft with Soft Tokens for Multi-factor Authentication

Share Article

Identity theft has become the world’s fastest growing crime. Consumers are more and more concerned about doing business online and passwords are increasingly viewed as not safe for application such as banking, brokerages, and e-commerce. Hard token solutions are expensive, hard to deploy and cumbersome for endusers. Diamelle's cost effect soft tokens provides the benefits of tokens, but operates in something most users already carry - cell phones, PDAs or PCs.

Diamelle Technologies, (http://www.diamelle.com) which provides a comprehensive identity and access management enterprise solution, announced the release of a low cost Authentication server with two factor authentication, aimed at the SMB market and high volume online applications.

Identity theft has become the world’s fastest growing crime and risk exposure levels are high. Consumers are more and more concerned about doing business online and passwords are increasingly viewed as not very safe, especially for sensitive applications such as online banking, brokerages, and some e-commerce activities. Because passwords are so easily compromised, the National Credit Union Administration (NCUA) has been forced to mandate that credit unions go to a higher level of security. The Federal Financial Institutions Examination Council (FFIEC) has also recommended implementation of multi-factor authentication by end of 2006.

Authentication with more than one factor is considered as strong authentication which is considerably more difficult to compromise as compared with single factor authentication. Two factor authentication, using one time passwords (OTP), requires the user to enter something they know, which is usually a PIN, and something they have; a physical device such as a token, smart cards with micro-processors, or biometrics such as finger print scanners.

Hard token generators are expensive, some costing as much as $65 per token. The high price tag makes it difficult for many businesses to implement such a feature for high volume applications, no matter how strong the authentication may be. In addition, consumers are not going to be happy with lugging around multiple tokens from the different organizations that they may have relationships with. Currently available soft token solutions for cell phones often rely on a phone signal, making them impractical for use in environments where a signal is not available. Further, the user consumes valuable phone minutes upon each use.

The Diamelle solution uses something that every online consumer already has: a PC, a PDA, or a mobile phone. There are no manufacturing or distribution costs, just a simple one time software download. The solution is easily distributed to its audience using the self service module in the Diamelle Authentication Server and downloaded into the device using the Over the Air feature found in most modern cell phones. When the member requests a login to the business’s online authentication server, the small application generates a PIN internally in their phone (or PDA or PC). Most importantly, the system does not rely on SMS or need a phone signal or use the member’s precious phone minutes – it is a completely secure, encrypted and self-contained system. Alternative authentication methods are available for the odd occasion a user is unable to access either a cell phone or a PC.

Since no additional hardware is required, the cost per user is very low. The Authentication server itself is also attractively priced at $5,000 for the first 100 users, including tokens. Additional users start at $10 per user and quantity discounts are available for high volume applications. Available with the server is a web based administration console to manage user information. A fine grained API is also available to facilitate additional integration with other systems.

The Authentication Server can also be expanded to include Diamelle Technologies’ Enterprise Identity Management solution available for large corporations. The Diamelle IDM is an integrated, full featured product built on a Java Enterprise Edition (JAVA EE) platform with WS-I compliant web services to facilitate integration and provides authentication with Single Sign-on, authorization, user management, policy management, user self-service, audit, password management and delegated administration. Diamelle offers a seamless migration path from the Authentication server to the IDM solution.

Organizations need authentication and authorization across multiple applications and platforms. Without a coherent security framework, users are faced with multiple applications -- each with its own authentication needs and user repositories with multiple logins and passwords. Developers spend time creating their own security frameworks. Each application needs user accounts to be set up and productivity decreases as users struggle with multiple identities. Calls to support and help desk increase and raises the cost of operating systems.

The Diamelle solution manages user information, various identities and user groups, in a centralized secure infrastructure with enterprise-wide authentication utilizing both passwords and tokens. With Single Sign-On, users can login once, and roam freely in secured domains without being challenged again. Participating domains are not required to give up their own logins and credentials. The ability to hold multiple identities, across multiple domains allows for a wide network of co-operating domains to communicate seamlessly. Authenticated subjects can access restricted resources requiring multiple logins and credentials without the need to login at each domain.

Password Management is an optional module that allows the system to manage the large number of passwords that a user may be required to remember. These passwords can be managed through the consistent administration of password policies as well synchronization of passwords across systems. A self service module allows users to manage their own passwords as well as unlock their accounts when the need arises. This not only saves help desk time but has many checks to ensure an account is not compromised. Shared secrets such as mother’s maiden name and zip code used by many financial institutions are not very reliable. Multiple shared secrets offer better protection and the Diamelle solution has many such features. Audit logs help identity unauthorized activities and fraud and promote employee and user accountability.

Diamelle Authentication server has been built upon the Java EE platform utilizing a Service Oriented Architecture. The Diamelle product architecture emphasizes scalability, security, portability, platform independence, extensibility, business process mapping and easy systems integration. It is a powerful and flexible programming model which lowers implementation risks and cost of ownership and scales to millions of users. The solution can be deployed in a number of configurations where it can serve as the central identity manager for the enterprise or it may be deployed as part of an application, without creating a new footprint, as is often the case for ISVs or departmental solutions.

The use of the JAVA EE platform means that developers or administrators already working with JAVA EE app servers can leverage their existing knowledge. Competing products dating back to earlier times often have proprietary platforms without the same level of flexibility. Availability of Web Services and related technologies, simplifies integration with applications that use other technologies. Since SOAP toolkits are now available for a large number of platforms, the effort is greatly reduced and developers can leverage existing knowledge to achieve this goal.

The Diamelle Authentication server is available for immediate delivery. A promotional price is being offered during January 2006 where the Authentication Server for 500 users is available for $7,500-. Additional users licenses are available for $5- / user for 501 to 5000 user. 5001 to 10,000 users are $4- / user.

About Diamelle Technologies

Diamelle Technologies has been building robust enterprise solutions for some of the largest corporations on the planet, from Wall Street trading floors to entertainment and manufacturing industry giants since 1982. It specializes in Java EE systems utilizing a Service Oriented Architecture featuring Identity Management, CRM, e-Business and Content Management. Headquartered in New York, with a development center in Mumbai, Diamelle is uniquely positioned to deliver robust, transactional, distributed Enterprise systems at an affordable cost.

Web: http://www.diamelle.com
Contact: Ameet Shah

Company: Diamelle Technologies

Phone: 914-739-4386 x 111

Fax: 914-739-3035


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Suneet Shah
914-739-4386 -111
Email >
Visit website