Escolar Documentos
Profissional Documentos
Cultura Documentos
By MSK Security
Version 1.0.20100308
Patent Pending
Prepared by:
Shahram Karimian
Raymond Gallagher
3/9/2010
Page 1 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Table of Contents
Non Linear Authentication SM ..................................................................1
By MSK Security ..................................................................................1
Version 1.0.20100308.....................................................................1
Patent Pending ..............................................................................1
Table of Contents .................................................................................2
Executive Summary..............................................................................3
Non-Linear Authentication SM..................................................................5
Linear Authentication ......................................................................5
Non-Linear Authentication SM............................................................5
How the MSK Digital IDTM isolates and protects.........................................6
Out of Band Transactional Verification for Banking .................................7
Isolation through HASP ......................................................................8
Data Protection:.............................................................................8
System Protection: .........................................................................8
MSK Digital IDTM Smart Token – .............................................................9
System requirements............................................................................9
Implementation .............................................................................9
Proven technologies and best practices .............................................. 10
Appendix A........................................................................................ 11
How the Security Token communicates ........................................... 11
How the Authentication Server communicates .................................. 11
3/9/2010
Page 2 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Executive Summary
MSK Security is designed to allow secure logins, transaction verification,
payment processing and Digital Signatures, in a WAN environment and to
remove the possibility of non-authorized activity interfering with these
processes. MSK Security has invented “Non-Linear Authentication SM” (Patent
Pending) and has a proven implementation of it in our (MSK Web
Management 2008 system our 3rd generation management system).
Many security systems and techniques have failed not because of security
but because of usability. From the End-Users perspective, using the security
token is no more difficult than the current username/password combination
and in some respects (especially across multiple enabled systems) is
considerably easier.
Two-factor Authentication
There are only three possible factors for authentication, something you know,
something you have and something you are:
3/9/2010
Page 3 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Bidirectional Authentication
User Server/Service
Out-of-Band Authentication
User Server/Service
E-mail/Phone
3/9/2010
Page 4 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Non-Linear Authentication SM
Non-Linear Authentication SM has three players the End-User, the Service or
(an agency’s internal network and business applications) and the
Authentication-Service or (Auth Server). Non-Linear Authentication SM is
where both the End-User and the Service have to authenticate to the Auth
Server. The End-User first picks a Service to login to; the Service then
authenticates itself to the Auth Server; next the End-User authenticates to
the Auth Server; finally the End-User logs in and it is at this point that the
Service checks independently with the Auth Server to see if the End-User has
authenticated. This is also the point at which the End-Users receive their
access rights.
Linear Authentication
User Server/Service
Server/Service1
User Authentication
server/service Server/Service 2
Server/Service 3
Non-Linear Authentication SM
Server
User 1 Out-of-Band
Credentials
Server Server
3 2
Authentication
server/service
Secure
Information
3/9/2010
Page 5 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
First Factor
Something you know
Second Factor
Something you have
Second Factor
If you are not on an
authorized PC
3/9/2010
Page 6 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Payment processing
Digital Signatures
3/9/2010
Page 7 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
MSK Digital ID™ has an optional HASP feature that allows Software on
Demand from a specific machine or a pre determined network of machines;
this guarantees the highest level of controlled access. Users can be limited to
a specific machine or group of machines preventing password sharing. All of
this is accomplished without the need to install cumbersome software or
hardware.
Data Protection:
Unauthorized Users:
• Phishing
• Man-in-the-Middle
• Key Loggers
• Password Sharing
MSK Security will protect you from all of these attacks.
Insider Threats:
• Audit Trails
• Identity and Access Management
MSK Web Management TM solution includes full audit trails granular to any
machine that attempts to login. The solution includes a single point
provisioning and single click removal or de-provisioning.
System Protection:
Injection attacks:
• SQL-Injection
• Cross-site-scripting
Injections into the Buffer fields like (username and password fields) can
damage a system. MSK removes the buffer fields; this reduction of the
attack surface eliminates injection attacks.
3/9/2010
Page 8 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
Implementation
There are two way to implement MSK Digital ID first is our SAAS model
second is a self hosted model. Our SAAS model has only a small a per-set
license. The self hosted model will require a Secure MSK Security
Authentication Server and will require Branded Smart Tokens that will only
communicate with the self hosted Authentication Server. The requirements
of the physical server are Windows 2003 Server other requirement will vary
depending on implementation (Firewalls, Proxies, Monitoring Services,
Secure Hosting Services i.e. SAS 70 Datacenter).
Our SAAS (Software-As-A-Service) model is by far the most robust and is the
far less costly option. Traditional two factor solutions require distribution and
life cycle management of expensive hardware tokens that need to be
synchronized with expensive on premise authentication servers that require
expensive on premise maintenance. Distribution of the MSK Security Smart
Token is quick and easy. The MSK Web Management TM system is included
as part of the service not an extra piece of software that needs to be
installed and maintained or licensed. The optional HASP (Hardware Against
Software Piracy) feature is included as part of the offering. The Smart
Tokens can be married to 1 or more computers preventing them from being
used on non-authorized computers. Scalability is quick and limitless. With
traditional systems this process can be very painful and expensive.
3/9/2010
Page 9 of 12 © Copyright 2010 MSK Security
Non Linear Authentication SM
3/9/2010
Page 10 of 12 © Copyright 2010 MSK Security