Data Security and Key Management - Thales e-Security

SafeSign Authentication Server


SafeSign Authentication Server

One platform supports all authentication methods, applications, and users

SafeSign Authentication Server is software that centralizes management of strong authentication for all users, all applications, and all access channels, making it easier for organizations to implement a range of authentication requirements. By enabling the centralized provisioning and management of a variety of strong authentication methods and devices, SafeSign Authentication Server helps organizations efficiently—and with minimal integration effort—implement the most appropriate level of security consistent with the risk profile of each application. As a result, they can reduce the administrative burden of maintaining a high-assurance, auditable security infrastructure that enforces policies appropriately across the enterprise without compromising security or business rules. SafeSign Authentication Server supports diverse authentication methods including:

  • Mobile tokens
  • OATH tokens
  • PKI cards, soft certificates, or USB tokens
  • Vasco and ActivIdentity proprietary hardware tokens
  • EMV authentication
  • Smart cards
  • Generic Triple DES-based tokens
  • Encrypted passwords 

Benefits of SafeSign Authentication Server

  • Enables organizations to secure multiple applications quickly using risk appropriate strong authentication.
  • Streamlines application integration and interoperability with a comprehensive selection of industry-standard APIs.,
  • Facilitates maintenance of legally enforceable, tamper-evident audit trails.
  • Ensures the highest degree of availability and performance with a scalable, resilient architecture.

SafeSign Authentication Server Features

Security Features

  • Strong authentication and transaction signing server provides a wide range of hardware assured, cryptographically-robust strong authentication and transaction-context-sensitive signature technologies for business applications.
  • Tamper-evident audit trails provide non-repudiation of transaction details.
  • Acts as a RADIUS server, providing strong two-factor authentication for employee remote access.

Operational Features 

  • Comprehensive combination of standards and multi channel architecture allows interoperability and support for multiple online applications.
  • Resilient, load sharing server architecture ensures the highest degree of availability and performance.
  • Standards-based server with an open API simplifies integration with new and existing business infrastructure.
  • Flexible, scalable solution allows organizations to expand their existing security platform without the need to invest in other authentication solutions.

SafeSign Authentication Server Specifications

Supported Authentication Schemes

  • Mobile phone authentication
  • OATH (Open AuTHentication)
  • EMV CAP Authentication
  • Smart Cards
  • Vasco devices
  • ActivIdentity devices
  • PKI cards, soft certificates or USB tokens
  • PDF signing
  • Generic AES and Triple DES-based tokens
  • Handheld tokens - including support for SafeSign Personal Security Module
  • User ID/ Password
  • Encrypted passwords

Supported Platforms

  • Microsoft Windows Server 2008
  • Microsoft Windows 2003 server
  • Microsoft Windows 2000, Service Pack 3
  • Sun Solaris 9/10
  • I386 Linux platforms with kernel 2.5.18-27 or later (tested with RedHat Linux 8.0)
  • IBM AIX 5.1, Power 3-II 400MHz or higher,
  • HP-UX 11 64-bit for PA-RISC architectures

Database Support

  • Microsoft SQL Server 2000 and 2005
  • Oracle 9i, 10g, and 11g R2i

Supported Interfaces and Integrations

  • Java through RMI, JNDI or Java Bean interface – SSL & TLS
  • Web Services through XML or SOAP with support for Web Services Security (WS-S)
  • interface
  • Tivoli Access Manager
  • CA SiteMinder web access manager

Supported Standards

  • JDBC
  • J2EE
  • LDAP
  • OCSP and CRLv2 certification validation
  • PKIX
  • PKCS#1, PKCS#7, PKCS#10, PKCS#11 and PKCS#12
  • Identrust
  • Bank-ID
  • X.509
  • 3-DES
  • AES
  • CSP for Microsoft CryptoAPI (MS-CAPI)
  • RSA
  • SHA-1, SHA-2
  • XML DSig digital signatures
  • OATH (Open AuTHentication)
  • SAML 1.1 and 2.0
  • Visa & MasterCard methods
  • MasterCard CAP 2004, 2007 and AAC approval
  • Java Environment
  • JDK 1.5.1 or later
  • Support for Java Management Extension (JMX)
  • JSR-160 Compliant
  • SSL 2.1, 3.0, TLS 1.0, 1.1 and 1.2

Supported Hardware Security

  • Thales SafeSign Crypto Module

SafeSign Authentication Server Data Sheet

SafeSign Auth Server