Authentication Server for Online Banking

Cybersecurity Challenge

The need for more robust authentication in digital banking

You'll probably agree that implementing a flexible and seamless authentication strategy represents a major challenge for banks.

Digital banking is changing so fast with ever-evolving standards, new threats and demanding consumers.

In response, numerous technological developments and authentication methods have emerged. But harnessing them into a single effective strategy can prove a real pain.

The good news?

The security and flexibility of customers' authentication can be increased dramatically using evolutive and robust field-proven solutions.

The key lies in a unique global architecture for authentication, developed in collaboration with our most advanced customers worldwide.

It's time to discover Thales' high-performance authentication server.

The foundation for secure digital banking

Thales Confirm Authentication Server (CAS) is the heart of the world's most versatile, scalable and secure authentication solution dedicated to protecting eBanking, eCommerce and mBanking.

It is a high-performance authentication engine that allows banks to protect their customers' identities and transactions.

Able to support multiple technologies and devices, this field-proven solution is the bedrock of secure and convenient digital banking services.

Talk with an authentication expert

6 reasons companies choose Confirm Authentication Server

    Easy deployment and operations

    This authentication server works with multiple operating systems. The server configurations and modules support industry-standard protocols for seamless integration with existing bank architectures.

    Admin and User features are available through Web Service REST API. It allows banks easy integration in their existing portal and further admin and user features.

    Why complicate things?

    What's important is getting the right tokens to the right customers – fast.

    Enjoy a quick and simple token integration with Gemalto CAS.​​​

    ​​Field-proven​​ authentication server

    The Gemalto Con​​​firm Authentication Server authenticates millions of online banking and e-commerce users daily, authorizes remote access and internet transactions and protects sensitive data from fraudulent online attacks.

    In combination, various devices can be used to provide a secure yet flexible authentication realm. This allows banks to offer different channels - all authenticated with the same server.​

    Secu​​re implementation​​​

    ​​​​​Gemalto CAS has been designed and approved by internal and external security audits.

    There's more.

    To provide the most advanced level of user identity protection, the software security module or an external hardware security module (HSM) is linked to an authentication server to store and use cryptographic keys.

    Using standard authentication frameworks and protocols like HTTP/HTTPS, authentication modules interact with existing data servers to maintain and update user authentication information.

    Multiple database options are supported.

    User Bank Backend

    Futu​re-proof authentication framework

    Our open-source, scalable solution supports an on-premise or cloud deployment model.

    With Gemalto Confirm Authentication Server as your authentication solution, you can secure your current investment and reap the benefits of a rich technology roadmap for the future.

    Multiple authentication technologies​​

    Gemalto CAS is compliant with open standards and advanced authentication technologies.

    It supports standard multi-factor authentication, One Time Passwords (OTP) and Challenge/Response, and more advanced transaction verification and signing methods, such as EMV/CAP/DPA, OATH and OCRA, and the Thales patented Dynamic Signature technology.

    Multiple channels and devices​

    ​​A key benefit of the Gemalto CAS is that it allows banks to pick and mix from our selection of channels and installations – from Digital Banking, mBanking, phone banking and from eCommerce to eBroker or Multi-Issuer setups. Or even as a strong customer authentication (SCA).

    Multiple Devices

    Thanks to its unique flexibility and the ability to support several authentication devices (bank tokens, smart cards, mobile phones) and solutions simultaneously, the Gemalto Confirm Authentication Server allows you to segment your customer base to support different customer needs easily.

    In other words, it allows banks to assign different kinds of security devices for different use cases based on the following:

    • risk profile,
    • usage pattern
    • and preferences.

      Identity assurance and access control

      • Strong 2FA of OTP
      • Multi-tenant ready architecture
      • Comprehensive audit logging and reporting
      • Clustering and load balancers support high availability and disaster recovery.
      • Application firewalls support
      • Centralized web-based administration for managing the system​

      OS

      • Red Hat Linux
      • Windows server

      A Flexible solution supporting open standards

      • Directory access protocol (LDAP)
      • Remote authentication dial-in user service (RADIUS)
      • Initiative for open authentication (OATH)
      • OpenID Connect / OAuth2

      Authentication & signing methods

      • OATH, OCRA (event-based, time-based)
      • EMV CAP
      • OATH dynamic code verification
      • Dynamic signature enhancements

      Authentication & signing form-factors

      • Supports a wide range of 2FA tokens, both hardware and software
      • Mobile-based authentication
        • SMS OTP
        • Mobile token
        • Mobile Out-of-Band (Push notifications)
      • OTP tokens
        • QR token
        • One button
        • PinPad
      • EMV CAP readers
        • Connected or unconnected
      • Dynamic CV cards and mobile

      Webserver

      • Apache Tomcat
      • IBM WebSphere
      • The chosen architecture allows "high availability" and "fail-over" configuration relying on operating systems, databases and monitoring mechanisms.

      Databases

      CAS stores OTP-related data and user data if needed (DB mode) in:

      • Oracle
      • MySQL
      • IBM DB2
      • MS SQL

      User repository

      CAS can be connected to the following LDAP when users' accounts are managed externally (mixed mode):

      • Microsoft Active Directory
      • Novell eDirectory
      • Open LDAP
      • Any other LDAP could be supported through a specific development

      Authentication services interface

      • Web service REST API
      • RADIUS requests
        • Microsoft NPS
        • ​FreeRADIUS
      • AD FS

      Security modules

      • SafeNet Network HSM
      • SafeNet PCI-E HSM​
      • SafeNet Payment HSM
      • Thales PayShield
      • Thales nShield
      • Software Security Module

      Performance

      • One Gemalto CAS node supports 400 OCRA transactions per second
      In Gemalto's new platforms and services model, we have found a proven technology partner that can also offer the flexibility and scalability necessary to evolve with this fast-changing marketplace.
      Artie Debidien ICT & Operations Manager KNAB
      Thales Confirm Authentication Server
      Featured Resource

      Thales Confirm Authentication Server

      Security with a flexible architecture enabling a seamless deployment in any bank’s IT infrastructure - preventing eBanking user credential security breaches and supporting the widest range of authentication and signing methods in the industry.

      Download the Product Brief