Actividentity 4TRESS AAA Server, MultiSite Lic, L-D AAAXXMWL-D User Manual
Product codes
AAAXXMWL-D
Americas +1 510.574.0100
US Federal +1 571.522.1000
Europe +33 (0) 1.42.04.84.00
Asia Pacific +61 (0) 2.6208.4888
Email info@actividentity.com
Web www.actividentity.com
About ActivIdentity
ActivIdentity Corporation (NASDAQ: ACTI) is a global leader in strong authentication and
credential management, providing solutions to confidently establish a person’s identity
when interacting digitally. For more than two decades the company’s experience has been
leveraged by security-minded organizations in large-scale deployments such as the U.S.
Department of Defense, Nissan, and Saudi Aramco. The company’s customers have issued
more than 100 million credentials, securing the holder’s digital identity.
credential management, providing solutions to confidently establish a person’s identity
when interacting digitally. For more than two decades the company’s experience has been
leveraged by security-minded organizations in large-scale deployments such as the U.S.
Department of Defense, Nissan, and Saudi Aramco. The company’s customers have issued
more than 100 million credentials, securing the holder’s digital identity.
Copyright © 2010 ActivIdentity. All rights reserved. ActivIdentity
®
, ActivID, ActivIdentity SecureLogin, ActivClient, and 4TRESS are trademarks
of ActivIdentity. All other trademarks, trade names, service marks, service names, and images mentioned and / or used herein belong to their
respective owners.
respective owners.
DS0910V05
Technical Specifications
ActivIdentity 4TRESS Authentication Server 7.0
ActivIdentity 4TRESS AAA Server for Remote Access 6.6 SP1
System Requirements
- Operating systems
- Hardware
- User stores
- Application servers
- Hardware security modules
- Hardware
- User stores
- Application servers
- Hardware security modules
Operating Systems and Application Servers
- Sun Solaris™ SPARC 9 and 10
- IBM AIX 5.3
- SUSE Enterprise Linux 10
- Redhat
- IBM AIX 5.3
- SUSE Enterprise Linux 10
- Redhat
®
Enterprise Linux
®
5 (64bit)
- IBM WebSphere Application Server 6.1.x
- Oracle
- Oracle
®
11g R1 WebLogic Application Server
- JBOSS
®
Application Server 4.2.x
Operating Systems
- Administration Console
· Microsoft Windows
®
2000 Professional SP3/SP4,
· Microsoft Windows XP Pro SP1/SP1a/SP2
· Microsoft Windows Server 2003 SP1/R2, and SP2
· Microsoft Windows Vista (new in 6.6) NOTE: only 32 bit
· Microsoft Windows Server 2003 SP1/R2, and SP2
· Microsoft Windows Vista (new in 6.6) NOTE: only 32 bit
- Authentication Server
· Microsoft Windows 2000 Server SP4
· Microsoft Windows Server 2003 SP1/R2 and SP2
· Microsoft Windows Server 2008, R2
· Microsoft Windows Server 2003 SP1/R2 and SP2
· Microsoft Windows Server 2008, R2
Databases
- Oracle 10g R2, 11g R2 and Oracle 10g Express
Databases
- Microsoft
®
SQL Server 2000 SP3, SP3a, or SP4 (Standard and
Enterprise editions); 2005 SP2, SP3 (Standard and Enterprise Edition);
2008 (Standard and Enterprise Edition); 2005 (Express Edition)
- Oracle 9i and 10g (Standard and Enterprise editions)
Directories and Hardware
- Microsoft
®
Active Directory Server 2003, 2008
- Novell
®
eDirectory, 8.8
- Sun SPARC
®
(Sun Fire 280 and 240)
- IBM pSeries System p5 Servers
- Intel x64 PC
- Hardware Security Module (HSM)
- Intel x64 PC
- Hardware Security Module (HSM)
· THALES
®
netHSM, nShield Connect & nShield SOLO
(requires THALES Payshield option pack for EMV deployments)
· SafeNet
- ProtectServer External
Directories and Hardware (Minimum requirements )
- Microsoft Active Directory Server 2000, 2003, and 2008
- Sun™ Java System Directory Server 5.2 and 6.2
- Sun™ Java System Directory Server 5.2 and 6.2
(on Windows 2000 / 2003)
- Critical Path Directory Server 4.2 (on Windows 2000 or Solaris 8)
- Novell eDirectory 8.7.3 and 8.8
- IBM Tivoli Directory Server 5.2
- Intel
- Novell eDirectory 8.7.3 and 8.8
- IBM Tivoli Directory Server 5.2
- Intel
®
Pentium
®
III 650 Mhz
- 128 MB RAM, 4 GB hard disk
User Authentication
- One-time password: Synchronous and Challenge Response
· ActivIdentity-patented algorithms: event based, time and event based
- OATH event, time-based, and challenge / response
· OATH algorithms: Event based (HOTP), time based (TOTP) and
challenge response (OCRA)
- EMV CAP / DPA: Mode 2
- One time password through out of band channel: SMS and Email
- PKI (X.509 certificates)
- Static and partial password
- Security questions and answers
- Proxy to any RADIUS-compliant authentication server
- LDAP password
- One time password through out of band channel: SMS and Email
- PKI (X.509 certificates)
- Static and partial password
- Security questions and answers
- Proxy to any RADIUS-compliant authentication server
- LDAP password
- One-time password: Synchronous (ActivIdentity-patented algorithm)
- One-time password: Challenge / response
- One-time password: OATH event and time-based
- Transaction verification codes through SMS/Email
- X.509 certificate
- Static password
- LDAP password
- Static password, remote RADIUS server, or LDAP v3 directory)
- Mobile Soft Token
- PC Soft Token
- Web Soft Token
- One-time password: Challenge / response
- One-time password: OATH event and time-based
- Transaction verification codes through SMS/Email
- X.509 certificate
- Static password
- LDAP password
- Static password, remote RADIUS server, or LDAP v3 directory)
- Mobile Soft Token
- PC Soft Token
- Web Soft Token
Transaction Authentication
- Transaction signing with token or card
· EMV CAP / DPA: Mode 1
· ActivIdentity-patented algorithms: synchronous and asynchronous
· OATH OCRA
· ActivIdentity-patented algorithms: synchronous and asynchronous
· OATH OCRA
- Out of band validation
· Transaction details and validation code sent by SMS or email
Standards Supported
Protocols
- RMI, SOAP v1.1
- PSKC v1.1 (credential import)
- RADIUS PAP, MS-CHAP, MS-CHAP v2
- PSKC v1.1 (credential import)
- RADIUS PAP, MS-CHAP, MS-CHAP v2
Protocols
- RADIUS RFC 2865, 2866, and 2869
- TACACS+
- RADIUS support for EAP: RFC 3579 and 3748
- EAP-TLS RFC 2716
- IEEE 802.1X (EAP-TLS, PEAP-MSCHAP v2, PEAP-GTC)
- TACACS+
- RADIUS support for EAP: RFC 3579 and 3748
- EAP-TLS RFC 2716
- IEEE 802.1X (EAP-TLS, PEAP-MSCHAP v2, PEAP-GTC)
Cryptographic
- SHA-2, AES-256, RSA-2048, ECC, 3DES
- FIPS 140-2 level 3 (credential storage and data signing)
- FIPS 140-2 level 3 (credential storage and data signing)
Cryptographic
- DES, 3DES
- ANSI X9.9 (challenge / response)
- ANSI X9.17 (key management)
- ANSI X9.9 (challenge / response)
- ANSI X9.17 (key management)
Administration
- Device and credential lifecycle management
- User and permission management
- Role based access policies
- User and permission management
- Role based access policies
- Capability to define authentication, authorization, and
accounting profiles
- Device management
Auditing, Accounting, and
Reporting
- Digitally signed tamper-evident log
- Audit log queries, Published schema
- Crystal Reports
- Audit log queries, Published schema
- Crystal Reports
®
- Capability to consolidate, view, and delete audit logs
- RADIUS accounting (RFC 2866)
- RADIUS accounting (RFC 2866)