Enterprise SAS Two-Factor Solution

An access management solution needs to balance a number of elements, some of which are potentially conflicting:

1:: High security

2:: Simplicity in deployment and maintenance

3:: Ease of operation for users

4:: Cost-effectiveness

5:: Ability to adapt to changing conditions

With these issues in mind, SentryBay's engineers have developed the Secure Access System (SAS) utilizing our acclaimed patent-pending technology.

The SAS is extremely user-friendly and simple to deploy and maintain - but rather than compromising security to achieve this - the security measures included are first class.

SAS provides protection against Phishing, Pharming/MITB, Man-in-the-Middle/Replay attacks and Key Logging - which together represent the most severe threats to secure online access.

How the SAS Operates

The diagram below illustrates the key operations of the SAS

	Click to view full size diagram

The SAS is made up of the following elements:

1:: A content-controlled, cut-down browser provides a direct, secure link between the cd-rom and the bank's web server.

2:: A Unique Security ID provides the first factor of user authentication.

3:: The standard login details - protected by EntryProtect's patented anti-key logging technology - provides a secure second factor of user authentication.

4:: System authentication of the corporate website overcomes Pharming/MITB threats.

5:: End to end encryption of the data protects against all forms of MITM and Replay attacks.

6:: Decryption library and basic amendments to the existing authentication database.

User Experience

The user simply runs the software from the desktop (or inserts device), the login page is automatically loaded and authenticated, and the user then enters their login details as normal.

This process involves minimal change in user habits, is very simple to understand and much quicker than alternative solutions - while being ultra-secure.

Deployment

Companies are provided with a detailed SDK providing all files. Deployment normally takes only a few days, and involves minor additions to the database, insertion of a decryption library and small modifications to the relevant web page(s).

The software can be downloaded securely from the company's web server, issued via cd-rom, or via a hardware device such as a cd-rom or flash drive. The first time the devices are used the Unique Security ID is automatically recorded against an individual customer - and from that point on the software/device can only be used in conjunction with that customer's login details.

As the database requires no ongoing manual intervention or updating, the SAS is much less resource-intensive than other two-factor authentication solutions.