In order to start using CENTAGATE®, a User with the “Login ID” has to be registered beforehand; this can be done either manually (via administrator) or through API call (via client application). Once a User registered, he/she will need to bind with authentication methods or security token and once both the above pre-requisites have been fulfilled, it can proceed with the following use cases.
Protect login to client application with local password and 2-Factor Authentication using OTP/SMS Code.
Integration: via Radius/ Web Services/SSO.
Application type: Web based applications, SAML2.0/Radius compliant devices/applications.
Flow:
(1) The User login and the client application validate the “Login ID” and “password”.
(2) Client application prompt User to key in SMS/OTP Code. If for SMS code, User can request it through the client application; else for OTP token, User can use OTP token to generate the OTP code.
(3) After User key in the SMS/OTP code, CENTAGATE® validate the “Login ID” and OTP/SMS code provided by user.
Note: If using SMS code, CENTAGATE® needs to integrated with SMS gateway provider. OTP code can be from a hardware OTP token or mobile app.
Protect login to client application with client digital certificate from a trusted Certificate Authority.
Integration: Web Services/SSO.
Application type: Web based applications, SAML2.0 compliant devices/applications
Flow:
(1) The client application asks for client digital certificates from the end user when accessing the login page.
(2) User needs to select the correct digital certificate.
(3) The provided certificate information is validated by CENTAGATE® to confirm whether the user matches the user information provided and to check whether the digital certificate is valid.
Note: Client digital certificate can either be in software form (p12) or inside a PKI token (hardware token). A Certificate Authority, which is not within the scope of CENTAGATE®, shall issue those digital certificate.
Protect the login to a client application using a static password and/or Challenge Question & Answer
Integration: Web Services/SSO
Application type: Web based applications and SAML2.0 compliant devices/applications.
Flow:
(1) When login to client application, user inputs the “Login ID” and static password.
(2) The client application will prompt user to answer challenge question.
(3) CENTAGATE® validates the answer of the challenge question.
Note: CENTAGATE® employs configurable password policy together with flexible challenge question and answer setting.
Protect login to client application with local password and QR Code generated by CENTAGATE®.
Integration: Web Services/ SSO.
Application type: Web based applications, SAML2.0 compliant devices/applications
Flow:
(1) The client application validates the “Login ID” and “password, when successful, it will call API to request QR code from CENTAGATE®.
(2) CENTAGATE® generates QR code which will be displayed on the client application page.
(3) User with mobile app will use “QR code” scanner to authenticate with CENTAGATE®. When successful, user is allowed to access the application.
Note: If using QR code, the user must have a registered/linked mobile device with CENTAGATE® mobile app installed or integrated.
During authentication, the mobile device/app must have online/internet connectivity.
Enable risk-based scoring method to evaluate risks during login to client application
Integration: Web Services/SSO
Application type: Web based applications and SAML2.0 compliant devices/applications.
Flow:
(1) When login to client application, user provides 2-Factor Authentication token, eg. SMS/OTP code, PKI certificate, Challenge Question & Answer, QR Code.
(2) CENTAGATE® validates the 2-Factor Authentication token, if successful then CENTAGATE® evaluates risks score according to security policy configured. If the risk score is high, CENTAGATE® will either reject the login request or trigger to next step of authentication where the user will be prompted for re-authentication via different channels. Re-Authentication methods will subject to the configurable Trust level.
Note: CENTAGATE® provides configurable security policy and notification setting to administrator.
Protect a transaction with 2-Factor Authentication token using an SMS/OTP code.
Integration: Web Services
Application type: Web based applications
Flow:
(1) The user prepares a transaction and proceeds to authorise it.
(2) Client application prompt User to key in SMS/OTP Code. If for SMS code, User can request it through the client application; else for OTP token, User can use OTP token to generate the code.
(3) The user inputs the SMS/OTP code as authorization.
(4) CENTAGATE® validates the SMS/OTP code.
Note: If using SMS code, CENTAGATE® needs to integrated with SMS gateway provider. OTP code can be from a hardware token or mobile app.
Protect a transaction with 2-Factor Authentication token using an OTP signature via Challenge Response
Integration: Web Services
Application type: Web based applications
Flow:
(1) The user prepares a transaction and proceeds to authorise it.
(2) User needs to request Challenge as the input data.
(3) The client application displays the Challenge (eg. Reference Number) as the input data. The user key in the input data to a CR token. The CR token generates an OTP Signature.
(4) The user inputs the OTP Signature on the transaction page as to authorization.
(5) CENTAGATE® validates the OTP signature.
Note: OTP signature is generated from a CR token, either a hardware token or CENTAGATE® mobile app.
Protect a transaction with 2-Factor Authentication token using an OTP Signature via QR Code.
Integration: Web Services
Application type: Web based applications
Flow:
(1) The user prepares a transaction and proceeds to authorise it.
(2) User needs to request input data as the QR Code.
(3) The client application displays CENTAGATE® generated QR code.
(4) User with mobile app will use “QR code” scanner as to authorise the transaction.
(5) CENTAGATE® validates the scanned QR Code.
Note: OTP Signature is generated from the mobile app. If using QR code, the user must have a registered/linked mobile device with CENTAGATE® mobile app installed or integrated. During authorization, the mobile device/app must have online/internet connectivity.
Protect a transaction with 2-Factor Authentication token using an OTP Signature via Mobile Push Challenge Response.
Integration: Web Services
Application type: Web based applications
Flow:
(1) The user prepares a transaction and proceeds to authorise it from the web application.
(2) The client application request Mobile Push Challenge.
(3) User with mobile app will receive approval notification as to authorize or reject the transaction.
(4) CENTAGATE® validates the approval response.
Note: OTP Signature is generated from the mobile app. If using mobile push notification, the user must have a registered/linked mobile device with CENTAGATE® mobile app installed or integrated. During authorization, the mobile device/app must have online/internet connectivity.
Protect a transaction using a PKI certificate and authorize it via PKCS#7 digital signature
Integration: Web Services
Application type: Web based app, Mobile Application (out-of-band, multi-channels)
Flow:
(1) The user prepares a transaction and proceeds to authorise it from the web application.
(2) Web application generates a transaction details (eg. Reference Number, transaction details) and call the CENTAGATE® signing agent on user’s computer.
(3) CENTAGATE® signing agent generates digital signature using PKCS#7 and returns the digital signature to application.
(4) CENTAGATE® validates the digital signature and checks the certificate status used during signing from CA validation authority.
Note : CENTAGATE® signing agent is a desktop application used for client side. A Certificate Authority, which is not within the scope of CENTAGATE®, shall issue those digital certificate.
