Automation that works.
Getting to know your Line-Of-Business
We provided our customers with quality custom applications that met their growing business needs. Although most
of those solutions employ different technologies that met the needs of the end user, they do share several commonalities such as:
Web Enabled Applications
Our clients require their solutions to be cloud-based and available across many devices. We can meet this
complex need while maintaining a rich user experience that enables the user to access a powerful business
application from anywhere.
Enterprise Database Services
Maintaining cloud-based applications requires solutions that can access and store data with integrity and
security. Our solutions are built on robust, enterprise class technologies such as Microsoft SQL Server
database and Windows Communication Foundation which enable scalable and reusable Service Orientation Architectures.
Our solutions comply with Federal, state and local government mandated security standards. We leverage best
practices in our solutions such as Two-Factor Authentication (for instance
Common Access Card (CAC) and Personal Identity
Verification (PIV) cards), Secure Socket Layer (SSL) to encrypt client and server application communications
and Public and Private Infrastructure (PKI).
Do you have processes that depend on one or more employees to complete? Let us build a vision of automation
that leverages the latest technologies to streamline and reduce overhead which frees up your valuable
resources to keep your business running with the competitive edge.
If any of these design aspects interest you, give us 1 hour of your time and we will guide you to a solution
that is perfect for your business needs.
Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of
"two or more" of the three authentication "factors" ("something the user knows", "something the user has", and
"something the user is").
Two-factor authentication is commonly found in electronic computer authentication, where basic authentication is the
process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks
to decrease the probability that the requestor is presenting false evidence of its identity. The number of factors
is important as it implies a higher probability that the bearer of the identity evidence indeed holds that identity
in another realm (i.e.: computer system vs real life). In reality there are more variables to consider when
establishing the relative assurance of truthfulness in an identity assertion, than simply how many "factors" are used.
Two-factor authentication is often confused with other forms of authentication. Two factor authentication requires
the use of two of the three regulatory-approved authentication factors. These factors are:
- Something the user knows (e.g., password, PIN);
- Something the user has (e.g., ATM card, smart card); and
- Something the user is (e.g., biometric characteristic, such as a fingerprint).
Two-factor authentication is not a new concept, having been used throughout history. When a bank customer visits a
local automated teller machine (ATM), one authentication factor is the physical ATM card the customer slides into
the machine ("something the user has"). The second factor is the PIN they enter ("something the user knows"). Without
both of these factors, authentication cannot succeed. This scenario illustrates the basic concept of most two-factor
authentication systems; the "something you have" + "something you know" concept.
Two-factor authentication (or multi-factor authentication) is sometimes confused with "strong authentication", however,
"strong authentication" and "multi-factor authentication" are fundamentally different processes. Soliciting multiple
answers to challenge questions may be considered strong authentication but, unless the process also retrieves "something
you have" or "something you are", it would not be considered multi-factor. The U.S. Federal Financial Institutions
Examination Council issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition
true multifactor authentication requires the use of solutions from two or more of the three categories of factors.
Using multiple solutions from the same category ... would not constitute multifactor authentication."
Want to know more?
The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as
standard identification for active-duty military personnel, reserve personnel, civilian employees, other
non-DoD government employees, state employees of the National Guard, and eligible contractor personnel.
It is used as a general identification card as well as for authentication to enable access to DoD computers,
networks, and certain DoD facilities. It also serves as an identification card under the Geneva Conventions
(esp. the Third Geneva Convention). The CAC enables encrypting and cryptographically signing email,
facilitating the use of PKI authentication tools, and establishes an authoritative process for the use of
The CAC is designed to provide two-factor authentication: what you have (the physical card) and what you know (the PIN).
The CAC is the size of a standard credit card and stores 64 or 128 kB of data storage and memory on a single integrated
circuit. This CAC technology allows for rapid authentication and enhanced physical and logical security. The new Common
Access Cards are said[who?] to be resistant to identity fraud, tampering, counterfeiting, and exploitation and provides
an electronic means of rapid authentication.
There are currently four kinds of CAC. The Geneva Conventions Identification Card is the most common CAC and is given
to active duty/reserve armed forces and uniformed service members. The Geneva Convention Accompany Forces Card is
issued to emergency-essential civilian personnel. The ID and Privilege Common Access Card is for civilians residing
on military installations. The ID card is for DOD/Government Agency identification for civilian employees.
The Common Access Card is a controlled item. As of 2008, DoD has issued over 17 million smart cards. This number includes
reissues to accommodate changes in name, rank, or status and to replace lost or stolen cards. As of the same date,
approximately 3.5 million unterminated or active CACs are in circulation. DoD has deployed an issuance infrastructure
at over 1000 sites in more than 25 countries around the world and is rolling out more than 1 million card readers
and associated middleware.
Currently, it can be used for access into DoD computers and networks equipped with an ExpressCard or USB based
smartcard reader. The only approved Windows middleware for CAC is ActivClient - available only to authorized DoD personnel.
Other non-Windows alternatives include LPS-Public - a non-hard drive based solution. Also, most intranet web sites require
a user to log-in using a CAC to perform certain functions that require stronger credential authentication than a
traditional HTTP Basic access authentication.
The program that is currently used to issue CAC IDs is called the Real-Time Automated Personnel Identification System
(RAPIDS). The system is secure and monitored by the DoD at all times. Users have to go through a special course and be
certified to issue CACs. Different RAPIDS sites have been set up throughout military installations in and out of combat
theater to issue new cards.
Want to know more?
FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal
government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and
In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification
and authentication of Federal employees and contractors for access to Federal facilities and information systems.
FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce,
and issued on February 25, 2005.
FIPS 201 together with NIST SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required for U.S.
Federal Agencies, but do not apply to US National Security systems.
The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US
government agencies should use smart card technology.
Want to know more?
Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a
certificate authority (CA). The user identity must be unique within each CA domain. The binding is established
through the registration and issuance process, which, depending on the level of assurance the binding has, may
be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called
the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is
assigned in a way that ensures non-repudiation.
Public key encryption is a cryptographic technique which enables users to securely communicate on an insecure
public network, and reliably verify the identity of a user via digital signatures.
A Public Key Infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates
which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital
certificates which map public keys to entities, securely stores these certificates in a central repository,
and revokes them if needed.
A PKI consists of:
- A certificate authority (CA) that both issues and verifies the digital certificates.
- A registration authority which verifies the identity of users requesting information from the CA
- A central directory -- i.e. a secure location in which to store and index keys.
- A certificate management system.
Want to know more?