Line-of-Business Solutions.

  

Automation that works.

Getting to know your Line-Of-Business

We provided our customers with quality custom applications that met their growing business needs. Although most of those solutions employ different technologies that met the needs of the end user, they do share several commonalities such as:

  • Web Enabled Applications
    Our clients require their solutions to be cloud-based and available across many devices. We can meet this complex need while maintaining a rich user experience that enables the user to access a powerful business application from anywhere.
  • Enterprise Database Services
    Maintaining cloud-based applications requires solutions that can access and store data with integrity and security. Our solutions are built on robust, enterprise class technologies such as Microsoft SQL Server database and Windows Communication Foundation which enable scalable and reusable Service Orientation Architectures.
  • Application Security
    Our solutions comply with Federal, state and local government mandated security standards. We leverage best practices in our solutions such as Two-Factor Authentication (for instance Common Access Card (CAC) and Personal Identity Verification (PIV) cards), Secure Socket Layer (SSL) to encrypt client and server application communications and Public and Private Infrastructure (PKI).
  • Application Automation
    Do you have processes that depend on one or more employees to complete? Let us build a vision of automation that leverages the latest technologies to streamline and reduce overhead which frees up your valuable resources to keep your business running with the competitive edge.

If any of these design aspects interest you, give us 1 hour of your time and we will guide you to a solution that is perfect for your business needs.

Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of "two or more" of the three authentication "factors" ("something the user knows", "something the user has", and "something the user is").

Background

Two-factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requestor is presenting false evidence of its identity. The number of factors is important as it implies a higher probability that the bearer of the identity evidence indeed holds that identity in another realm (i.e.: computer system vs real life). In reality there are more variables to consider when establishing the relative assurance of truthfulness in an identity assertion, than simply how many "factors" are used.

Two-factor authentication is often confused with other forms of authentication. Two factor authentication requires the use of two of the three regulatory-approved authentication factors. These factors are:

  • Something the user knows (e.g., password, PIN);
  • Something the user has (e.g., ATM card, smart card); and
  • Something the user is (e.g., biometric characteristic, such as a fingerprint).

Two-factor authentication is not a new concept, having been used throughout history. When a bank customer visits a local automated teller machine (ATM), one authentication factor is the physical ATM card the customer slides into the machine ("something the user has"). The second factor is the PIN they enter ("something the user knows"). Without both of these factors, authentication cannot succeed. This scenario illustrates the basic concept of most two-factor authentication systems; the "something you have" + "something you know" concept.

Two-factor authentication (or multi-factor authentication) is sometimes confused with "strong authentication", however, "strong authentication" and "multi-factor authentication" are fundamentally different processes. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves "something you have" or "something you are", it would not be considered multi-factor. The U.S. Federal Financial Institutions Examination Council issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication."

Want to know more?

The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel. It is used as a general identification card as well as for authentication to enable access to DoD computers, networks, and certain DoD facilities. It also serves as an identification card under the Geneva Conventions (esp. the Third Geneva Convention). The CAC enables encrypting and cryptographically signing email, facilitating the use of PKI authentication tools, and establishes an authoritative process for the use of identity credentials.

Implementation

The CAC is designed to provide two-factor authentication: what you have (the physical card) and what you know (the PIN). The CAC is the size of a standard credit card and stores 64 or 128 kB of data storage and memory on a single integrated circuit. This CAC technology allows for rapid authentication and enhanced physical and logical security. The new Common Access Cards are said[who?] to be resistant to identity fraud, tampering, counterfeiting, and exploitation and provides an electronic means of rapid authentication.

There are currently four kinds of CAC. The Geneva Conventions Identification Card is the most common CAC and is given to active duty/reserve armed forces and uniformed service members. The Geneva Convention Accompany Forces Card is issued to emergency-essential civilian personnel. The ID and Privilege Common Access Card is for civilians residing on military installations. The ID card is for DOD/Government Agency identification for civilian employees.

The Common Access Card is a controlled item. As of 2008, DoD has issued over 17 million smart cards. This number includes reissues to accommodate changes in name, rank, or status and to replace lost or stolen cards. As of the same date, approximately 3.5 million unterminated or active CACs are in circulation. DoD has deployed an issuance infrastructure at over 1000 sites in more than 25 countries around the world and is rolling out more than 1 million card readers and associated middleware.

Currently, it can be used for access into DoD computers and networks equipped with an ExpressCard or USB based smartcard reader. The only approved Windows middleware for CAC is ActivClient - available only to authorized DoD personnel. Other non-Windows alternatives include LPS-Public - a non-hard drive based solution. Also, most intranet web sites require a user to log-in using a CAC to perform certain functions that require stronger credential authentication than a traditional HTTP Basic access authentication.

The program that is currently used to issue CAC IDs is called the Real-Time Automated Personnel Identification System (RAPIDS). The system is secure and monitored by the DoD at all times. Users have to go through a special course and be certified to issue CACs. Different RAPIDS sites have been set up throughout military installations in and out of combat theater to issue new cards.

Want to know more?

FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.

In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.

FIPS 201 together with NIST SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required for U.S. Federal Agencies, but do not apply to US National Security systems.

The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.

Want to know more?

Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation.

Overview

Public key encryption is a cryptographic technique which enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures.

A Public Key Infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.

A PKI consists of:

  • A certificate authority (CA) that both issues and verifies the digital certificates.
  • A registration authority which verifies the identity of users requesting information from the CA
  • A central directory -- i.e. a secure location in which to store and index keys.
  • A certificate management system.

Want to know more?