Identity Exchange Platform
The IDX multi-protocol user authentication server was designed and implemented based on needs of e‑government and large enterprises in 2004.
The first edition labeled v1.0 was created based on Java technologies (applying JBoss and Hibernate) and used Oracle database in the background. The original version was upgraded by implementing new authentication protocols in 2008 (v1.1) and 2010 (v1.2). Later, the user authentication server was extended to new function such as manage sessions, tickets and support SSO functionality in order to follow the OASIS SAML international standard.
Currently the supported communication protocol of IDX v2.0 are:
HTTP POST Binding communication method of OASIS SAML (Security Assertion Markup Language), implements AuthnRequest/Response, and NameIDMappingRequest/NameIDMappingResponse messages, applies XMLDSIG (IETF RFC 3275 - (Extensible Markup Language) electronic signatures.
The supported authentication protocols of IDX v2.0 are:
The PIN (Personal Identification Number) module implements a userID and password based user authentication function.
The TAN (Transaction Authentication Number) module implements pre-shared challenge-response pair based user authentication function.
The SMS-OTP (One-Time Password) module implements one-time-password (sent in SMS) based user authentication function.
The HumanAUT (Human Authentication) module implements an only-human understandable challenge-response based user authentication function.
The SSL/TLS (IETF RFC 5246 - The Transport Layer Security (TLS) Protocol (Version 1.2)) module implements client X.509 certificate (during SSL/TLS handshake) based user authentication function.
The PKI (Public Key Infrastructure) module implements a signed challenge-response (randomly generated challenge is put into an on-the-fly generated web form, which is signed by using client smart card, and outputs ETSI TS 101 903 - XML Advanced Electronic Signatures (XAdES) signature file) based user authentication function. (Supports qualified electronic signatures – depending on the environment.)
The HOTP (IETF RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm) module implements a HMAC algorithm (using counter as input) based user authentication function.
The TOTP (IETF RFC 6238 - TOTP: Time-Based One-Time Password Algorithm) module implements a HMAC algorithm (using date and time as input) based user authentication function.
The OAuth1.0a (IETF RFC 5849 - The OAuth 1.0 Protocol) module implements a symmetric key (applied by WEB2 service providers such as Twitter) based user authentication function.
The OAuth2.0 (IETF RFC 6749 - The OAuth 2.0 Authorization Framework) module implements a symmetric key (applied by WEB2 service providers such as Facebook) based user authentication function.
The OCRA (IETF RFC 6287 - OCRA: OATH Challenge-Response Algorithm) module will implement challenge-response extended HOTP/TOTP based user authentication function.
© 2015 E-GROUP All Rights Reserved
