Identity Exchange Platform
IDX is a cloud-enabled Identity Management and Secure Data‑Exchange software with federation SSO implementation that allows business entities, government agencies, and third-party services to manage multiple identities and exchange information across computer networks and cloud computing environments.
Instead of monolithic architecture and authentication-based functionality, our solution ensures modularity and flexibility at both authentication and user attribute exchange (provisioning) procedures e.g. for e-government or other complex service environments such as mobile operators’ subscriber identity roaming.
Instead of importing user credentials (from e.g. Active Directory) of a company to an external database (e.g. into cloud), our solution supports storing all sensitive data in the secure environment of company.
Instead of applying pure and only PKI-based technologies, our solution implements and enables a wide spectrum of authentication modules (e.g. Time-based OTP or SSL/TLS client authentication and even OAuth2 protocols).
Instead of creating developer-specific interfaces, our solution supports SAML protocol in order to fully comply with STORK (Secure idenTity acrOss boRders linKed) project specifications and eIDAS Regulation (EU) No 910/2014.
The IDX multi-protocol user authentication server was designed and implemented based on needs of e‑government and large enterprises in 2004.
The first edition labeled v1.0 was created based on Java technologies (applying JBoss and Hibernate) and used Oracle database in the background. The original version was upgraded by implementing new authentication protocols in 2008 (v1.1) and 2010 (v1.2). Later, the user authentication server was extended to new function such as manage sessions, tickets and support SSO functionality in order to follow the OASIS SAML international standard.
Currently the supported communication protocol of IDX v2.0 are:
HTTP POST Binding communication method of OASIS SAML (Security Assertion Markup Language), implements AuthnRequest/Response, and NameIDMappingRequest/NameIDMappingResponse messages, applies XMLDSIG (IETF RFC 3275 - (Extensible Markup Language) electronic signatures.
The supported authentication protocols of IDX v2.0 are:
The PIN (Personal Identification Number) module implements a userID and password based user authentication function.
The TAN (Transaction Authentication Number) module implements pre-shared challenge-response pair based user authentication function.
The SMS-OTP (One-Time Password) module implements one-time-password (sent in SMS) based user authentication function.
The HumanAUT (Human Authentication) module implements an only-human understandable challenge-response based user authentication function.
The SSL/TLS (IETF RFC 5246 - The Transport Layer Security (TLS) Protocol (Version 1.2)) module implements client X.509 certificate (during SSL/TLS handshake) based user authentication function.
The PKI (Public Key Infrastructure) module implements a signed challenge-response (randomly generated challenge is put into an on-the-fly generated web form, which is signed by using client smart card, and outputs ETSI TS 101 903 - XML Advanced Electronic Signatures (XAdES) signature file) based user authentication function. (Supports qualified electronic signatures – depending on the environment.)
The HOTP (IETF RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm) module implements a HMAC algorithm (using counter as input) based user authentication function.
The TOTP (IETF RFC 6238 - TOTP: Time-Based One-Time Password Algorithm) module implements a HMAC algorithm (using date and time as input) based user authentication function.
The OAuth1.0a (IETF RFC 5849 - The OAuth 1.0 Protocol) module implements a symmetric key (applied by WEB2 service providers such as Twitter) based user authentication function.
The OAuth2.0 (IETF RFC 6749 - The OAuth 2.0 Authorization Framework) module implements a symmetric key (applied by WEB2 service providers such as Facebook) based user authentication function.
The OCRA (IETF RFC 6287 - OCRA: OATH Challenge-Response Algorithm) module will implement challenge-response extended HOTP/TOTP based user authentication function.
Organizations from a variety of industries have chosen IDX to manage identity and secure data exchanges.
International retail bank in Poland and Ukraine
Implementing interface to GSMA OneAPI Exchange and GSMA Mobile Connect (under development)
Implementing interface to eduID (under development)
E-Group (Est.1993) is a software group specialized in information security, secure
financial payment transactions, and smart multimedia messaging products and services. E-Group has unique cryptographic data security and communication solutions for large corporate and special government services sectors where confidentiality of information really matters.
© 2015 E-GROUP All Rights Reserved
