This whitepaper details how ArrayShield IDAS Two Factor authentication system can be integrated with Web Applications

1. Two-Factor Authentication Solution for
Web based Applications
Two-Factor Authentication Solution for Web based Applications
Problem with exposing Web applications on the Internet
Web based applications are the ultimate way to take advantage of today’s technology to
enhance the organizations productivity & efficiency. As they provide the opportunity to
access the business information from anywhere in the world saving time and money and
improve the interactivity. As these web applications are hosted in the internet for easy
access for every one there are huge number of attacks possible on these applications.
Statistics show that most of the attacks target to steal the legitimate user’s credentials
and user them to gain access to the sensitive information protected by simple username
and password.
A strong need for two factor authentication is necessary for access to these web
applications which should protect against the attacks like key loggers, phishing, etc.
Solution
ArrayShield innovative two factor authentication system – IDAS provides a simple secure access
to web applications. By using its innovative pattern based authentication it provides One-Time-
Secret-Code for every login transaction without using any smart hardware.
In IDAS every user is shown with a matrix on the login screen which is populated with random
characters for every transaction. User has to choose a pattern which is a sequence of cells in
the matrix and should register the same with the system prior accessing the ArrayShield IDAS
Two-Factor solution. A translucent card is provided to each user which has a similar structured
matrix with transparent and opaque cells and some random characters imprinted on the
opaque cells. Each card is unique in terms of the position of the opaque cells and the characters
imprinted on them.
At the time of accessing the web application, user is shown with the randomly populated matrix
as a challenge. The user overlaps the translucent card on the shown matrix and will key in the
characters present in the chosen pattern in the same order. These characters form the One-
Time-Secret-Code for the user for that transaction. The ArrayShield IDAS server verifies the user
credentials by comparing user’s registered pattern and the pattern values entered by the user.
Access is given to the user if the user credentials are valid.
ArrayShield | info@arrayshield.com Page 1

2. Two-Factor Authentication Solution for
Web based Applications
Integration Flow
The following diagram shows how a web application can be integrated with ArrayShield IDAS to
use its two factor authentication for secure access.
Figure: Integration Flow diagram for the Web application authentication with ArrayShield IDAS
ArrayShield | info@arrayshield.com Page 2

3. Two-Factor Authentication Solution for
Web based Applications
Features
Innovative Technology
ArrayShield IDAS technology is patent pending (globally) and has won several
awards/recognitions in various forums for its innovative concept.
High Level of Security
ArrayShield IDAS product leverages advanced Encryption methodologies (like Industry Standard
AES (128/192/256 bit) algorithms as well as in-house developed advanced cryptographic
techniques) and follows Industry Standard Guidelines and Best Practices.
Ease of Use
ArrayShield IDAS is based on user-intuitive patterns which are easy to remember than complex
passwords than can be easily compromised.
Easy to Integrate
ArrayShield IDAS product will seamlessly integrate with existing enterprise environments with
improved user experience. No expertise is required for integration.
Interoperable System
ArrayShield IDAS can also be configured as add-on module with various products of leading
technology players. Support is available for SAML, LDAP, RADIUS, TACACS protocol etc.
Easy to Deploy
ArrayShield IDAS can be easily deployed in days (not in weeks) because of easy-to-configure API
based system.
Easily Customizable
ArrayShield IDAS product can be easily customized to the unique needs of every organization.
Once deployed, organizations can also configure the security strength and mechanism to the
amount of risk involved in the user’s role and usability requirements.
Highly Scalable
ArrayShield IDAS system can be easily scaled with huge user population without affecting the
performance and usability.
ArrayShield | info@arrayshield.com Page 3

4. Two-Factor Authentication Solution for
Web based Applications
Benefits
Low Total Cost of Ownership
ArrayShield IDAS provides Strong Authentication at a fraction of cost of traditional alternatives.
Minimal Cost is incurred during purchase as well as maintenance. As there is no need of having
costly hardware tokens or transactional costs incurred because of SMS etc, ArrayShield’s
Product provides lowest Total Cost of Ownership. No costly server hardware needed.
Mobility of the user
As ArrayShield uses a simple plastic card that can be carried on the go, it doesn’t have any
dependencies. Hence user will be able to access the application any-time, any-where.
Provides peace of mind
Protects Organizations and customers from Online Identity and data theft, hence provide peace
of mind.
Provides Compliance with regulations
Regulatory agencies agree that passwords are a weak link and are requiring companies to
implement stronger authentication. ArrayShield is a rapid, cost-effective way to comply with
Industry Guidelines, Security Standards and other Industry regulations.
Conclusion
By using ArrayShield IDAS Two-Factor authentication solution, organizations can enable secure
access to their Web Applications. The solution will make organizations of all sizes and
complexities protect from the malicious attacks happening on the web applications.
ArrayShield IDAS solution is designed to integrate with your existing web application to
minimize downtime and to avoid huge deployment costs that other solutions have. ArrayShield
IDAS works seamlessly with all kind of web applications which are developed in various
languages like Java, .NET, python and PHP. The convenient web management console gives
administrators an added tool that makes managing accounts easier.
ArrayShield | info@arrayshield.com Page 4