 Subscribe to the RSS Feed & Get All The Conference News As It Happens! |
|
|
soawse-eos-banner
The Most Significant SOA and Open Source Events of 2007!
|
|
|
Enterprise Open Source Session Mass-Market Two-Factor Authentication using Open Source Technologies
Mass-Market Two-Factor Authentication using Open Source Technologies
Feb. 21, 2006 11:00 AM
One-time password (OTP) based two-factor authentication solutions are commonly used to secure VPNs, web sites, and online transactions. They are much more secure than authentication methods based on static passwords. In fact, the US government mandates that all online banking services must adopt two-factor authentication by the end of 2006. However, existing OTP systems are expensive to implement for mass market online services for two reasons: first, a security token device, which generates OTPs, must be distributed to the user and properly managed; second, the authentication software is expensive and integration with existing Java EE web sites is not trivial. Recent advances in open source security solutions in both Java EE and Java ME allow us to develop cheap two-factor authentication solutions for the mass market.
In this hands-on session, we will discuss how to integrate a stack of open source tools and frameworks to enable end-to-end two-factor authentication for Java EE servers. Any user with a Java ME mobile phone will be able to use the service. Open source tools covered in this talk include: Apache Directory Server (a pure Java directory server with Kerberos authentication service support, see http://directory.apache.org/), Haukey (the J2ME OTP generator for mobile phones, see http://hauskeys.safehaus.org/), and Triplesec (server side OTP generator, the management interface and application server integration kits, see http://triplesec.safehaus.org/). At the end of the session, you will be able to add two-factor authentication services to better protect your web site users (and yourself) for free.
About Michael Juntao YuanMichael Juntao Yuan is a member of JDJ's editorial board. He is the author of three books. His latest book, "Nokia Smartphone Hacks" from O'Reilly, teaches you how to make the most out of your mobile phone. He is also the author of "Enterprise J2ME" - a best-selling book on mobile enterprise application development. Michael has a PhD from the University of Texas at Austin. He currently works for JBoss Inc. You can visit his Web site and blogs at www.MichaelYuan.com/.
Reader Feedback: Page 1 of 1
#4 |
Arnnei commented on 9 May 2006
The first company in the market to offer J2ME based TFA OTP was Mega AS Ltd (www.megaas.co.nz) who designed and applied for patents in 2003 for its J2ME OTP Cellular Authentication Token (CAT).
Using the CAT, Mega AS has also developed the concept of eAuthentication Service and offers it to SMEs who don't want to install and manage its own Server Authentication module.
It is recommended to use authorized and patented solutions rather then Open Source that may be open for IP charges.
|
#3 |
Arnnei commented on 9 May 2006
The first company in the market to offer J2ME based TFA OTP was Mega AS Ltd (www.megaas.co.nz) who designed and applied for patents in 2003 for its J2ME OTP Cellular Authentication Token (CAT).
Using the CAT, Mega AS has also developed the concept of eAuthentication Service and offers it to SMEs who don't want to install and manage its own Server Authentication module.
It is recommended to use authorized and patented solutions rather then Open Source that may be open for IP charges.
|
#2 |
Arnnei commented on 9 May 2006
The first company in the market to offer J2ME based TFA OTP was Mega AS Ltd (www.megaas.co.nz) who designed and applied for patents in 2003 for its J2ME OTP Cellular Authentication Token (CAT).
Using the CAT, Mega AS has also developed the concept of eAuthentication Service and offers it to SMEs who don't want to install and manage its own Server Authentication module.
It is recommended to use authorized and patented solutions rather then Open Source that may be open for IP charges.
|
#1 |
Christian Donner commented on 9 Feb 2006
For those who don't want to program yet want to have an Open Source-based two-factor enterprise-class authentication solution (with Radius server), there is smsRadius:
http://smsradius.us/images/architecture.jpg
smsRadius sends and receives short messages, connects with any network resources that use Radius authentication (e.g. most hardware firewalls), and includes a full-fledges PKI with Web-based certificate management for users.
|
SOA World Latest Stories By Elizabeth White  SYS-CON Events announced today that Webroot, a leading provider in Web and Email Security, will exhibit at SYS-CON's 7th International Cloud Expo, which will take place on November 1–4, 2010, at the Santa Clara Convention Center in Santa Clara, CA.
Webroot provides industry-leading se... | By Pat Romanski  When building a utility or cloud business plan, Wall Street IT can provide important lessons.
In his session at the 7th International Cloud Expo, Mike Tardif, President of Adaptivity, will lay out a blueprint for the CIO on how to define, fund and implement a successful transition fro... | By Maureen O'Gara  Dell pulled out of the race to acquire 3PAR Thursday morning after HP upped its $30-a-share bid of last Friday to $33 a share, pushing 3PAR's valuation past $2 billion to roughly $2.1 billion.
3PAR sent out a statement Thursday morning saying that Dell went to $32 before the three-day... | By Maureen O'Gara  HP has upped its $30-a-share bid for 3PAR last Friday to $33 a share, pushing 3PAR’s valuation past $2 billion to about $2.1 billion.
3PAR sent out a statement Thursday morning saying that Dell went to $32 before the three-day clock ran out on it Wednesday at midnight, and HP counter... | By Elizabeth White  SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, has been named “Platinum Sponsor” of SYS-CON’s 7th International Cloud Expo, which will take place on November 1–4, 2010, at the Santa Clara Convention Center in Santa Clara, CA.
Red Ha... | By Liz McMillan  Hiperos, LLC, a provider of on-demand solutions for extended enterprise management, announced on Thursday that Microsoft Corp. will use Hiperos to manage all critical aspects of the supplier lifecycle – from initial supplier registration and assessment of risk to active measurement of ... |
|
Untitled Document
|
Sponsorship Opportunities
|
| SOAWorld will deliver the #1 i-technology educational and networking opportunity of the year.
|
|
|
Please call
(201)802-3020 |
|
|
|
Who Should Attend?
|
| CEOs and CTOs, senior architects, project managers, Web programmers, Web designers, technology evangelists, user interface architects, consultants, and anyone looking to stay in front of the latest Web technology! |
|
SOAWorld Magazine is the leader in delivering technical and strategic insights on the worlwide adoption of web services as the key distributed computing paradigm, and as those services are deployed through specific service-oriented architectures (SOAs).
|
 |
Virtualization Magazine is the breakthrough publication covering the architectural concepts and implementation of IT asset virtualization as realized through the adoption of distributed computing paradigms, including the deployment of service-oriented architectures (SOAs). |
|
SOAWorld 2007 West Speakers Include...
|
|
SYS-CON EVENTS
|
|
|
SOAWorld 2007 East Delegates Represented...
|
• AccuRev
• Adea Solutions
• Adobe Systems, Inc [3 delegates]
• ADP
• Aeropostale, Inc
• Aetna
• Akbank Training Center
• American Family Insurance
• American International College
• American Modern Insurance
• Amphion Innovations
• Amplify LLC, Clipmarks [2 delegates]
• Anderson Consulting
• Arrow Electronics [3 delegates]
• Ashcroft Inc
• Athabasca University
• ATS
• Audatex
• Avanade, Inc.
• Avaya Inc. [5 delegates]
• Azul [2 delegates]
• Backbase [2 delegates]
• Bank of America
• Bank of NY
• Barnes and Noble
• Barnex Investment International Limited
• BEA
• Bear Stearns [2 delegates]
• Bendel Newspaper Company Limited
• BizInnovative
• Bloomberg [2 delegates]
• BlueBrick Inc.
• BMC Software
• Boeing
• Bottomline Technologies [2 delegates]
• BP
• Broadcom
• CA [2 delegates]
• CalAmp [2 delegates]
• California Department of Social Services
• Cape Clear
• CareFirst, Inc.
• Car-Part.com [2 delegates]
• Centric CRM [4 delegates]
• Chariot Solutions [4 delegates]
• Chordiant Software [2 delegates]
• Cisco Systems [2 delegates]
• Citrix Systems, Inc.
• City of New York
• Cneils
• Comcast [2 delegates]
• Community Connect [2 delegates]
• Composite Software [5 delegates]
• Conservation International
• Consultant eds / wamventures.com
• Control Module, Inc.
• Corporate Technology Partners
• CorraTech [2 delegates]
• Cortlandt Technology Partners [2 delegates]
• CPUC
• Credit Suisse
• CRIMSONLOGIC PTE LTD [2 delegates]
• Critical Resource Tech
• Crosscheck Networks
• Cyberboom
• Cynergy Systems, Inc. [2 delegates]
read more...
|
|
About Newsfeeds / Video Feeds
.gif)
