N E T R U S T

Secure Sign-On Solution

Managing user IDs/passwords and access rights of users in a large and security-sensitive environment is a major challenge. As the number of mission critical applications in an organisation increases, IT managers face a multitude of challenges:

How can multiple e-commerce applications and their access control permissions be managed effectively and securely?
How can the number of different security models and implementations by different software development teams be reduced?
How can the cost of managing hundreds or thousands of different users (employees, partners, customers, etc.), their credentials and privileges be reduced?
How can an enterprise-wide security policy for different applications and users be enforced?
How can we achieve single sign-on for web-based and non-web-based applications?

i-Sprint AccessMatrix

With a patent-pending Segmented Hierarchy-Based Security Administration And Authorization Framework, AccessMatrix is a new generation of enterprise access control and security administration system that effectively addresses the challenges in managing security for large user communities within a single organization or across multiple organizations.

With practical and powerful features to address the needs of large organizations, AccessMatrix provides centralized authentication, authorization and audit services for users to securely access different e-commerce and enterprise resources i.e. web and application servers. It provides centralized policy management services for administrators to easily and effectively manage application permissions, user privileges, and security policy throughout the entire organization.

Key Benefits and Unique Features of AccessMatrix

Improved Application Security
Security related business rules are defined and managed within AccessMatrix to avoid hard-coding within applications. AccessMatrix offers a flexible and cost effective infrastructure to manage access rights and business rules. The security architecture accelerates application development, promotes better software re-use and reduces application maintenance efforts.

Enhanced Multi-Tier Application Support
The security framework supports multi-tier application environments and enables organizations to deploy a single security infrastructure to support both web and non-web based applications. The flexibility to integrate with most common web servers and application servers reduces application design complexity and strengthens security within the enterprise.

Single Sign-On and Support for Multiple Authentication Methods
AccessMatrix provides single sign-on capability to all applications in the enterprise. This feature can be extended across multiple domains to address the limitations of the current web environment. Using the standard PAM (Plugable Authentication Method) framework, AccessMatrix supports various authentication mechanisms:

Static passwords

Dynamic passwords

X.509 digital certificates

Other authentication schemes

The authentication method required for users to access business applications can be specified by security administrations without modification of the application source code.

Simple User Management
Users and their privileges are defined within AccessMatrix, offering a unique and efficient approach to the management of user access to applications in the enterprise. The patent-pending segmented hierarchy-based security administration and authorization framework enables security administrators to be appointed at every level of the organization structure, or even extended to include external organizations i.e. customers and business partners to allow the management of IDs and user rights by their own security administrators.

AccessMatrix can leverage an organization’s existing user registries, e.g. LDAP, Microsoft NT Domain or Active Directory, etc. to further simplify user management. This integration approach greatly simplifies the implementation effort throughout the enterprise.

Centralized Enforcement of Enterprise-Wide Security Policy
Enterprise-wide security policies can be defined and managed by AccessMatrix in a segmented hierarchy that closely mirrors a company’s existing organization structure. Security policy can therefore be controlled and enforced from a company’s headquarters to all subsidiaries, departments and other internal and external business units.

Built-In Support For Best Security Practices & Principles
AccessMatrix supports the principles of least privilege and segregation of duties. The product clearly segregates the job function between the security administration and the system administration. Security administrators are assigned granular administration rights according to their job functions. Maker-Checker control can be used to further ensure that modification submitted by one administrator must be approved by another administrator before the proposed changes become effective. In addition, AccessMatrix can ensure that the same user will not be assigned to multiple roles that may cause conflicts of interest.