Two Factor Authentication

Sunday, October 16, 2011

Page 1 of 27

Document InformationDOCUMENT CONTROL INFORMATIONAUTHOR Somnath JogiDOCUMENTVERSION 3.0.0.0 KEYWORDS

Page 2 of 27

Proprietary Notice

This document contains confidential information of Omnesys Technologies Pvt Ltd,

which is provided for the sole purpose of permitting the recipient to evaluate the

commercial proposal submitted herewith. In consideration of receipt of this

document, the recipient agrees to maintain such information in confidence and to

not reproduce or otherwise disclose this information to any person outside the

group directly responsible for evaluation of its contents, except that there is no

obligation to maintain the confidentiality of any information which was known to

the recipient prior to receipt of such information from Omnesys Technologies Pvt

Ltd, or becomes publicly known through no fault of recipient, or is received without

obligation of confidentiality from a third party owing no obligation of confidentiality

to Omnesys Technologies Pvt Ltd.

Page 3 of 27

Table of ContentsIntroduction ................................................................................................. 5 Image Authentication .................................................................................... 5 2FA ............................................................................................................. 5

Question Based ......................................................................................... 5 OTP (one time password) ............................................................................ 5 Flow Details ............................................................................................ 26 Login Sequence ....................................................................................... 26 On First Login .......................................................................................... 27

Bypass 2FA ................................................................................................ 27 Reset of Answers /OTP ................................................................................. 27

Page 4 of 27

IntroductionSEBI has mandated 2FA authentication from the next financial year. SEBI circular no CIR/MRD/DP/ 8 /2011.

Question based authentication/OTP (one time password) would be implemented in NEST as an second factor of authentication by the system.Broker can opt for any one of the option.

As an Authentication of the server by the user, images would be displayed

Image Authentication

During registrations client would need to select from the list of images for verification of sites/server for future logins

Authentication:- User would type the Login Id /User id and click on “ok” button- System would retrieve the image selected by the user during registration- User can verify the image and go ahead with the login sequence (entering the

password)

2FATwo factor authentication can be any one of the below

1) Question based2) OTP (one time password)

Question Based

- List of 20 questions would be displayed during registration (first time login), to which answer is taken as input from user.

- This is applicable for both exe users and web users-

Question for 2FA.xlsx

OTP (one time password)- Token would be generated during login which would be active for 3 hours- Token generated would be sent to user thru SMS

SMS gateway is necessary in this case.

1)Login page:

User would type the Login Id /User id and click on “ok” button

NT Login - User would enter the User Name and click on “GO” button

2)Registration-Addition of new users/first time login.

Enter valid password and click on “login”

NT Login -Enter the valid password and click on “Login”

3)Image selection for first time login .

User need to select from list of images for mutual authenticationOM request for this would be om_get_all_mu_images (OM would fetch all the imaged from MRV 2FA details)User would select one of the imagesSelected image index would be stored in MRV user, image would be displayed every time on his login page.

NT Login-Image selection for first time login

-Select an image and click on “GO”

4)Questions

Option of QTNS screen would be based on ini file in NT/WebPage, Also command in OM for the specific authentication (OTP/QTNS)(if QTNS ) 20 questions would be provided by OM, Out of which 5 has to be answeredInput answers by user will be stored

NT Login QTN page:

5)Change password: - For first time login/pwd expiry, pwd needs to be changed.on changing pwd, user should be able to login to an application.

NT Login- Change Password

For first time login/password expiry, password needs to be changed.On changing password, user should be able to login to an application.

6) For second time login -System would retrieve the image selected by the user during registration -User can verify the image and go ahead with the login sequence.

NT Login for second time -System would retrieve the image selected by the user during registration -User can verify the image and go ahead with the login sequence.

7) Authentication -List of 20 questions would be displayed during registration (add user), to which answer is taken as input from user. -This is applicable for both exe users and web users -for every login, these questions should get rearranged. - On clicking submit button, user should be able to login to an application

NT Login Authentication page

If we Do not verify image and enter pwd, it should show an appropriate pop up message:

9) If we enter wrong pwd for 3 times, user should get blocked. -after unblocking, and for next time login, new set of 2 questions should be available for authentication.

NT Login-If we enter wrong password for 3 times,user should get blocked. -After unblocking,and for next time login ,new set of 2 questions should be available for authentication.

10) If we enter wrong answers for 3 times, user should get blocked. -after unblocking, and for next login, new set of 20 questions should be avalible and out of which user should answer 5 questions. (as like in registration)

NT Login-If we enter wrong answers for 3 times, user should get blocked. -After unblocking, and for next login, new set of 20 questions should be available and out of which user should answer 5 questions.(as like in registration)

Flow Details

Login Sequence

On successful authentication of login password:

- System will generate OTP (and this is propagated via sms gateway) or provide the random QTN’s to user

- If the user has not set the answers for the qtns, it has to be prompted- UI would provide the OTP or answers to the qtns based on user input- This would be verified by System.- On successful authentication of the above, UI would be logged in.

On First Login

Part 1 (for Mutual Authentication)

- User need to select from list of 5 random images for mutual authentication- User would select one of the images- Selected image would be stored in the system, image would be displayed

every time on his login page.

Part 2 (2FA)

- Option of OTP or QTNS screen would be based in NT Package/WebPage, Also command in system for the specific authentication (OTP/QTNS) would be provided

- (if QTNS ) 20 questions would be provided by system, Out of which 5 has to be answered

- Input answers by user will be stored

Bypass 2FA

As 2FA is essential for only internet users it might be needed to bypass this for LAN, VSAT users

- Provided a user specific field which would indicate the necessity of 2FA, this can be used to separate users needing 2FA from others

- NT will also have one more configuration to show user existing login window (there would not be there any mutual authentication and 2FA), so a separate package can be given to LAN/Vsat users

Reset of Answers /OTP- ADMIN can reset answers/OTP from modify users window, answers/OTP

would be mailed /SMS to user.