Two Factor Authentication - Cochin Stock Exchangecochinstockexchange.com/csbl/2FA.pdf · Two factor...
Transcript of Two Factor Authentication - Cochin Stock Exchangecochinstockexchange.com/csbl/2FA.pdf · Two factor...
Document InformationDOCUMENT CONTROL INFORMATIONAUTHOR Somnath JogiDOCUMENTVERSION 3.0.0.0 KEYWORDS
Page 2 of 27
Proprietary Notice
This document contains confidential information of Omnesys Technologies Pvt Ltd,
which is provided for the sole purpose of permitting the recipient to evaluate the
commercial proposal submitted herewith. In consideration of receipt of this
document, the recipient agrees to maintain such information in confidence and to
not reproduce or otherwise disclose this information to any person outside the
group directly responsible for evaluation of its contents, except that there is no
obligation to maintain the confidentiality of any information which was known to
the recipient prior to receipt of such information from Omnesys Technologies Pvt
Ltd, or becomes publicly known through no fault of recipient, or is received without
obligation of confidentiality from a third party owing no obligation of confidentiality
to Omnesys Technologies Pvt Ltd.
Page 3 of 27
Table of ContentsIntroduction ................................................................................................. 5 Image Authentication .................................................................................... 5 2FA ............................................................................................................. 5
Question Based ......................................................................................... 5 OTP (one time password) ............................................................................ 5 Flow Details ............................................................................................ 26 Login Sequence ....................................................................................... 26 On First Login .......................................................................................... 27
Bypass 2FA ................................................................................................ 27 Reset of Answers /OTP ................................................................................. 27
Page 4 of 27
IntroductionSEBI has mandated 2FA authentication from the next financial year. SEBI circular no CIR/MRD/DP/ 8 /2011.
Question based authentication/OTP (one time password) would be implemented in NEST as an second factor of authentication by the system.Broker can opt for any one of the option.
As an Authentication of the server by the user, images would be displayed
Image Authentication
During registrations client would need to select from the list of images for verification of sites/server for future logins
Authentication:- User would type the Login Id /User id and click on “ok” button- System would retrieve the image selected by the user during registration- User can verify the image and go ahead with the login sequence (entering the
password)
2FATwo factor authentication can be any one of the below
1) Question based2) OTP (one time password)
Question Based
- List of 20 questions would be displayed during registration (first time login), to which answer is taken as input from user.
- This is applicable for both exe users and web users-
Question for 2FA.xlsx
OTP (one time password)- Token would be generated during login which would be active for 3 hours- Token generated would be sent to user thru SMS
SMS gateway is necessary in this case.
1)Login page:
User would type the Login Id /User id and click on “ok” button
NT Login - User would enter the User Name and click on “GO” button
3)Image selection for first time login .
User need to select from list of images for mutual authenticationOM request for this would be om_get_all_mu_images (OM would fetch all the imaged from MRV 2FA details)User would select one of the imagesSelected image index would be stored in MRV user, image would be displayed every time on his login page.
4)Questions
Option of QTNS screen would be based on ini file in NT/WebPage, Also command in OM for the specific authentication (OTP/QTNS)(if QTNS ) 20 questions would be provided by OM, Out of which 5 has to be answeredInput answers by user will be stored
5)Change password: - For first time login/pwd expiry, pwd needs to be changed.on changing pwd, user should be able to login to an application.
NT Login- Change Password
For first time login/password expiry, password needs to be changed.On changing password, user should be able to login to an application.
6) For second time login -System would retrieve the image selected by the user during registration -User can verify the image and go ahead with the login sequence.
NT Login for second time -System would retrieve the image selected by the user during registration -User can verify the image and go ahead with the login sequence.
7) Authentication -List of 20 questions would be displayed during registration (add user), to which answer is taken as input from user. -This is applicable for both exe users and web users -for every login, these questions should get rearranged. - On clicking submit button, user should be able to login to an application
9) If we enter wrong pwd for 3 times, user should get blocked. -after unblocking, and for next time login, new set of 2 questions should be available for authentication.
NT Login-If we enter wrong password for 3 times,user should get blocked. -After unblocking,and for next time login ,new set of 2 questions should be available for authentication.
10) If we enter wrong answers for 3 times, user should get blocked. -after unblocking, and for next login, new set of 20 questions should be avalible and out of which user should answer 5 questions. (as like in registration)
NT Login-If we enter wrong answers for 3 times, user should get blocked. -After unblocking, and for next login, new set of 20 questions should be available and out of which user should answer 5 questions.(as like in registration)
Flow Details
Login Sequence
On successful authentication of login password:
- System will generate OTP (and this is propagated via sms gateway) or provide the random QTN’s to user
- If the user has not set the answers for the qtns, it has to be prompted- UI would provide the OTP or answers to the qtns based on user input- This would be verified by System.- On successful authentication of the above, UI would be logged in.
On First Login
Part 1 (for Mutual Authentication)
- User need to select from list of 5 random images for mutual authentication- User would select one of the images- Selected image would be stored in the system, image would be displayed
every time on his login page.
Part 2 (2FA)
- Option of OTP or QTNS screen would be based in NT Package/WebPage, Also command in system for the specific authentication (OTP/QTNS) would be provided
- (if QTNS ) 20 questions would be provided by system, Out of which 5 has to be answered
- Input answers by user will be stored
Bypass 2FA
As 2FA is essential for only internet users it might be needed to bypass this for LAN, VSAT users
- Provided a user specific field which would indicate the necessity of 2FA, this can be used to separate users needing 2FA from others
- NT will also have one more configuration to show user existing login window (there would not be there any mutual authentication and 2FA), so a separate package can be given to LAN/Vsat users
Reset of Answers /OTP- ADMIN can reset answers/OTP from modify users window, answers/OTP
would be mailed /SMS to user.