While accessing my Bank Account (Indian bank ICICI) over Internet, I noticed Virtual Key Board from Entrustto enter password (good feature but what if by mistake (via phishing email) I land on Phishing Website (duplicate fake ICICI website) with fake Virtual Key Board).
I wish I could configure virtual keyboard on my ICICI bank website to identify that I am on genuine website with genuine Virtual Keypad.
Is this option available in virtual keypad/keyboard from Entrust ? Well… I started hunting for such a product from Oracle’s rich Identity Management Suite and after two days of extensive research I found Bharosa (Trust) now called as Oracle Adaptive Access Manager.
I looked at Oracle’s Virtual Keyboard device and found feature I was behind (something I can configure with my password and can recognize later that Virtual key board belong to me)
Did you notice background on keyboard and word “nice cars” on bottom right ??
What is significance of background and word in Virtual Keyboard ??
Yes, background & keyword on bottom right are configurable option which can help you to identify if Website where you are going to enter your bank details (including virtual key board) is right or not.
Oracle Adaptive Access Manager is NOT limited to Strong Authentication, there is one more product called Adaptive Risk Manager (I am going to cover on Adaptive Risk Manager later).
.
Overview of Oracle Adaptive Access Manager
- Two Component of Oracle Adaptive Access Manager
– Oracle Adaptive Strong Authenticator
– Oracle Adaptive Risk Manager - Adaptive Access Manager is product from company called Bharosa (founded in 2003)acquired by Oracle in Oct 2007.
- Bharosa is hindi word meaning Trust
- Other vendors in Strong Authentication are RSA (EMC) and Entrust
- Two components of Oracle Adaptive Access Manager (Strong Authenticator and Risk Manager) can be implemented independently.
- OAAM (Oracle Adaptive Access Manager) is under Oracle Identity Management suite which is part of Oracle Fusion Middleware Family.
Various Tools/Devices for Strong Authentication
i) KeyPad- virtual keyboard for passwords, credit card number…Protect against Trojan or key board logging
ii) CheckPad or DocPad – Extra check to view sensitive information
iii) Slider(For Mission Critical Applications) – can protect against mouse logging, screen scaping, over-the-shoulder snoop, camera snoop
iv) TextPad – personalized device for entering PIN
You can find Oracle Adaptive Access Manager Documentation here
More on Oracle Adaptive Access Manager including Online & Offline Adaptive Risk Manager coming soon …
Related Posts for OAAM
- Oracle Adaptive Access Manager – Strong Authentication Overview
- Oracle Adaptive Access Manager 10g R3 – Released, New Features
- Oracle Adaptive Access Manager (OAAM) for beginners
- OAAM KBA : Option to configure Registration Logic is missing
- OAAM Login image missing on AuthentiPad (TextPad) Login Screen oaam_images : setDomainEnv.sh
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
4 users commented in " Oracle Adaptive Access Manager – Strong Authentication Overview "
Follow-up comment rss or Leave a TrackbackThanks, Atul.
Good contents. It would be great if you could add OAAM process flow architecture with steps explained.
Regards.
Rajesh
Hi, Atul.
Can you please let me know if OIF_SP does not have federated user’s data in it’s repository, what are the steps to get attributes in SAML 2.0 mapped to the users data in IdM store at OIF_SP? If it is at all required to have federated users’ data in OIF_SP IdM store then how it is created and used in federation scenario? Pl. let me know, it’s very urgent.
Regards.
Rajesh
I am looking for a OAAM expert in the US, if there is anyone interested consulting please let me know
contact me on mike.ramon@knacksystems.com
Is this for the MDEE job…:)
Leave A Reply