Oracle Adaptive Access Manager – Strong Authentication Overview
While accessing my Bank Account (Indian bank ICICI) over Internet, I noticed Virtual Key Board from Entrustto enter password (good feature but what if by mistake (via phishing email) I land on Phishing Website (duplicate fake ICICI website) with fake Virtual Key Board).
I wish I could configure virtual keyboard on my ICICI bank website to identify that I am on genuine website with genuine Virtual Keypad.
Is this option available in virtual keypad/keyboard from Entrust ? Well… I started hunting for such a product from Oracle’s rich Identity Management Suite and after two days of extensive research I found Bharosa (Trust) now called as Oracle Adaptive Access Manager.
I looked at Oracle’s Virtual Keyboard device and found feature I was behind (something I can configure with my password and can recognize later that Virtual key board belong to me)
Did you notice background on keyboard and word “nice cars” on bottom right ??
What is significance of background and word in Virtual Keyboard ??
Yes, background & keyword on bottom right are configurable option which can help you to identify if Website where you are going to enter your bank details (including virtual key board) is right or not.
Oracle Adaptive Access Manager is NOT limited to Strong Authentication, there is one more product called Adaptive Risk Manager (I am going to cover on Adaptive Risk Manager later).
.
Overview of Oracle Adaptive Access Manager
- Two Component of Oracle Adaptive Access Manager
— Oracle Adaptive Strong Authenticator
— Oracle Adaptive Risk Manager - Adaptive Access Manager is product from company called Bharosa (founded in 2003)acquired by Oracle in Oct 2007.
- Bharosa is hindi word meaning Trust
- Other vendors in Strong Authentication are RSA (EMC) and Entrust
- Two components of Oracle Adaptive Access Manager (Strong Authenticator and Risk Manager) can be implemented independently.
- OAAM (Oracle Adaptive Access Manager) is under Oracle Identity Management suite which is part of Oracle Fusion Middleware Family.
Various Tools/Devices for Strong Authentication
i) KeyPad– virtual keyboard for passwords, credit card number…Protect against Trojan or key board logging
ii) CheckPad or DocPad – Extra check to view sensitive information
iii) Slider(For Mission Critical Applications) – can protect against mouse logging, screen scaping, over-the-shoulder snoop, camera snoop
iv) TextPad – personalized device for entering PIN
You can find Oracle Adaptive Access Manager Documentation here
More on Oracle Adaptive Access Manager including Online & Offline Adaptive Risk Manager coming soon …