|
|
|
|
|
The
Idea |
|
|
|
TESIS/Password Reset (PWR) is a client/server application with an intranet front-end (Java applet) for the automatic and secure password reset in a variety of computer and application systems. TESIS/PWR enables the user to keep downtimes and expenses to a minimum in the event of forgotten passwords.
TESIS/PWR has been developed because the continuous growth of client/server applications at large enterprises created a situation where numerous users are required to remember a large number of computer access authorizations with their respective user identifications and passwords. Forgotten passwords are responsible for significant costs: In large companies, administrators and helpdesk staff are faced with thousands of requests for password resets each month. By allowing a user to reset his or her forgotten password with the help of two colleagues, TESIS/PWR makes system administrators and helpdesk personnel available for other tasks.
The application is implemented as an intranet application where a central Java applet provides the user guidance and the communications with the server component. This eliminates the need for an installation or configuration on the client side. Immediately upon its installation on an intranet server, TESIS/PWR is available to all employees who have access to a PC with Java-enabled web browser and connection to the internet.
|
|
|
|
|
|
|
|
The
Product |
|
|
|
USER-FRIENDLY
As a rule, different service locations are responsible for making password resets on different systems. Thus, in order to get a password reset, the user must first find out who is in charge of the particular system. TESIS/PWR allows the bundling of all systems in a single application. The result is a standardized and simple procedure for all systems.
TIME-SAVING
The reset procedure is taking place immediately after the machine-based application has been filled out properly. Extended downtime periods – for example due to a vacant service site – can thus be avoided to a large extent.
SECURE
Security is primarily achieved by the requirement that two co-workers from the same department as the applicant confirm the password reset by means of their own respective passwords. In addition, a machine-generated initial password is used to increase the level of security. The protection of the entered passwords and returned initial password is provided by a powerful cryptography.
FULLY AUTOMATIC
The password reset can be executed through an intranet application. Manual intervention or assistance by a hotline service are no longer required.
TRACEABLE
An extensive audit transcript allows the verification and control of every action, even several months later.
EXTENDABLE
The system has been designed to facilitate the integration of additional systems (computers, applications with authentication mechanisms) into the password reset at any time.
|
|
|
|
|
|
|
|
The
Highlight |
|
|
|
TESIS/PWR consists of an applet which provides the user guidance and leads the user through every step of the reset procedure until the new initial password is displayed.
After starting TESIS/PWR in the web browser, the user enters the specific user ID for which a password reset is to be performed. Next, the user selects the target systems and authorizes the password reset – usually with the assistance of two colleagues. If employee A has forgotten his password, he can reset it himself with the help of co-worker B and co-worker C. TESIS/PWR supports a list of "Super Users" who are eligible to authorize password resets for specific departments without the requirement for a "second pair of eyes".
The servlet communicates with the central authentication site (mainframe) in order to verify the users on the basis of their user IDs and passwords. Logically consistent abstraction makes it possible to use other mechanisms as well, for example an LDAP server. In order to execute the password resets, the servlet establishes contact with password reset agents that perform the operation on the various target systems (TSS/RACF, Unix/NIS). Additional agents (databases, LDAP directories, etc.) are easily integrated due to the flexible TESIS/PWR architecture.
In the next version, TESIS/PWR will support authentication by means of PGP signatures. In addition, it will implement the client-side authentication through the SSL protocol with X.509 certificates, i.e. the user proves his identity by means of a smartcard or biometric data.
|
|
|
|
|
|
|
|
|
|
The
Security |
|
|
Security is of the utmost importance in TESIS/PWR: Any communication between the applet and the servlet takes place via http. A cryptographic layer has been established on this protocol: A hybrid TripleDES/RSA procedure encodes the application data. The communication with the agents is based on a symmetrical session-key process put on top of the RPC protocol.
The password resets that have been performed are recorded in order to recognize any occurrence of misuse. Every user is able to get a display, via intranet, of the most recent password resets in respect of his user ID, and is thus in a position to detect unauthorized password resets. Furthermore, an automatic e-mail notification concerning the password reset execution is sent to the respective user.
|
|
|
|
|
|
|
|
|
|
| |
TESIS
Home
