The Sum of Passwordless Identity Auth

IDExpert Integrates the Latest FIDO Passkey technology for maximum MFA security strength

IDExpert Identity Authentication System

IDExpert combines various identity authentication mechanisms such as FIDO, biometrics, and MFA to strengthen the security level of account login and enhance the efficiency and security of authentication by eliminating weak passwords through biometric verification

As a critical entrance for safeguarding sensitive information in remote work, IDExpert ensures the security of digital and mobile work environments.

MFA (Multi-Factor Authentication)

Strong Authentication, Deploying Zero Trust Architecture

Strong Authentication Mechanism, Secure Enterprise Sensitive Information

Following the principle of zero trust architecture - verify, and keep verifying, IDExpert provides a proactive defense approach through key verification methods. This tailored system helps enterprises prepare for information security at all times, effectively managing massive user data, and easily deploying authentication privileges. It is powerful yet easy to operate, compliant with the National Institute of Standards and Technology (NIST) framework and core mechanism of multi-factor identity authentication.

System Architecture

Zero Trust Architecture, ZTA

All network access is assumed to be untrusted by default. Users, devices, systems, and networks within an organization must be authenticated to access or monitor based on policies and permissions.

The zero trust architecture promulgated by the National Institute of Standards and Technology (NIST) features four core mechanisms: identity authentication, device authentication, device endpoint protection, and network transmission security.

  • Identity Verification: Two-factor authentication.

  • Device Authentication: Identification method using chip-based trust roots.

  • Device Endpoint Threat Detection and Protection: Device anomaly behavior detection and device health management platform.

  • Network Transmission Security: Two-way authentication and TLS (Transport Layer Security) secure encryption channel for transmission.

 

 

 

FIDO Authentication Supports Passwordless Standards

FIDO Passwordless Login for Enhanced Security

  • IDExpert server is also a FIDO Server, allowing users to directly register FIDO devices. Through the SAML protocol, enterprise web pages and cloud services can perform FIDO authentication in the IDExpert SSO Portal.

  • FIDO UAF with mobile push authentication is supported, enabling passwordless authentication through IDExpert. FIDO2, which is used for web login, is also applicable. FIDO2 devices such as mobile phones, Bluetooth, and USB can be used as authentication carriers for multi-factor authentication.

  • To facilitate application system integration for large enterprises such as finance, IDExpert provides the FIDO SDK.

FIDO

FIDO (Fast IDentity Online)

FIDO (Fast IDentity Online) is a network identity standard established by the non-profit organization FIDO Alliance, which ensures the security of server and terminal device protocols during the login process, and uses specific hardware or biometric features to replace traditional passwords for identity authentication。

The security mechanisms of FIDO include:
  • Using the asymmetric public-private key mechanism.

  • Only storing the corresponding public key on the server side.

  • Storing private keys only on the device side for risk mitigation.

FIDO has three major authentication protocols:
  • FIDO UAF replaces passwords with biometric sensors on devices, each device registers an identity and requires separate integration with each application system, suitable for banking apps.

  • FIDO U2F stores public-private keys on USB devices, and users need to insert the USB device for login, requiring separate integration with each application system, suitable for systems that have access to USB devices.

  • FIDO2 supports web applications and can authenticate using various tokens, including UAF and U2F tokens, by calling APIs. Different webpage URLs require registration of different keys, and it is often used with SSO Web Portal.

 

 

 

Passwordless Authentication Perfectly Enhances Security and User Experience

Biometric Identification for Quick Login

With the help of mobile device carriers, users can log in through facial or fingerprint recognition, without the need to remember any alphanumeric characters. Through unique biometric identification, the security of login authentication is made more convenient, fast, and secure, with the user themselves being the best defense factor.

FIDO UAF combined with app push authentication greatly simplifies application system integration process

  • When logging in to the application system, IDExpert can be used to perform FIDO biometric authentication to verify identity. Once registered, it can be used universally for operating systems, network devices, web pages, and more.

  • FIDO UAF combined with app push authentication no longer requires separate system integration, and the authentication devices used do not need to be registered separately, simplifying the traditional FIDO UAF integration process.

Push Notification Verification

With mobile devices, identity verification can be done on-the-go, preventing the risk of account theft and providing users with instant convenience. The verification process is simplified into a One Touch method.

  • Supports various mobile devices.

  • Push content and form can be customized according to business needs.

  • Supports special system devices (VDI/VPN/OWA/WINLOGON).

  • Push messages are sent through the Apple/Google platform and transmitted with full encryption.

 

 

 

Enhancing Cybersecurity Defense with Multi-Factor Authentication

Implementation of OpenID for Secure Single Sign-On in Enterprise Systems

IDExpert adopts OpenID Connect technology, an authentication protocol based on the OAuth 2.0 standard. With the multi-factor authentication mechanism, users can enjoy the convenience of single sign-on while ensuring login security across multiple systems and reducing the risk of account theft.

OpenID Connect: a decentralized authentication protocol based on OAuth 2.0 standards.

Released in 2014, OpenID Connect is an implementation of Single Sign-On (SSO), commonly used by e-commerce, social media, and other web platforms to provide third-party login options like Google and Facebook. OpenID Connect simplifies the login process by eliminating the need for users to enter their personal information.

OpenID Connect combines OAuth 2.0 with JWT (JSON Web Token) for user identity confirmation. It defines the process for verifying user identities and uses JWT to carry user identity data and confirm their login credentials.

OpenID Connect supports cloud services, mobile apps, internal systems, and web applications, making it a widely used and convenient solution for both users and IT personnel. The integration process is smooth and easy, providing a seamless login experience across multiple applications. IDExpert's multi-factor authentication service further enhances information security.

Diverse Authentication with FIDO, OTP, Biometrics,and Push Notifications

Multiple tokens display OTP dynamic passwords, which protect account access security through frequent password changes.

Each account can be bound to up to three tokens, allowing for flexible personal authentication device binding.

Fingerprint
Push App Notification
Mobile OTP
E-mail
SMS
FIDO Token
Fingerprint Drive
Hardware Token
Display Card

Integrated Office365, AWS, SSO, VPN, VDI, and OWA for Wide Applicability and Easy Implementation.

Building on our extensive integration experience, our solutions provide reliable identity verification across various domains with high scalability. Our team offers seamless integration services with quick implementation and real-time customizations.

Connection System Application Supported Firm
Networking System VPN, Firewall, UTM

Jupiter

CISCO

paloalto

fortinet

Array

citrix NetScaler

Check Point

SonicWALL

UUDynamics

DrayTek

A10 Networks

Aruba

Ruckus

f5

NETGEAR

Extreme

ASUS

ZyXEL

Managed Cyber
Security

acom-networks

Sophos

Forcepoint

D-Link

Share Tech

e-soft

WINOC

Server Management Sysytem PAM, SWIFT, KVM

CYBER ARK

SWIFT

ATEN

FreeNX

GSi

ManageEngine

splunk

ANCHOR

Mail Server System Outlook Web Access,
Active Sync, IBM Notes

Exchange

Outlook

Openfind

BOX Solutions

Virtual Platform Management VM PlatForm

Hyper-V

vCENTER

NUTANIX

PROXMOX

Virtual Desktop System VDI

Horizon View

Citrix XenApp

ThinPLUS

Microsoft Remote
Desktop Services

amazon
WorkSpaces

opentext
Exceed

amazon WorkSpaces

Operating System Windows, Linux

Windows

Linux

IBM

Mac OS

Storage System NAS, Storage

QNAP

SynDriver

nextcloud

Dropbox

Synology

Project Management System Redmine, GitLab

REDMINE

GitLab

Enterprise Resource Planning CRM, ERP, HRM

openbravo

SAP

ORACLE

Website Custimization IIS, JAVA Filter, Restful API

php

Microsoft NET

ASP

Java

APACHE

JSP

REST API

Single Sign On / Cloud service SAML

sales force

Akamai

EVERNOTE

nextcloud

Dropbox

office365

aws

Note: contact us for any other integration needs not listed above.

 

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an authentication method that requires users to provide two or more authentication factors to access resources such as applications, online accounts, and VPNs. It's a critical component of a strong Access Management (IAM) strategy, reducing the risk of successful network attacks and protecting against compromised accounts and passwords. MFA ensures secure online transactions and network security for organizations.

Compliant, Market-recognized, and Reliable - Trust Us for Your Cybersecurity Needs!

No More Periodic Password Changes! Let IT Always Be in Control of Your Enterprise Cybersecurity.

  • IT administrators no longer need to periodically change fixed passwords. IDExpert uses dynamic password OTP to provide encryption protection based on secure algorithm principles for each authentication.

  • Combined with comprehensive management functions, it can monitor the interconnection program, verification method, abnormal users, and usage verification status in real-time.

 

Compliance Ensured, Secure Government Entities with IDExpert

  • The Taiwan National Institute for Cyber Security has required "all government agencies urged to strengthen remote access control mechanisms with multi-factor authentication to proactively defend against cybersecurity threats”.

  • The Taiwan Stock Exchange also announced that "financial institutions urged to use two-factor authentication for online trading systems to enhance security.

 

CHANGING Obtains ISO 27001 Certification

We start from within by having an effective information security management system in place, strengthening security protection and safeguarding information assets to ensure uninterrupted business operations. We extend information security from the inside out, providing more reassuring solutions to our customers.

Industry-Tested Expertise for Holistic Information Security Protection

Leading the market in Taiwan with high penetration in government and financial sectors, providing clients with comprehensive Information security protection built on practical experience.