Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

DIGIPASS - VACMAN Middleware

Product Version Certified: DIGIPASS - VACMAN
Middleware 2.2
Certified for use with: Next Generation with Application Intelligence

Product Description: VACMAN MIDDLEWARE Provides out-of-the-box DIGIPASS strong authentication for your Corporate Network Access Security. VACMAN Middleware is an integral part of the DIGIPASS Pack and is available to "VASCO Ready" partners.

 
Key Features and Benefits
OPSEC Integration
Additional Information		 Download
 
 
The Company: VASCO designs, develops, markets and supports patented "Identity Authentication" products for e-business and e-commerce. VASCO's Identity Authentication software is delivered via its Digipass hardware and software security products. For user access control, VASCO's VACMAN products guarantee that only designated Digipass users get access to the application. With over 11 million Digipass products sold and ordered, VASCO has established itself as a world-leader for strong Identity Authentication with 300 international financial institutions and approximately 1,400 blue-chip corporations and governments located in more than 70 countries.
 
Key Features and Benefits

Dynamic User Registration (DUR)
This feature allows VACMAN Middleware to check a username and password not in the database with a back-end RADIUS server or a Windows domain controller and, if username and password are valid, to create the username in the VACMAN Middleware database.

Autolearn Passwords
Saves administrators time and effort by allowing them to change a user's password in one location only. If a user tries to log in with a password that does not match the password stored in the VACMAN Middleware database, VACMAN Middleware can verify it with the back-end RADIUS server or the Windows domain controller and, if correct, store it for future use.

Stored Password Proxy
Allows VACMAN Middleware to save a user's RADIUS server password or Windows domain controller password in the database (static password). User's can then log in with only username and dynamic one-time password (OTP). If this feature is disabled, users must log in with username and static password immediately followed by the OTP.

Token Self Assign
Allows users to assign tokens to them selves by providing the serial number of the token, the static password and the OTP.

Token Auto Assign
Allows automatic assignment of the first available token to a user on user creation. An e-mail with the serial number of the token and the name of the user can be sent to an administrator.

Grace Period
Supplies a user with a certain amount of time (7 days by default) between assignment of a token and the user being required to log in using the OTP. The Grace Period will expire automatically on first successful use of the token.

User Self Management Web Site
A web site running on IIS has been developed to allow users to register themselves to the VACMAN Middleware with their username and back-end (RADIUS or Windows) password, to do a token self assign, to update their back-end password stored in the VACMAN Middleware database, to do a change PIN (Go-1/Go-3 token), to do a token test
 
OPSEC Integration

The integration is based upon the standard RADIUS protocol, which is enabled in the different Checkpoint products (VPN-1, Next Generation etc.).

The RADIUS protocol is used to enforce Strong User Authentication with a Digipass in conjunction with the VACMAN Middleware product.
 
Additional Information

The picture 'Digipass Pack for RADIUS' shows the integration of the CheckPoint Next Generation Firewall with VACMAN Middleware.

Digipass Authetication For Firewall-1 NG [PDF]