This implementation was done for a leading commercial bank, headquartered in Chennai, India, which has completed 100 years of operation.
OBJECTIVE OF THE ESTABLISHMENT
- Secure CBS Login by enabling Biometric based 2nd factor authentication
- Secure Windows Login to enhance security, using Biometric Authentication for Windows Active Directory
THE EXISTING SYSTEM USED BY THE BANK
- No. of users: 7,000+ concurrent users
- CBS – Flexcube
- CBS uses simple password for login into the application, where user shares the password for easy access, which in turn leads to human error and improper audit trails
- Windows Active Directory was protected by Single Factor Authentication (Password)
- Problems with the conventional ‘User ID & Password’ based security systems are:
- Password/Identity theft was possible and exchange of password within colleagues was common
- Password policy was required to ensure consistency and uniformity
- Periodic password changes required to ensure data security
THE BANK’S REQUIREMENT
- Enable 2nd factor fingerprint biometric in CBS
- Windows Active Directory Synchronization
- Password Policy Maintenance
- Automatic, Periodic Password change
- Biometric Integration with Windows Active Directory
- Offline Biometric Verification for Windows Login
HOW PRECISION HELPED SOLVE THE ISSUE?
Precision Biometric proposed InnaIT – 2FA and BioWinAD to be integrated with the existing CBS and Windows Active Directory to provide the required Biometric based authentication
InnaIT – 2FA: The solution is designed to integrate Fingerprint Biometric with the existing application as an enhanced security layer. 2FA solution is a client server / browser-based environment.
2FA consists of the below mentioned three components:
- Client Driver – The client-side driver needs to be installed. It contains the fingerprint capturing and extraction process.
- InnaIT Server – InnaIT Server Component contains the fingerprint matcher, DB and Application Configuration Modules.
- Hardware – Scanner will be connected to every PC/ Thin client via USB port
InnaIT – BioWinAD: The solution is designed to integrate the Biometric solution in a client server / Windows Active Directory based environment. BioWinAD solution consists of the below mentioned four components:
- AD Client – AD client manages Client/Server communication and configuration of the server
- Device Driver – The client-side driver contains the fingerprint capturing and extraction process
- InnaIT Server – InnaIT Server contains Biometric Engine, Database, Configuration and Synchronization Modules
- Password Manager – Password Manager manages the password of Active Directory users and changes the password automatically as per the Active Directory Password Policy and converts the AD password into random string for enhancing security.
HOW DID IT BENEFIT THE ORGANISATION?
This integration by Precision helped the bank enhance security with Biometric Authentication, which preserves the confidentiality of sensitive data. It can also capture User Access Logs for Audit & Compliance.