While a lot of the other products tested cover secure authentication to your existing servers or network, Thales's SafeSign Authentication Server is a bit different. It's designed to add security and authentication to transactional-based applications, particularly financial ones, so it's of particular interest to those developing e-commerce applications.
Building SafeSign into an existing application requires using its APIs, which means that you'll have to plan and thoroughly test its deployment.
Fortunately, Thales can provide training and integration help, so that you can write your applications to pass off authentication to the SafeSign Authentication Server.
The software can run on virtually any Java-supported operating system, from Windows to Linux. The fact that it uses Java, though, means you'll need developers who are proficient in this language or can work with the provided SOAP interface to integrate the server into your infrastructure.
Management of the system is through the Java-based management console, which can be used to oversee multiple authentication servers. Users can either be entered directly or imported from the usual range of common sources, including databases and LDAP servers.
The level of security applied to each user can be varied, and SafeSign supports an impressive array of authentication methods. At the bottom end are encrypted passwords, but support for tokens adds an additional layer.
We were provided a Xiring smart-card reader, which can be used with EMV smart cards including bank credit and debit cards to generate OTPs. Or, if you use the handheld Thales personal security module, you can generate authentication codes for transaction-based applications.
Public key infrastructure is often time consuming and processor-intensive for servers, so Thales also offers a SafeSign CryptoModule appliance, which lets you offload DES, 3DES, SSL, RSA and M^D5 functions from the server.
Thales' SafeSign server provides a strong authentication and verification service, with a lot of flexibility. However, it is complex to use and has to be carefully integrated with your e-commerce applications, so it's not ideal if you just want to add security to remote access or general network access.