eCobra Server

We developed an authentication server that can be integrated with any application. Our customer, i.e. the operator of an application providing a particular service, integrates eCobra Server and thus effects the implementation of technology for strong authorisation of access to the given application. The character of the protected application has no impact on the functioning of eCobra Server.

eCobra_en

eCobra Server was named the best application in the Windows Azure competition of February 2011. A cloud provider can successfully approach customers who need a solution for secure authorisation but, due to technical or business reasons, cannot or do not want to operate an authentication server themselves.

poweredByWA

Product history

We have delivered this authentication server as a component of electronic banking solutions to customers from a range of leading Czech and Slovak banks. Our customers value the possibility to select from a broad offer of methods for authorising user access which always precisely correspond to their business focus while also satisfying their security requirements. Based on the outstanding experience and interest of customers, we have prepared the authentication server as a separate product. eCobra Server is a highly universal product in that it handles authorisation of user access independently of the nature of the client application.

eCobra has also proven itself as a separate product. As a web service for authorising user access, it is particularly popular among customers in the banking sector; in these cases, eCobra Server is the central security element for various electronic banking distribution channels.

Concept

eCobra Server verifies a single-use, time-dependent numeric code for authorising users who want to sign into a software application. The generated single-use code (and its subsequent verification) can also be expanded with additional information (for example, items from a payment-order form). Afterwards, the single-use code serves as a "signature" and protects the sent data (for example, payment order data) against unauthorised modification. eCobra Server thereby achieves protection against highly dangerous types of attacks which pose a threat not only in the case of software applications for the area of banking (and finance generally).

eCobra Server supports:

  • eCobra Token, a unique, proprietary solution for mobile authorisation (applications for mobile telephones);
  • software and hardware authentication tokens from VASCO® and SafeNet;
  • SMS authorisation;
  • GRID cards;
  • code tables (TAN);
  • as well as common static passwords and PINs (for achieving basic security or as a safeguard against misuse of other security methods).

 eCobra Server also offers administration of accessory devices. It supports the production of certain devices - GRID cards and code tables - and security envelopes (mailers and PIN envelopes).

Examples: Sign-on of a user with a single-use password; payment-order authorisation with a single-use code (the code's dependence on payment-order data ensures that the order will not be altered).

Technical properties

The client application sends a request for code verification; eCobra Server verifies it using data in its database and sends a reply to the application. The application's properties determine how it reacts in relation to a positive or negative result (i.e. whether it allows/denies access by the user or his/her request).

eCobra Server makes it possible to choose from certain universal interfaces for integration with client applications (based on XML/SOAP or WCF) and thus complies with SOA requirements.

Implemented technologies:

  • Platform: .NET framework 3.0,.NET framework 3.5
  • Database: MS SQL, possibly others
  • User interface: pages built on ASP.NET, MS IIS 6.0 webserver, MS IIS 7.0 webserver
  • Communication with applications: WCF, SOAP, proprietary protocol

EN_rgb_WS12R2_Cert_Blu286_1_2.png Logo__WS12_Cert_Blu286_1.png workswith

eCobra demo

To access the eCobra demo, click on the link below.

The eCobra authentication server demo

 

Home

Windows Azure, Windows Server 2008