SAP Authentication 365 Run Simpler with SAP Digital Interconnect

Online Security is Everyone’s Concern & 2FA is the answer SAP conducted a survey of attendees (with an average respondent group size of 172) during Mobile World Congress 2016 in Barcelona. Respondents were asked to answer questions about mobile transaction security, device preferences, mobile activities, and lifestyle digitization.

Another layer of security required while making businesses run simple Make the experience frictionless and easier for the consumer Use channels that consumers prefer and those which are ubiquitous, simple While ensuring cost effective options for the business Only 40% of users were able to successfully use “secret questions” as a second layer of security for activities like account recovery while 80% of users had success using pins sent over SMS Source: Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google, Google Research SMS, In App Notifications are desirable delivery channels Majority of businesses prefer cloud based 2FA solution SMS has a 98% open rate within a few minutes of receipt. This is a perfect channel to send 2FA codes to devices and virtually all devices. Source: Parc, InternetSociety http://www.internetsociety.org/sites/default/files/01_5-paper.pdf Source: Survey conducted by SafeNet The common denominator: A cloud based two factor (2FA) offering that can be combined with consumer’s choice of delivery channels

SAP Authentication 365: Service Overview Cloud-based service that generates and authenticates secure tokens based on industry standard security algorithms Easy to consume via RESTful APIs Easy to embed in customer sites and mobile platforms (iOS, Android) Simple Cloud Based Offering Service can be configured as per customer requirements Comes with an easy to use administrative user interface to establish default token configurations (type, length, timeout, message), delivery channels (SMS, Email, URL via SMS) Predefined analytics to monitor requests and authentications Options for parent-child accounts (called sub-accounts) Configurable and Easy to Deploy SAP Authentication 365 is our end-to-end 2FA solution. The solution provides both PIN generation and authentication via simple APIs to enable our customers to add an extensive, comprehensive layer of security to their digital presence. The solution is highly configurable and provides an administrative User Interface to help set defaults, test the solution, and view simple analytics. Integrated with SAP Digital Interconnect’s global messaging solution through SAP SMS 365 or SAP Intelligent Notifications, we have the world covered. Integrated with Delivery Channels Integration with SAP SMS 365 and SAP Intelligent Notifications 365 (for email) provides a complete end-to-end solution options Extensive global reach over operator approved routes, scalability, local expertise for SMS delivery of tokens

URL Validation – an Alternative Authentication Method With URL validation, SAP Authentication 365 sends an SMS with a unique URL to the end user. SMS still complies as an Out-Of-Band (OOB) delivery channel. Optionally the URL can be sent to email address as well. The end-user selects the URL on their mobile device and are instantly validated. End user does not have to remember or copy down code to validate. Much easier and quicker for end-user. API supports custom text for “authentication successful” screen. Pre-iOS 10 SMS My Logo iOS 10 SMS Email Browser formatting is an example. Actual visuals and graphics could be changed. Safari (Browser) Message success

SAP Authentication 365 is based on industry security standards and also adds it own additional security SAP Authentication 365’s token generation is implemented using both industry standard RFC 6238 (TOTP) and RFC 4226 (HOTP). Implementation of TOTP algorithms exceed the default by using a SHA- 256 cryptographic hash method instead of SHA-1 (default) Invalid responses are limited and locked out after repeated failures from an end-user for any code. SAP Authentication 365 is implemented across geographically redundant servers, requiring a secure connection between SAP and the customer. The authentication methods are based on the oAuth 2.0 and SAML 2.0 Assertion as well as HTTPS to ensure that data transferred between the Client and Cloud is encrypted There are no specific “industry standards” for 2FA implementation; however, many view RFC 6238 (TOTP) as the “gold standard” for the generation of 2FA tokens. SAP Digital Interconnect exceeds all minimums in RFC 6238 and also uses elements of RFC 4226 as well when generating tokens. Additionally, SAP Authentication 365 goes beyond most implementations by requiring secure connectivity to the customers and offers more than minimum options when choosing how to generate 2FA tokens.

SAP Authentication 365 end to end workflow Illustrative example, other workflows also possible where 2FA capabilities can be embedded End User Customer Website/App SAP Authentication 365 SAP SMS 365, enterprise service Initiates a transaction that requires the user to be verified 1 2 OR SAP Intelligent Notification 365 4 Generate 2FA Verification Token Calls SAP 2FA Generate API Notification (SMS, other channels) End User’s Mobile Device 3 5 Notification (SMS, other channels) 6 User enters received code into website and selects “Authenticate” Delivery defaults to SAP SMS 365, enterprise service; however, delivery could be directed to SAP Intelligent Notification 365 or another channel. 8 7 Authenticate entered token Calls SAP 2FA Authenticate API Success Success! Transaction will continue 9 Authentication Failed Failed

SAP Authentication 365: Additional Service Details Simple web based access Easy to navigate dashboard View Sub-Accounts New customers will be set-up with a User ID / Password for SAP Authentication 365. Account Management End-to-End Validation Prebuilt Analytics & Traffic Stats

Simple API Methods Service Methods Available Sample code to generate a token... Service API Route, POST Authentication /authorization/getAccessTokenClientCredentials Generate PIN /tokens/generate Validate PIN /tokens/validate Number Lookup /tokens/lookup URL Authorization /token/urlAuthorization Number of Generated PINs /analysis/tokenGenerated Number of Validated PINs /analysis/tokenValidated API Developer’s Guide will provide detailed information on implementing the SAP Authentication 365 API

Deployment of end-to-end solution with multiple options based on your business needs Select your channel of choice SAP SMS 365 (delivered token or URL validation) Channels provided by SAP Digital Interconnect with reliable, quality routing through feature rich connections, with reach of over 1000 operators worldwide in over 230 countries SAP Authentication 365 OR + SAP Intelligent Notifications 365 (providing email delivery) SAP Authentication 365 is the ONLY 2FA solution that can use not only our own channels to devices, but also that of ANY customer-provided channel (including a competitor’s SMS service). By default, this uses our A2P SMS solution, but it can easily be configured to leverage Intelligent Notifications. OR Customer channel provider

Key use cases enabled with SAP Authentication 365 User Information Management and Security New user, device, or IP-address authentication Password reset or recovery Real-time Process Transaction Validation Order confirmation or high value transaction validation Business workflow execution confirmation e.g. HR or finance transactions These are just a few of the possible use-cases. Customer Engagement Special promotions or coupon tied to a unique code New customer signup or event attendance

Value delivered by SAP Authentication 365 Add another layer of protection to systems and data Increased security of business-critical systems and data Increased ability to comply with regulatory requirements Reduced exposure to fraud 101010 101010 101010 Increased customer loyalty and engagement Increased user loyalty and trust Improved engagement mechanisms with confirmed user participation Our cloud based solution can provide capabilities that many on premise or in-house solutions cannot. For security, 2FA over SMS is one of the most effective and easiest security solution that you can provide. It is easily incorporated into an existing website or authorization workflow and easy to implement with SAP Authentication 365’s simple API calls. Ease of deployment Lower cost than hardware-based token solutions, cloud based deployment Minimal end-user education required Easily extended to other services