Extol ePassport Suite version 3.0

 
PROJECT ID
C047
ASSURANCE LEVEL
EAL2
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
Extol ePassport Suite version 3.0
PRODUCT TYPE
Web Application Based Authentication System, which supports a suite of authentication mechanisms to secure user accounts, intranet web apps and online transactions.
PRODUCT SPONSOR / DEVELOPER

Extol MSC Berhad

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Raymond Tan
Unit G1, Ground Floor,
Wisma UOA Pantai,
No.11, Jalan Pantai Jaya,
59200 Kuala Lumpur, Malaysia

URL: http://www.extolcorp.com/
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +603 2240 0008
Fax: +603 2240 0002

ePassport Suite is a Web Application Based Authentication System, which supports a suite of authentication mechanisms to secure user accounts, intranet web apps and on-line transactions. The ePassport enabled Two-factor Authentication (2FA), requiring users to provide two means of authentication. The identification and authentication involving two attributes, which are described as "something you know" and "something you have". With this combination of authentication factors, these features shall provide protection and enforcement of IT security for any Internet transactions.

Enhancement towards the existing authentication factor (usage of username and password) is by implementing a better concept of “something you have”, such as secret PIN or One-Time Password (OTP), that are generated by a user through software desktop application or application on devices. The 2FA based on OTP compliments is provides better in strengthening the identification process. The OTP can be generated from mobile application in mobile phone, desktop software, through Time-Based OTP mechanism and from hardware token OTP generator. The OTP also can be send via SMS generated by a backend system of ePassport Suite.

Following are the major security functions provided by the TOE:

  • Security Audit-The TOE ensures that all crucial events being captured and audited.
  • Cryptography – ePassport Suite has an built-in feature of cryptography that generate a dictionary platform for all token types of One-Time Password (OTP), which is, shall be used by users to access their dedicated web application portal upon access control protection enforced by the TOE. Each of users has their own types of OTP devices either application in mobile phone, desktop software, through Time-Based OTP mechanism, from hardware token OTP generator and SMS generate by ePassport Suite backend system.
  • User Data Protection – The TOE provides Access Control Policy to all users who tries to access the TOE and the user is granted based on certain user attributes defined.
  • Identification and Authentication – The TOE ensures that only authorized user is permitted to access the TOE.
  • Security Management – The TOE provides functionality to Administrator to manage TOE secure setting and user management via TOE web application portal.
  • Protection of the TSF – The TOE ensures that the time stamps to be taken from a reliable source from the environment that integrated with the underlying operating system.