ARCHIVED CERTIFIED PRODUCTS AND SYSTEMS

List of Archived Certified Products and Systems.

MyCC = Products certified by MyCC Scheme before recognized as CCRA Authorizing Participants.

CCRA = Products certified by MyCC Scheme after recognized as CCRA Authorizing Participants.

Project ID
C047
Product Name and Version
Extol ePassport Suite version 3.0
Product Sponsor / Developer
Extol MSC Berhad
Category
Other Devices and Systems
Product Type
Web Application Based Authentication System, which supports a suite of authentication mechanisms to secure user accounts, intranet web apps and online transactions.
Scope

ePassport Suite is a Web Application Based Authentication System, which supports a suite of authentication mechanisms to secure user accounts, intranet web apps and on-line transactions. The ePassport enabled Two-factor Authentication (2FA), requiring users to provide two means of authentication. The identification and authentication involving two attributes, which are described as "something you know" and "something you have". With this combination of authentication factors, these features shall provide protection and enforcement of IT security for any Internet transactions.

Enhancement towards the existing authentication factor (usage of username and password) is by implementing a better concept of “something you have”, such as secret PIN or One-Time Password (OTP), that are generated by a user through software desktop application or application on devices. The 2FA based on OTP compliments is provides better in strengthening the identification process. The OTP can be generated from mobile application in mobile phone, desktop software, through Time-Based OTP mechanism and from hardware token OTP generator. The OTP also can be send via SMS generated by a backend system of ePassport Suite.

Following are the major security functions provided by the TOE:

  • Security Audit-The TOE ensures that all crucial events being captured and audited.
  • Cryptography – ePassport Suite has an built-in feature of cryptography that generate a dictionary platform for all token types of One-Time Password (OTP), which is, shall be used by users to access their dedicated web application portal upon access control protection enforced by the TOE. Each of users has their own types of OTP devices either application in mobile phone, desktop software, through Time-Based OTP mechanism, from hardware token OTP generator and SMS generate by ePassport Suite backend system.
  • User Data Protection – The TOE provides Access Control Policy to all users who tries to access the TOE and the user is granted based on certain user attributes defined.
  • Identification and Authentication – The TOE ensures that only authorized user is permitted to access the TOE.
  • Security Management – The TOE provides functionality to Administrator to manage TOE secure setting and user management via TOE web application portal.
    Protection of the TSF – The TOE ensures that the time stamps to be taken from a reliable source from the environment that integrated with the underlying operating system.
Product Sponsor / Developer Contact Details

Raymond Tan
Unit G1, Ground Floor,
Wisma UOA Pantai,
No.11, Jalan Pantai Jaya,
59200 Kuala Lumpur, Malaysia

URL: http://www.extolcorp.com/
Email: raymond.tan@extolcorp.com
Phone: +603 2240 0008
Fax: +603 2240 0002

Assurance Level
EAL2
Certificate Date
09-07-2014
Expiry Date
09-07-2019
Recognized By
CCRA
Maintenance

NA

Status
Archive

CONTACT US

Information Security Certification Body (ISCB)
CyberSecurity Malaysia,
Level 7 Tower 1, Menara Cyber Axis,
Jalan Impact, 63000 Cyberjaya,
Selangor Darul Ehsan, Malaysia.

Monday - Friday 08:30-17:30 MYT (Note: closed on Saturday, Sunday and Public Holiday)

T: +603 - 8800 7999
F: +603 - 8008 7000

EMAIL US

For certification enquiry:
  certification[at]cybersecurity.my