Strengths: Great range of authentication devices
Weaknesses: Can be complex to integrate
Verdict: Can be difficult to integrate with your web applications but it has got an excellent range of authentication devices and good support
Gemalto, formed through the merger of Axalto and Gemplus, sent us Protiva, which is designed to add two-factor authentication to network identities. Protiva does this via smart cards, providing secure access to resources such as web portals.
And Gemalto can supply one of the largest range of smart cards that we've seen. First, there are standard smart card readers and traditional tokens that generate single-use keys. On top of that, the company also has SIM cards that can be placed into any SIM-unlocked phone.
Probably most useful, though, are the USB devices. With the Protiva plug-in, single-use keys can be generated and automatically entered into a website by clicking the button in your browser's toolbar. With so many devices available it should be easy to find the ideal authentication type for your users and partners.
The system is controlled by the Protiva Server, which can be installed on Windows 2003 or RedHat Linux, and it needs a Java-compatible web application server, such as Apache's TomCat. The server can use MySQL or Active Directory as the data store, and works with OATH or EMV cryptographic standards. Radius servers including Microsoft's IAS and Funk Software's Steel Belted Radius are also supported.
The system is managed through the customer care web portal, which gives you access to all the standard management applications. You also add and administer your authentication devices from here. Once they've been added, you can give them to a user, who registers their account with the server. Only then can you modify that user's permissions. It is a shame that you can't create user accounts directly through the portal. However, there is a batch processor, which lets you import multiple devices and users.
The system comes with a set of defaults, but you can quickly define your own user roles and authentication policies, which can be assigned on a per-user or per-group basis.
Gemalto provides its demo portals with the software, which are useful to get an idea of how the system works. To build your own corporate sites, you'll need developers to work with the authentication server and the supplied integration manual.
Provita's main strength comes from its wide device support and automatic key entry via USB. It's easier to install and configure than Thales's Authentication Server, but feels a little more rigid.