Architecture for a banking environment
Ensuring authentication is correctly implemented and deployed is very important for any business, but for banking it is critical. AuthControl Sentry® with risk-based authentication ensures the appropriate level of authentication is requested for access to applications and platforms based on the user’s circumstance.
Authentication for Banking Environments
Introduction
This page explains how multi-factor authentication can be implemented from an architectural perspective and suggests how the utilisation of varying authentication factors can be matched to corresponding security levels depending upon the request. With a range of authentication factors providing varying degrees of security, it provides administrators with the ability to match each user’s request to ensure the appropriate level of security is provided, for maximum security and efficiency.
Accessing the application
Users typically access the application provided by their bank through the internet, either on their mobile device or their computer’s web browser. The services behind the net banking application typically exist behind several network layers and are load balanced for efficiency and resilience, the user only communicating directly with the very edge of the net banking architecture.
Maximum resilience and expandability
To implement authentication within the banking environment ensuring ultimate resilience, AuthControl Sentry® can be distributed across multiple network layers in a service-oriented architecture performing specific functions only within the relevant network layers or secure zones.
The architecture has the following separate functions:
– Publication/presentation and reverse proxy
– Authentication core
– User self-service
– User synchronisation from existing directory or database
– Static password checking from existing directory or database
– Data storage
– Administration
The machines performing these functions would be clustered via network load balancing, controlling the flow during peak periods. Growth and capacity can be scaled to meet the highest demand.
Multi-factor authentication
Modern banks require privileged escalation for certain actions within the net banking application. One example would be a user sending money to a payee. An existing payee can be done without escalation, but to send money to a new payee would require further stronger authentication.
Architecture for NetBanking
Architecture that can help to withstand both authentication capability and load on the system as it grows and expands.
View the architectural diagramAuthentication flow
The extensive authentication factors available with AuthControl Sentry® can work with a range of account and transactional requests. Check back soon for detail on the full authentication flow.
