TiQR Login & Signing Server

TiQR Login & Signing Server

Protect your virtual private networks

ville-blanche

TiQR is an award-winning mobile PKI solution which combines mobile technologies and advanced security standards to provide stong user authentication and secure online transactions.

TiQR is based on OATH open standards and RSA cryptography for providing banking-level electronic signatures. It uses intuitive QRCode scans and push notifications to provide a unique user experience where other alternatives would require complex smartcard software and hardware.
TiQR’s unique user friendly experience includes a one-click enrollment using QR codes and secure authentication/signing without having to re-type complicated codes and passwords. The TiQR Mobile application from RCDevs supports both OATH-OCRA and RSA algorithms to support a large variety of use cases. Its internal security is based on AES-256 encryption.
TiQR mobile is available for OS and Android and is co-developed by SURFnet and RCDevs.
Please read our TiQR QuickStart Guide to easily implement TiQR QR Login or TiQR Signature in your Web applications.

How it works

TiQR
Mobile

05 Steps

1
01. Scan
User scans the QR Code or recieves a mobile push notification.
2
02. Confirm
User confirms he wants to proceed with the login or transaction signing.
3
03. Enter PIN
User enters his TiQR security PIN code.
4
04. Confirm
With signing, user confirms or cancels the transaction details on screen.
5
05. Login
User logged in or signed the transaction/document nearly magically.
TiQR_iphone_scan

Where to use TiQR QR Login

TiQR Server provides easy SOAP, REST and JSON-RPC interfaces. The SOAP API is provided with a WSDL service description file. It is also very simple to implement TiQR login into your existing web applications. For a quick try, sample login pages are available in the Downloads section.
With RCDevs TiQR Login Server, you can authenticate users on:

Web Applications (Java, PHP, ASP, Python, .Net…)
OpenID-enabled Web Sites (with RCDevs OpenID Provider)
SAML and Google Apps (With SimpleSAML Plugin)
Cloud SSO applications (SalesForce, SugarCRM, GoToMeeting…)
OpenSSH (with our TiQR PAM module)
Web-based Products (SugarCRM, Joomla, RoundCube…)
Any other system (using our simple integration libraries)

Where to use TiQR Signature

TiQR provides the ability to sign online transactions and documents with RSA signatures and 1024bit or 2048 bit RSA keys. It also provides the functionalities of a PKI and leverages the use of the mobile devices instead of the usual smartcards. TiQR Sign has been designed to be integrated into existing Enterprise workflows and banking applications. Its mobile PKI API provides the functionalities for managing public keys, signing with QRCodes or push notifications, validating signatures and more.
TiQR_iphone_sign
banner_1024x500-960x469
TiQR for User Authentication
With TiQR, users just need to scan a QRCode displayed on a Web page in order to securely authenticate a Web access or SSH session. The user’s mobile application has the user identity information and there is no need to enter a username or password (domain password verification as second factor is an optional feature). A PIN code, combined with complex cryptography mechanisms on the mobile and the server prevents another person to use the user’s identity. With TiQR it is possible to use push notification instead of QRCode scans.
TiQR for Electronic Signatures
TiQR Sign is an innovative concept of RCDevs and SurfNet. It provides mobile PKI functionalities such as document signing. On the server-side, the PKI functionalities are proposed via a set of simple API methods. There is no need for a certificate authority or similar complex IT infrastructure to use RCDevs TiQR mobile PKI. TiQR sign is proposed with push notifications too. TiQR Sign provides secure transactions and electronic signature with RSA keys where the private keys are securely stored in the mobile devices. A TiQR transaction is first authenticated and requires the user’s PIN code. Once authenticated, the transaction details is displayed to the user who can securely sign or cancel.
TiQR for PGP (beta)
The last evolution of TiQR provides mobile PGP. Through a set of simple API methods, you can implement PGP functionalities such as document signature and file encryption. Multiple PGP signatures (batches) can be processed in a unqiue transactions.
Hardware Security Modules
TiQR complies with the highest security requirements by supporting Hardware Security Modules (HSM). The YubiHSM hardware modules from Yubico can also be used in order to enforce hardware cryptography in TiQR with AES encryption of TiQR secrets and true random generation for TiQR challenges. The use of HSM modules in OpenOTP is 100% transparent and the move to hardware cryptography can be done at any time without impacting your business. RCDevs WebADM server supports up to 8 HSM modules in hot-plug mode for fault-tolerance and increased performances.
User friendly and easy (no username or password required)
Very secure (relies on OATH Challenge-Response, RSA cryptography and AES)
Simple user registration in User Self-Service Desk and Self-Enrollment apps
Simple SOAP/XML API (with WSDL service description) over HTTP/HTTPS
Optional password check as second authentication factor
User login and transaction signing with with QR Scan or mobile push
SOAP, REST & JSON native APIs over HTTPS with WSDL service description
OpenID API for OpenID-enabled websites (OpenID Service Provider)
SAMLv2 IdP with POST redirections and IdP-initiated requests
Domain segregation with mappings to LDAP subtrees or dedicated LDAP
Per-client, group and network authentication policies
Group-based access control & authentication policies
Data consistency with no replication/import/synchronization of LDAP users
Many configurations adjustable per server, domain, group, user, client
Support for both LDAP direct and indirect (Active Directory) groups
Support multiple LDAP datasources (directory federation)
Sensitive user data (ex. Token seeds) are encrypted in LDAP with AES-256
Geolocation of all user accesses with Google map reporting
Per user location policies (IP address geolocalisation)
Session locking and session duplicate protection (clustered deployments)
Multilingual support for user messages (per-user language support)
Comprehensive logging and reporting in SQL (WebADM Log Viewer)
User blocking timers and blocking policies for authentication failures
Clustered session replication secured with with AES-256
Designed from the ground for high scalability (supports millions of users)
High performances (500 transactions per second on a two-nodes cluster)
Advanced failover and load-balancing (active-active cluster)
Dynamic remote connector failover for LDAP, SQL, SMTP…
Easy installation, update and configuration in RCDevs WebADM
Mail and SQL system alerts for administrators
Where to use TiQR QR Login
TiQR Server provides easy SOAP, REST and JSON-RPC interfaces. The SOAP API is provided with a WSDL service description file. It is also very simple to implement TiQR login into your existing web applications. For a quick try, sample login pages are available in the Downloads section.
Where tu se TiQR Signature
TiQR provides the ability to sign online transactions and documents with RSA signatures and 1024bit or 2048 bit RSA keys. It also provides the functionalities of a PKI and leverages the use of the mobile devices instead of the usual smartcards. TiQR Sign has been designed to be integrated into existing Enterprise workflows and banking applications. Its mobile PKI API provides the functionalities for managing public keys, signing with QRCodes or push notifications, validating signatures and more.

To request an online demo, you only have to create your account or contact us.

Online Demos are available for free to let you try RCDevs multi-factor in 5 minutes and authenticate with your mobile or Yubikey.