User authentication based on multi-factor authentication

Accurate authentication of actual users based on multi-factor authentication methods such as PKI, biometrics (fingerprint/iris, etc.), OTP(One Time Password), smartcards, ARS, etc.

Consolidated account management

Account management optimized with account life-cycle Support for certificate-based workflow

RBAC-based account management (RBAC : Role-based Access Control)

- Automated creation and revocation of accounts based on roles assigned to users
- Automated creation and revocation of accounts according to change in personnel data

Efficient account management based on account types

- Grouping account types into system/application/user categories - Configuring account-type-specific password format(combination of character/number/special character), dictionary, history, interval for changing passwords - Access management of : the number of account-type-specific concurrent access, the number of login attempt, login expiry date, and automatic access termination time

Management of accounts and passwords

Management of user account / login / passwords through management console

Support for multiple password rules

- Password complexity requirement(to disallow easy password) / freeze on recently used passwords by using history feature / password aging rule / password dictionary, etc.

Control over exploitable commands

Command control over a kind of exploitable commands, which should be prohibited to be used

The control is to be enforced in such a way that only authorized users through application/approval processes can be permitted to use exploitable commands

Real-time request for approval at the time of executing exploitable commands is prerequisite for command-execution control

Privilege management(control over access to resources)

The control is to be enforced in such a way that only authorized users through application/approval processes should be permitted to access important data

Audit trail

Logging of all the input and output of actual users