Voice Communication System

ONUR OCS-NG4000 & MULTI-FACTOR AUTHENTICATION

As cyber security is becoming more of a concern for mission critical environments and applications, more reliable security mechanisms are needed to be deployed against new types of threats, risks and vulnerabilities. Access control with strong authentication is one of the pillars that support total cyber defense and there is an increasing need and demand for such features in each single system that is used in ANSP organizations.

As one of the forerunners in VCS domain, ONUR gives special importance and priority to providing not only functionally the best, but also the most secure and robust solutions to its customer-base. For this purpose, we are closely following the relevant security standards and specifications, such as NIST 800-53, EUROCAE ED-205 and EUROCAE WG67’s VoIP Security Baseline 1.0 (dated Apr 2020), many of which dictate mandatory “Identification and Authentication Policies and Procedures” for federal organizations and ANSPs.

ONUR OCS-NG4000 VCS solution already has many – built-in – security implementations against unauthorized access, both in network/system and user levels. For example, OCS-NG4000 has a role/profile-based user management system, which can also be integrated to the organizations’ LDAP infrastructures; or RADIUS-based authentication systems.

Within the scope of cyber security and newly surfacing standards in VCS world, one of our latest and optional add-ons to our product-line is the multi-factor authentication capabilities, on the system or operator levels. Our solution basically covers 3 main elements of multi-factor authentication:

1. What the user knows (system and operator level passwords; PINs)
2. What the user has (smartcard implementations in system and CWP levels)
3. What the user is (biometric recognition devices and sensors)

Each user (either privileged user such as a system administrator, or non-privileged user such as a system operator) can access to the system after passing 3 levels of authentication. To do that;

• the user needs to know his/her password (or smartcard PIN),
• needs to have the smartcard given to him/her by the organization (it can also be the ID card, used in the organization)
• provide biometric data (i.e. fingerprint) to prove who he/she really is.

This functionality has been designed so that it can be provided as an option to existing VCS solutions.

The smartcard solution can be provided by ONUR or we can use existing systems within the organization. The card is not required to be capable to hold the biometric info, as this information is collected and stored (in ISO 14443 format) during the registration process. The bio-data is not limited to fingerprints; hand scans, iris scans, or other physical information about the card holder can also be used.

Once implemented the authentication process updates as follows:

1. When each CWP is powered on a “login” prompt appears
2. The security system can be set to work in 3 modes according to the security level requirements of the organization:
   1. Smartcard + PIN (Mode-A)
   2. Smartcard + Fingerprint (Mode-B)
   3. Smartcard + PIN + Biometric Info (Mode-C)
3. In every operation mode of the system, relevant inputs are taken from the user (including the fingerprints or any other biometric data), and the authentication process is completed accordingly.

This approach gives the organization to tune its security levels according to changing requirements.

We are able to provide this capability as a standalone upgrade to existing systems as well an integrated solution to organization’s existing AAA systems.

Thanks to the software-based nature of OCS-NG4000 VCS solution, this type of upgrades can be performed with minimum down time, as simple as a software upgrade and addition of the biometric hardware to the existing CWPs.

June 30, 2020