The architecture of the TokenControl consists of different
functional modules with exact specified interfaces. This guarantees
a powerful and error-free system.
- Apache server
TokenControl is designed around the worlds preferred web server
Apache. Being based on this state-of-the-art server platform,
TokenControl is able to profit from all the benefits of the
Apache technology. An integrated authentication module supports
all relevant authentication methods required in a secure
- PHP web interface
The web interface is based on the php script language.
TokenControl extends the php language by token specific
commands. This allows a customized user interface without
changes in other modules and therefore a very stable runtime
- application logic
The application logic implements the high level functions used
for user, token and policy management.
- cryptographic module
The cryptographic abstraction layer provides cryptographic
functionality (encryption, signing) for all kind of data
processed by the TokenControl. It provides the integration of
HSM modules to speed up time consuming operations.
- storage module
All data (user token, recovery tokens, ...) is managed by the
storage module. This makes it possible to use different
locations for storing like file systems, databases or LDAP.
- log module
TokenControl offers a highly sophisticated log mechanism. All
kinds of operations can be logged with different detail levels.
In addition log information can be signed and stored on
different locations like file systems, databases and LDAP.
- operating system
TokenControl is available for the following platforms: Solaris,
Linux, Windows NT/2000.
- configuration module
Configuration is handled by a separate module including user,
group, policy and system configuration data. It provides file systems,
databases and LDAP for storing the configuration data.
- authentication server
TokenControl includes an authentication service providing the
RADIUS and TACACS+ authentication protocol.