Oracle Database Direct Debit (DD) authentication is a powerful tool that can be used to enhance user identity authentication. With DD authentication, users must provide their bank account information and an encrypted password before they can access a database account. In this article, we will explore how to implement DD authentication to strengthen user identity authentication.
DD authentication relies on two mn components: a user’s bank account information and a password. The bank account information provides a unique identifier for the user, and the password ensures that only the authorized user can access the account. To implement DD authentication, first, we need to set up the bank account information for each user. This information will be stored in a separate table, different from the user table, with secure access control policies.
Next, we need to create a trigger that will verify the authenticity of the user’s bank account information and password. This will be done whenever a user tries to access the database. The trigger will extract the user’s bank account information and use it to connect to the bank’s server to verify the account existence and whether the account is valid. If the account is valid, the trigger will extract the encrypted password from the users’ row in the user table, along with the salt – this is a random string that is applied before encryption to protect agnst dictionary attacks. The trigger will then compare the encrypted password provided by the user with the stored encrypted password, and if they match, the user will be authorized to access the database.
Here is an example of how this approach can be implemented using PL/SQL code:
CREATE OR REPLACE TRIGGER DD_AUTH_TRIGGER
AFTER LOGON ON SCHEMA
BEGIN
IF (USER = ‘DD_USER’ AND SYS_CONTEXT(‘USERENV’,’IP_ADDRESS’) NOT LIKE ‘10.192.1.%’) THEN
RSE_application_ERROR(-20000, ‘Direct Debit authentication is only allowed from the trusted network’);
END IF;
FOR bank_acct IN (SELECT *
FROM dd_account
WHERE username = USER)
LOOP
BEGIN
con := utl_tcp.open_connection(bank_acct.bank_server_address, 80);
utl_tcp.write_line(con, ‘GET /api/v1/account/validate?acctnum=’ || bank_acct.bank_account_number || ‘ HTTp/1.0’);
utl_tcp.write_line(con, ‘Host: ‘ || bank_acct.bank_server_address);
utl_tcp.write_line(con, ‘User-Agent: Mozilla/4.0’);
utl_tcp.write_line(con, ‘Authorization: Basic ‘ || utl_base64.encode(bank_acct.bank_username || ‘:’ || bank_acct.bank_password));
utl_tcp.write_line(con, ”);
str := utl_tcp.read_text(con);
utl_tcp.close_connection(con);
IF (str LIKE ‘%account is not valid%’) THEN
RSE_APPLICATION_ERROR(-20002, ‘The bank account is not valid’);
END IF;
encrypted_pwd := dbms_crypto.hash(USER || bank_acct.bank_password || bank_acct.salt, dbms_crypto.HASH_MD5);
IF (encrypted_pwd != bank_acct.dd_password) THEN
RSE_APPLICATION_ERROR(-20001, ‘The password is incorrect’);
END IF;
EXCEPTION
WHEN OTHERS THEN
RSE_APPLICATION_ERROR(-20003, ‘The authentication server is not avlable’);
END;
END LOOP;
END;
In the example above, the trigger verifies that users can only access the database from a trusted IP address range. The trigger then queries the dd_account table to retrieve the bank account information for the logging in user. The trigger uses the utl_tcp package to connect to the bank server using the http protocol to validate the bank account number and password provided by the user. If the user’s bank account exists and is valid, the trigger uses the dbms_crypto package to encrypt and compare the user’s password with the encrypted password from the dd_account table.
In conclusion, Oracle Database Direct Debit authentication is a robust approach for enhancing user identity authentication. By implementing DD authentication, enterprises can leverage the bank account information and password to provide a higher level of security for their database users. With the use of a trigger and secure access controls, enterprises can be sure that only authorized users are accessing the database.