advertisement

The WiKID Strong Authentication Systems Overview

100 %
0 %
advertisement
Information about The WiKID Strong Authentication Systems Overview
Technology

Published on March 10, 2009

Author: nowen

Source: slideshare.net

Description

A high-level overview of the WiKID Strong Authentication System, a dual-source, software-based, two-factor authentication solution. WiKID uses public-key cryptography unlike most token systems and is therefore a secure, extensible replacement for hardware tokens.
advertisement

WiKID Systems, Inc. Nick Owen [email_address] 1375 Peachtree St Suite 600 Atlanta, GA. 30309 404-962-8983

WiKID Authentication System Unique two-factor authentication system with no hardware and no reader Significantly reduces authentication costs while increasing security Centralized control of enterprise authentication – even across the supply chain to vendors/consultants! Automated initial validation – end-user self-service – easy to implement and maintain Capable of session, host and transaction authentication Lower cost Ease of Use Secure Extensible

Unique two-factor authentication system with no hardware and no reader

Significantly reduces authentication costs while increasing security

Centralized control of enterprise authentication – even across the supply chain to vendors/consultants!

Automated initial validation – end-user self-service – easy to implement and maintain

Capable of session, host and transaction authentication

WiKID Key Differentiators Powerful Network Client API extends functionality Set up users via trusted AD credentials Extensible to across enterprises Unique Service-oriented API capabilities Multi-platform Token client support Blackberry, J2ME, Mac, Linux. Windows, PocketPC Embeddable into 3 rd party software No client hardware required Multi-domain capable – Secure cross-enterprise authentication

Powerful Network Client API extends functionality

Set up users via trusted AD credentials

Extensible to across enterprises

Unique Service-oriented API capabilities

Multi-platform Token client support

Blackberry, J2ME, Mac, Linux. Windows, PocketPC

Embeddable into 3 rd party software

No client hardware required

Multi-domain capable – Secure cross-enterprise authentication

WiKID Architecture

Public key Public Key User Enters 12 digit code, sends Public Key 1. 2. WiKID server sends configuration file and its Public Key 2. 3. Simple Initial Validation of Users 3. User creates PIN 4. Server sends registration code awaits validation Completed in less than 15 seconds 4. 5. User logs in using trusted credentials User enters registration code 6. Registration code sent to server and associated with key pair exchange 5. 6. If the Registration code is received from a trusted Network Client and matches the expected value, the device is automatically validated.

User Enters 12 digit code, sends Public Key

Secret key Public Key Certificates User selects domain & enters PIN. 2. WiKID server decrypts PIN with Public Key and verifies. Returns Passcode. Internet Internet 3. User enters Username and Passcode. Typical Usage 4. Application requests verification. 5. WiKID Server Verifies Code. 6. User granted access. Average connection time of 4 seconds

User selects domain & enters PIN.

Secret key Public Key Certificates User selects domain & enters PIN. 2. WiKID server decrypts PIN with Public Key and verifies. Returns Passcode. 5. User enters Username and Passcode. Mutual Authentication 6. Banking Application requests verification. 7. WiKID Server Verifies Code. 8. User granted access. Average connection time of 4 seconds 3. Token client fetches and hashes SSL cert and compares 4. OTP and validated URL presented to user. Default browser launched to site.

User selects domain & enters PIN.

Your Enterprise Vendor Your Employees Application You control user enrollment & provisioning Vendors use WiKID SSL objects for web-enabled apps If an employee leaves, disable their account If you switch vendors, invalidate their certificate Each vendor has their own Domain and Certificate from your server No hardware to distribute to non-employees Vendors/Contractor employees Application Simple Cross Enterprise Strong Authentication

Network Clients Languages C# dll, Java Component, PHP, Ruby, Python Implementations Radius, LDAP, Plone, TACACS+

Languages

C# dll, Java Component, PHP, Ruby, Python

Implementations

Radius, LDAP, Plone, TACACS+

Benefits Reduces costs while increasing security Security professionals work on security, not logistics Simple to implement and maintain Extensible platform for the future – for e-commerce, supply chain, partners, independent contractors The only strong authentication system capable of handling session, host/mutual and transaction authentication in a cryptographically secure manner

Reduces costs while increasing security

Security professionals work on security, not logistics

Simple to implement and maintain

Extensible platform for the future – for e-commerce, supply chain, partners, independent contractors

The only strong authentication system capable of handling session, host/mutual and transaction authentication in a cryptographically secure manner

Security Features Request-response architecture: passcodes generated only upon receipt of valid request Server-side Java – inherent security features Strong 1024-bit RSA equivalent asymmetric encryption of all transactions Certificate chaining for server-to-server authentication Server-side PIN storage; Simple user disablement PIN length, time outs, PIN and passcode attempts all Admin configurable Mutual Authentication for HTTPS Use a separate domain for transaction signing

Request-response architecture: passcodes generated only upon receipt of valid request

Server-side Java – inherent security features

Strong 1024-bit RSA equivalent asymmetric encryption of all transactions

Certificate chaining for server-to-server authentication

Server-side PIN storage; Simple user disablement

PIN length, time outs, PIN and passcode attempts all Admin configurable

Mutual Authentication for HTTPS

Use a separate domain for transaction signing

Administration Features Web-based server management RADIUS, LDAP and SSL-based API via Java Bean & COM object Support now for all major platforms: J2ME, Blackberry, Palm, PocketPC, PC, J2SE (for Mac and Linux)‏ Replication for fault-tolerance Initial validation via NT/AD credentials (scripts provided)‏

Web-based server management

RADIUS, LDAP and SSL-based API via Java Bean & COM object

Support now for all major platforms: J2ME, Blackberry, Palm, PocketPC, PC, J2SE (for Mac and Linux)‏

Replication for fault-tolerance

Initial validation via NT/AD credentials (scripts provided)‏

Secret key Public Key Certificates 1. User selects reset domain & enters PIN. 2. WiKID server decrypts PIN with public key and verifies. Returns Passcode. Internet Internet 3. WiKID Server pushes passcode to PDC as new password, flags for reset. LAN Password Reset 4. User logs in with username and passcode . 5. User granted access, prompted to change password.

Layered Authentication User/Session Authentication Host/Mutual Authentication Transaction Authentication/Signing A Cryptographically Secure Approach Layered Authentication

Thanks! Nick Owen http://www.wikidsystems.com [email_address] 404-879-5227 For additional information, please contact:

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Overview — Two-Factor Authentication without the hassle ...

Overview. A brief review of ... the WiKID Strong Authentication System requires the passcodes to be derived and verified in two separate channels, ...
Read more

WiKID Systems - Two-factor authentication without the ...

Ever since deploying WiKID, we have secured our Production systems from unauthorized access and maintained PCI compliance
Read more

Virtual Appliances | Solution Exchange

Browse and search through the largest library of virtual appliances and ... Overview . The WiKID Strong ... The WiKID Strong Authentication System is a ...
Read more

Two-factor authentication through Windows Server 2008 Net ...

... software-based two-factor authentication system. ... An overview. After everything is ... The WiKID Strong Authentication Server.
Read more

WiKID Strong Authentication System download | SourceForge.net

WiKID Strong Authentication System Two-factor authentication system. SourceForge. Browse Enterprise Blog Jobs Deals Help. Log In or Join ...
Read more

WiKID Systems | LinkedIn

See who you know at WiKID Systems, leverage your professional network, and get hired. ... Scalability notes for the WiKID Strong Authentication server.
Read more

WiKID Strong Authentication Software Token on the App Store

Download WiKID Strong Authentication ... Overview; Music; Video; Charts ... To download the free app WiKID Strong Authentication Software Token ...
Read more

How to install the WiKID Strong Authentication Server ...

... Community Edition The WiKID Strong Authentication Server is ... Strong Authentication ... and concepts of the WiKID Authentication System ...
Read more

Two-factor authentication through Windows Server 2008 NPS ...

... we will be using the WiKID Strong Authentication Server ... software-based two-factor authentication system. ... An overview. After everything is ...
Read more

WiKID Systems Announces Free, Self-Hosted Two-Factor ...

ATLANTA, Nov. 19, 2014 /PRNewswire/ -- WiKID Systems today announced the release of version 4.0 of the WiKID Strong Authentication System. For over 13 ...
Read more