Tuesday, July 1, 2008

SecureAuth solves X.509 Portability for Authentication

SecureAuth solves X.509 Authentication Mobility

By Garret Grajek, CISSP
COO, MultiFactor Corp.

A breakthrough in the SecureAuth authentication solution is what MultiFactor calls "PKI-Free" mobility of the X.509 v3 credential.

Classic PKI solutions require end-users to understand how to export, transport and import their authentication credentials. MultiFactor's unique approach is to provide simple self-registration process. (See steps 1-4 below).

MultiFactor solves this mobility issue, by:

  • Providing integrated secure mobile registration, via:
    • Telephony OTPs (One-Time-Passwords)
    • SMS/Text Messaging OTPs
    • E-Mail OTPs
  • Configurable Short and Long Term Certificates
    • Short Term:
      • 10 minutes to 48 hours
    • Long Term:
      • 2 days to 10 years
    • Mangeable from a simple web-GUI
      • No PKI-knowledge needed by administrator
      • NO C.A.'s required to be installed
  • Require "AAA+Certificate" authentication

Thus when a user utilizes a different machine (kiosk mode) the user simply re-registers and a new, valid credential is crated for that user. The user doe NOT need to:
  • Understand private/public key technology
  • Carry a device
  • Transport the credential
  • Import any credential or new device

The user self-registration process is self-explanatory and requires no help desk support. Here is a step-thru of the process: (click each image to enlarge)

Image #1: User enters his/her UserID to begin Self-Registration Process
(Note: Site can be public or private - the user chooses for better security)

Image #2: The user self-registers by selecting from a (enterprise-configurable) list of options

Image #3: User enters One-Time-Registration Code via Java Keypad

Image #4: User inputs his enterprise (AD, LDAP MS-SQL, etc) password

(Note: This is stored at the enterprise and not duplicated by SecureAuth)

Image #5: SecureAuth registers the User's Browser
(Note: Browser can be FireFox, Internet Explorer or Safari)

Image #6: Lastly the user is redirected back to the ASP.NET/SharePoint Application

The portability and ease-of-use for end users, make MultiFactor SecureAuth the ideal solution for:


Garret Grajek is the COO and a co-founder of MultiFactor Corporation. He is a certified security engineer who has deployed 100s of security solutions while working for RSA, IBM, Cisco and others.

No comments:

Copyright 2008. MultiFactor Corporation. All Rights Reserved.