By Garret Grajek, CISSP
COO, MultiFactor Corp.
A breakthrough in the SecureAuth authentication solution is what MultiFactor calls "PKI-Free" mobility of the X.509 v3 credential.
Classic PKI solutions require end-users to understand how to export, transport and import their authentication credentials. MultiFactor's unique approach is to provide simple self-registration process. (See steps 1-4 below).
Classic PKI solutions require end-users to understand how to export, transport and import their authentication credentials. MultiFactor's unique approach is to provide simple self-registration process. (See steps 1-4 below).
MultiFactor solves this mobility issue, by:
- Providing integrated secure mobile registration, via:
- Telephony OTPs (One-Time-Passwords)
- SMS/Text Messaging OTPs
- E-Mail OTPs
- Configurable Short and Long Term Certificates
- Short Term:
- 10 minutes to 48 hours
- Long Term:
- 2 days to 10 years
- Mangeable from a simple web-GUI
- No PKI-knowledge needed by administrator
- NO C.A.'s required to be installed
- Require "AAA+Certificate" authentication
- PKI credential is just one factor
- User must have a valid account in the enterprise data store
- SecureAuth utilizes the enterprise data store
- SecureAuth has no data store of its own
Thus when a user utilizes a different machine (kiosk mode) the user simply re-registers and a new, valid credential is crated for that user. The user doe NOT need to:
- Understand private/public key technology
- Carry a device
- Transport the credential
- Import any credential or new device
The user self-registration process is self-explanatory and requires no help desk support. Here is a step-thru of the process: (click each image to enlarge)
Image #1: User enters his/her UserID to begin Self-Registration Process
(Note: Site can be public or private - the user chooses for better security)
Image #2: The user self-registers by selecting from a (enterprise-configurable) list of options
Image #3: User enters One-Time-Registration Code via Java Keypad
Image #4: User inputs his enterprise (AD, LDAP MS-SQL, etc) password
(Note: This is stored at the enterprise and not duplicated by SecureAuth)
Image #5: SecureAuth registers the User's Browser
(Note: Browser can be FireFox, Internet Explorer or Safari)
Image #6: Lastly the user is redirected back to the ASP.NET/SharePoint Application
The portability and ease-of-use for end users, make MultiFactor SecureAuth the ideal solution for:
--
Garret Grajek is the COO and a co-founder of MultiFactor Corporation. He is a certified security engineer who has deployed 100s of security solutions while working for RSA, IBM, Cisco and others.
0 comments:
Post a Comment