the wikid strong authentication systems overview

WiKID Systems, Inc.

Nick Owen

nowen@wikidsystems.com

1375 Peachtree StSuite 600

Atlanta, GA. 30309404-962-8983

WiKID Authentication System• Unique two-factor authentication system with

no hardware and no reader

• Significantly reduces authentication costs while increasing security

• Centralized control of enterprise authentication – even across the supply chain to vendors/consultants!

• Automated initial validation – end-user self-service – easy to implement and maintain

• Capable of session, host and transaction authentication

Lower cost

Ease of Use

Secure

Extensible

WiKID Key Differentiators• Powerful Network Client API extends functionality

– Set up users via trusted AD credentials

– Extensible to across enterprises

– Unique Service-oriented API capabilities

• Multi-platform Token client support

– Blackberry, J2ME, Mac, Linux. Windows, PocketPC

– Embeddable into 3rd party software

– No client hardware required

– Multi-domain capable – Secure cross-enterprise

authentication

WiKID Architecture

Public key

Public Key

1. User Enters 12 digit code, sends Public Key

1.2. WiKID server sends

configuration file and its Public Key2.

3.

Simple Initial Validation of Users

3. User creates PIN

4. Server sends registration code awaits validation

Completed in less than 15 seconds

4.

5. User logs in using trusted credentials

User enters registration code

6. Registration code sent to server and associated with

key pair exchange5.

6.

If the Registration code is received from a trusted Network Client and matches the expected value, the device is automatically validated.

Secret key

Public Key Certificates

1. User selects domain & enters PIN.

2. WiKID server decrypts PIN with Public Key and verifies. Returns

Passcode.

Internet

Internet

3. User enters Username and Passcode.

Typical Usage

4. Application requests verification.

5. WiKID Server Verifies Code.

6. User granted access.Average connection time of 4 seconds

Secret key

Public Key Certificates

1. User selects domain & enters PIN.

2. WiKID server decrypts PIN with Public Key and verifies. Returns

Passcode.

5. User enters Username and Passcode.

Mutual Authentication

6. Banking Application requests verification.

7. WiKID Server Verifies Code.

8. User granted access.Average connection time of 4 seconds

3. Token client fetches and hashes SSL cert and

compares

4. OTP and validated URL presented to user. Default browser launched to site.

Your Enterprise

Vendor

Your Employees

Application

You control user enrollment & provisioning

Vendors use WiKID SSL objects for web-enabled apps

If an employee leaves, disable their account

If you switch vendors, invalidate their certificate

Each vendor has their own Domain and Certificate from your server

No hardware to distribute to non-employees

Vendors/Contractor employees

Application

Simple Cross Enterprise Strong Authentication

Network Clients• Languages

– C# dll, Java Component, PHP, Ruby, Python

• Implementations

– Radius, LDAP, Plone, TACACS+

Benefits

• Reduces costs while increasing security• Security professionals work on security, not logistics• Simple to implement and maintain• Extensible platform for the future – for e-commerce,

supply chain, partners, independent contractors• The only strong authentication system capable of

handling session, host/mutual and transaction authentication in a cryptographically secure manner

Security Features• Request-response architecture: passcodes generated

only upon receipt of valid request• Server-side Java – inherent security features• Strong 1024-bit RSA equivalent asymmetric

encryption of all transactions• Certificate chaining for server-to-server authentication• Server-side PIN storage; Simple user disablement• PIN length, time outs, PIN and passcode attempts all

Admin configurable• Mutual Authentication for HTTPS • Use a separate domain for transaction signing

Administration Features

• Web-based server management

• RADIUS, LDAP and SSL-based API via Java Bean & COM object

• Support now for all major platforms: J2ME, Blackberry, Palm, PocketPC, PC, J2SE (for Mac and Linux)

• Replication for fault-tolerance• Initial validation via NT/AD credentials (scripts provided)

Secret key

Public Key Certificates

1. User selects reset domain & enters PIN.

2. WiKID server decrypts PIN with public key and verifies. Returns

Passcode.

Internet

Internet

3. WiKID Server pushes passcode to PDC as new password, flags for reset.

LAN Password Reset

4. User logs in with username and passcode.

5. User granted access, prompted to change password.

Layered Authentication

User/Session Authentication

Host/Mutual Authentication

Transaction Authentication/Signing

A Cryptographically Secure Approach

Layered Authentication

Thanks!

Nick Owen

http://www.wikidsystems.com

nowen@wikidsystems.com

404-879-5227

For additional information, please contact: