Swivel Authentication
“The company has quickly adapted to the new system and have found no problems getting to grips with the PINsafe login process, which is simplicity itself. Having no key fobs to worry about has also significantly reduced the number of help desk calls we need to deal with.”Sarah Blair, IT Director, Thorntons Law LLP
The Swivel PINsafe solution provides authentication for access via VPNs, Websites and Corporate Web-Applications, by using mobile devices and web-browsers.
With no tokens to manage, PINsafe allows for instant provisioning (and deprovisioning) of end-users. By removing the cost of individual tokens and the associated administration and management overheads, the overall budget requirements for implementation is reduced as are the ongoing management costs.
With flexibility built into its architecture for easy implementation, PINsafe is designed to accommodate the unique requirements of each individual organisation.
A single PINsafe server can provide the authentication for all your remote services, VPNs, Websites and Web Applications.
Overview
PINsafe is a multi-factor authentication system. The core of the solution is the Swivel one-time code (OTC) extraction protocol whereby a user is sent a security string, the user then combines this security string with their PIN number to derive a one-time code. They then use this one-time code to authenticate themselves.
The strength of this system is that the user needs both the security string and their PIN in order to authenticate. The one-time code extraction protocol is simple to use, the PIN determines which characters are to be used and in which order, for the one-time code.
The example above shows how a PIN of 2468 is combined with the security string to create the one-time code 1326. PINs can be from 4 digits to 10 digits long. Security strings can be letters, numbers or a mixture of both.
This approach gives the following advantages:
- The one-time code that the user enters is different for every authentication which provides defence against key-logging attacks, and many simple man-in-the-middle and phishing attacks.
- The user never enters their PIN to authenticate, again providing defence against the attacks listed above.
- As authentication requires two elements, the security string can be sent via a different channel to the authentication request, providing defence against man-in-the-middle attacks.
- The delivery of the security string can be tied to a specific device, eg a mobile phone, providing a two-factor authentication solution.
The beauty of this basic model is that it can be implemented in a number of ways to give different user experiences and different strengths of authentication. For example the security string can be displayed as an obfuscated (TURing) image on a VPN logon page or delivered via a text message to a user's mobile phone.
The mobile phone is already a business critical tool, and using this device as a basis for authentications produces a solution with low incremental management costs as the device is already being managed.
SMS
The user receives a randomly generated security string via SMS. They then use their PIN to extract their one-time code (OTC). This becomes their authentication credential.
This PINsafe interface provides true two-factor authentication as the security string can only be accessed by the user's registered mobile phone and had the additional security that the two key elements of the authentication process are not transmitted on the same network.
Java Midlet
A simple Java (MIDP2.0) application that can download and store 99 security strings from the PINsafe server. This means authentication is possible even during prolonged time outside mobile network coverage. The user enters their PIN into the phone keypad and the midlet extracts their OTC for them. The user can download a new batch of 99 strings at any time.
TURing
PINsafe's single channel web-based solutions are ideal for protecting Web pages, Outlook Web Access (OWA) and SSL VPNs. It is simple to seamlessly integrate with these technologies and is an effective alternative or addition to vulnerable username and password authentication.
PINsafe provides a choice of TURing, PATtern or BUTton interfaces so help secure remote access with no ongoing cost for authentication. As a user's PIN is never entered the solution is immune to keyboard-logging based attacks. The security strings can be made up of numbers, characters or even a mixture of the two.
These images can even be branded for individual customers requirements.
The PINsafe iClient allows a user to use two-factor authentication with an iPhone. The iClient generates a One-Time-Code (OTC) to provide safe and secure authentication without requiring access to a mobile phone network.
Any company, with an application or VPN protected by PINsafe, can easily integrate the iClient and provide flexible, secure authentication without any of the usual associated costs from SMS or traditional token solutions.
For a full list of our reference materials, please visit the Remote Working download section.
Case Studies
Datasheets
Whitepapers
- Support 0845 58 27999
- General 0845 58 27001
- Request a Call / Quote
