Identity, access management

From SME Guide

(Difference between revisions)
Jump to: navigation, search
WiKID is a two-factor authentication system. It consists of: a PIN, stored in the user's head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client's and the user's PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password. You can think of WiKID as 'certificates on steroids'. It is more secure than certificates because the required PIN is only stored on the server, so it is not susceptible to offline passive attacks. It is easier because user enrollment is automated and you don't have to deal with a full certiticate infrastructure. You can also compare WiKID to hardware tokens: it is much easier to implement, more extensible, yet just as secure. Stealing either the token or the PIN does you no good. You must steal both, just like a hardware token.
WiKID is a two-factor authentication system. It consists of: a PIN, stored in the user's head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client's and the user's PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password. You can think of WiKID as 'certificates on steroids'. It is more secure than certificates because the required PIN is only stored on the server, so it is not susceptible to offline passive attacks. It is easier because user enrollment is automated and you don't have to deal with a full certiticate infrastructure. You can also compare WiKID to hardware tokens: it is much easier to implement, more extensible, yet just as secure. Stealing either the token or the PIN does you no good. You must steal both, just like a hardware token.
-
[[Software Index|Software Index]]
+
[[Desktop, device, network and server management|Previous]] [[Software Index|Software Index]] [[Database and DB management|Next]]

Revision as of 09:28, 17 October 2008

Personal tools