mobile authentication - apiida€¦ · business models have built-in card readers, making...
PRODUCT DATA SHEET
The password is dead — has long been a security industry slogan. Strong two-factor authentication solutions have therefore been in use for a long time — especially in cor-porate environments. But even the de-facto standard for two-factor authentication in companies, the smartcard, is increasingly coming under pressure as more and more devices come without smartcard readers. An ever-smaller number of PC manufacturers’ business models have built-in card readers, making inconvenient external card readers a necessity. With tablets and smartphones however, these are often not an option either, as they generally don’t even include USB ports.
The cost of procuring, distributing and managing smartcards is huge; the application complex and prone to errors — which is why user acceptance and usage rate is low. Smartcards therefore tend to be used only in certain areas of a company. At the same time, however, corporate security level requirements in general are rising.
Consequently, companies are looking for an authentication solution that offers the same level of security as a smartcard but without the need for an additional physical authenti-cator. A solution that is also not dependent on complex passwords and is as user-friendly as possible. Finding the right balance between user-friendliness, a high level of security and low costs isn’t always easy.
APIIDA MOBILE AUTHENTICATION bridges the gap between a high level of user acceptance and a high level of corporate security. Virtually the only solution to date for meeting high security requirements and ensuring secure client login and applica-tions, the smartcard, is simply being replaced by the ubiquitous smartphone of users. Costly and inconvenient processes for procuring, personalizing and distributing smart-cards are being dispensed with, without having to give up on the major advantages of a smartcard. As with a smartcard, the key material for certificates is generated and stored securely in the smartphone’s hardware or specially secured in the app.
• Cryptographically secured login at the security level of a smartcard
• Direct integration with existing PKI/certificate infrastructures
• Quick installation and seamless migration with low service cost
• Automatic rollout• Simple self-registration for the
secure second-factor “smartphone”• Simplified processes and procedures
in case of forgotten Password/PIN• Compatible with all current
Windows® operating systems• Available for iOS and Android
YOUR MOBILE IS THE KEY
APIIDA AGMarktstrasse 47-49 64401 Gross-Bieberau Germany
Phone: +49 6162 800 450 Fax: +49 6162 800 444 E-Mail: [email protected] apiida.com
THE SOLUTION AT A GLANCE
• Greater Security: Introduction of a secure second factor for client login. User login is actually based on a cryptographical-ly secured method.
• Minimal Outlay: Unlike with the usual smartcard or USB token, administrative costs are considerably lower as users tend to already have a smartphone, thus eliminating the need to order, supply and replace hardware.
• High Level of Acceptance: Optimum user-friendliness increa-ses user acceptance and thus the level of security in the com-pany as a whole.
APIIDA MOBILE AUTHENTICATION uses the ubiquitous smartphone for strong two- factor user authentication. It reaches the security level of a smartcard, but with less operating costs, while ensuring greater user convenience. Whether to replace an already rolled-out smartcard solution or as a modern alternative to increase security, APIIDA Mo-bile Authentication is always a good option.
The solution consists of a smartphone app, a specially designed client component (Credential Provider), as well as a back-end system for seamless integration in an (exis-ting) PKI/certificate infrastructure. To meet the high security requirements, the user’s key material is generated and stored securely in the smartphone’s hardware (Secure Element) or specially secured in the app. Only the Credential Provider is installed on the client. This establishes a connection with the app and enables a smartcard-like login to Windows.
Connecting the smartphone and the client is particularly user-friendly: devices can be paired securely via Bluetooth 4.0 LE and then automatically connect. Once a connection has been established, users can specify the maximum distance between devices before the computer is automatically locked. This provides an extra level of security, as users generally have their smartphone with them.
If the user does not have access to their smartphone (due to the device being faulty, lost or having a flat battery), they can log on with a temporary password (Fallback Solution). This temporary password allows access to a fallback certificate, which is stored securely in the computer’s trusted platform module (TPM). This can also be accessed offline, giving mobile users instant access to their computer.