Strong Authentication Hardware Version Presentation

Our team is proud to present Strong Authentication Hardware Version, a new application created to increase at highest level the security of users authentication and web-based transactions.

It deals with “two factors” authentication system-a thing that i know and a thing that i have- wich combines, therefore a logical (mnemonic) factor, the user-password couple, to a physical factor that is possessed, in our case, one particular key to insert in the USB port of the computer (token), that completes the recognition process of users.

There are already exists other “two factors” authentication systems of users, especially those used by credit institutes, always interested in the saftyness of the net and therefore to search vanguard solutions; our system has a few peculiar characteristics such as:

Flexibility: our technicians worked hard to create a complex and complete system, easy to integrate with already existing applications for wich you desire to take advantage of the potentiality of strong authentication.
Security:  the key not only allows to authenticate users but can create protected sessions between user and server, encrypting the content with the Blowfish 256 bit algorithm, and gives the possibility to each user of choosing to encrypt the login process or the entire transaction, wich means protection even in the absence of SSL protocol on server.
Programming language: it has been chosen a combination between PHP and JAVA languages; further to be a novelty for this particular hardware key, it is surely an optimized choice due to the well known power, speed and versatility characteristics of this server-side programming language.
User’s investment: our high level software allows an low cost investment for the acquisition of the licence and the keys.

Support:  we are delivering the software “ready to use”, taking care of the whole installation procedure on the server (including software, operational components, codification and personalization of the keys, integration of the software with the application to protect-html pages, data-base, e-commerce etc) and naturally instructing the stuff for maintenance operations and use. We already own our servers set up and ready to records and insert user’s own sites.

“Self made” site: if the user doesn’t own a site to insert and if there are not particular demands, we are furnishing an default CMS, content management system, wich allows trough a simple and intuitive graphic web interface to create all the pages of the site-forms, links, image insertion included- without requiring the knowledge of any programming language. The system generates automatically the necessary codes to protect relative pages.

The versatility of this software can be exploited from other point of view also: convenience and simplicity of use for the final user. In fact, eliminating the first login factor (mnemonic user-password) can be created an rapid, secure and encrypted identification system, simply inserting the key in the USB device, without any other authentication operation, permitting, that way, controlled access to restricted areas of the site.

Therefore, the possibilities of  use are becoming really notable, privileging always the safety factor:

• Management of web-based database of clients, suppliers, etc, for distributed competence centers;

• Management of online sales and automation for the marketing agents

• Management of online sales of magazine subscriptions, e-learning services

• Software House: support and online updating

• Access to the restricted top management informations

• Home banking and remote banking

• Associations: safe and easy communications amoung members

• Franchising chains

• User identification for Virtual Private Network (VPN)

• Sales of services over internet

• Remote management of sales networks

• Management of customer services over the internet

• Controlled distribution of information over internet/intranet

• Sales of software and information services over internet

• Management of data bases over internet for companies, public institutes

The advantages are evident from any point of view (two factors or only USB key). In fact, in case of highly confidential services or/and protected information, using the “two factor” and the encryption of the token, doubled by an http SSL protocol, making all the procedure and communication adequately “armored”.

If using SSL protocol is not possible, the token will encrypt the whole server-client transaction.

For non-confidential informations can be used only the key authentication, extremely comfortable and user-friendly for the final user but safe in a mean time (transmission of login parameters is Blowfish 256bit encrypted).

Besides, the site administrator will be easily able to check and prevent any user’s access, specially those who lost the right to use the service, disabling their keys, while the traditional login-password system can be accessed with a friends password...