YOUR MOBILE IS THE KEY
APIIDA MOBILE AUTHENTICATION bridges the gap between a high level of user acceptance and a high level of corporate security. Virtually the only solution to date for meeting high security requirements and ensuring secure client login and applications, the smartcard, is simply being replaced by the ubiquitous smartphone of users. Costly and inconvenient processes for procuring, personalizing and distributing smartcards are being dispensed with, without having to give up on the major advantages of a smartcard. As with a smartcard, the key material for certificates is generated and stored securely in the smartphone’s hardware or specially secured in the app.
THE SOLUTION AT A GLANCE
APIIDA MOBILE AUTHENTICATION uses the ubiquitous smartphone for strong twofactor user authentication. It reaches the security level of a smartcard, but with less operating costs, while ensuring greater user convenience. Whether to replace an already rolled-out smartcard solution or as a modern alternative to increase security, APIIDA Mobile Authentication is always a good option.
The solution consists of a smartphone app, a specially designed client component (Credential Provider), as well as a back-end system for seamless integration in an (existing) PKI/certificate infrastructure. To meet the high security requirements, the user’s key material is generated and stored securely in the smartphone’s hardware (Secure Element) or specially secured in the app. Only the Credential Provider is installed on the client. This establishes a connection with the app and enables a smartcard-like login to Windows.
Connecting the smartphone and the client is particularly user-friendly: devices can be paired securely via Bluetooth 4.0 LE and then automatically connect. Once a connection has been established, users can specify the maximum distance between devices before the computer is automatically locked. This provides an extra level of security, as users generally have their smartphone with them.
If the user does not have access to their smartphone (due to the device being faulty, lost or having a flat battery), they can log on with a temporary password (Fallback Solution). This temporary password allows access to a fallback certificate, which is stored securely in the computer’s trusted platform module (TPM). This can also be accessed offline, giving mobile users instant access to their computer.
• Greater Security: Introduction of a secure second factor for client login. User login is actually based on a cryptographically secured method.
• Minimal Outlay: Unlike with the usual smartcard or USB token, administrative costs are considerably lower as users tend to already have a smartphone, thus eliminating the need to order, supply and replace hardware.
• High Level of Acceptance: Optimum user-friendliness increases user acceptance and thus the level of security in the company as a whole