G/On's end-to-end solution integrates two-factor, mutual authentication. The hardware token can either be G/On's unique USB-based authentication and connectivity device OR G/On can use the PC itself as the hardware token.
Authentication
G/On integrates a strong two-factor, mutual authentication model based on these steps:
- “Something you have” Hardware (device) authentication to validate and approve the connecting device. Included in this step is a corresponding validation of the server side which mutually authenticates hardware client and server devices.
- After successful hardware authentication, G/On switches from 163-bit ECC encryption to FIPS 140-2 validated 256-bit AES encryption and requests user credentials
- “Something you know” User authentication is based on user ID and password validated by the domain server
- The hardware authentication and the user authentication are factored together for final 2-factor authentication.
- Successful 2-factor authentication will result in the presentation of a menu of authorized applications for the user. The menu can also depend on certain properties of the remote PC and its environment.
- The user can now gain encrypted connectivity on an application by application level by launching applications from the G/On menu.
The hardware authentication is based on unique identifiers of the hardware device being used. In the case of G/On USB, the identifier is part of the specially built G/On USB hardware. In the case of G/On Desktop, the identifier is based on uniquely identified hardware components of the PC. In all cases, the devices must be known to the G/On server before hardware authentication can be completed.
