Home / Products / Five Challenges... / Authentication

 
 

Authentication

G/On's end-to-end solution integrates two-factor, mutual authentication. The hardware token can either be G/On's unique USB-based authentication and connectivity device OR G/On can use the PC itself as the hardware token.

Authentication

G/On integrates a strong two-factor, mutual authentication model based on these steps:

  1. Something you have” Hardware (device) authentication to validate and approve the connecting device. Included in this step is a corresponding validation of the server side which mutually authenticates hardware client and server devices.
  2. After successful hardware authentication, G/On completes the Secure Key Exchange and switches to FIPS 140-2 compliant 256-bit AES encryption and requests user credentials
  3. Something you know” User authentication is based on user ID and password validated by the user directory
  4. The hardware authentication and the user authentication are factored together for final 2-factor authentication.
  5. Successful 2-factor authentication will result in the presentation of a menu of authorized applications for the user.
  6. The user will now have encrypted connectivity on an application by application level by launching applications from the G/On menu.

The hardware authentication is based on a Challenge/Response protocol using public/private key cryptography (RSA keys). The authentication tokens are known to the G/On Server via an enrollment process that creates a unique set of public/private keypair for each token. These keypairs are all part of the company's G/On installation and the authentication process is always done on-line between the G/On Client and the company's G/On Server. Consequently, a Public Key Infrastructure (PKI) is not used and hence not needed.

G/On supports the following types of Authentication Tokens:

  • Hardware tokens with smart card
    • Private key generated, stored and kept secret inside the smart card hardware
    • The challenge/response calculations are done inside the smart card by the smart card CPU
    • G/On smart card tokens require no special drivers and no installation of drivers
  • Hardware tokens without smart card
    • Private key generated by PC and linked/locked to PC or USB device via hardware identifiers
    • Software on the PC implements the challenge/response protocol
  • Software tokens
    • Private key generated by PC and stored on PC or device
    • Software on the PC implements the challenge/response protocol
 
 
sitemap keywords Register Login  
 
Copyright © Giritech. All rights reserved.