Information Security > SecWall | SecAuth | SecMod

SecAuth® - A Strong Two Factor User Authentication made simple

As web techniques have developed further, more and more business is done by using web user interfaces. This has introduced new demands for authenticating the users of web techniques. We have developed a revonutionally simple and easy to deploy user authentication service that uses the end users' mobile phones for two factor authentication. By using the second factor for authentication SecAuth qualifies for the term strong user authentication, but also how the second factor is distributed and protected make SecAuth even stronger in security than most traditional strong authentication methods.

Easy to deploy

The end user of SecAuth does not need any special appliances, cards or password lists. He or She only needs the ordinary mobile phone capable of receiving SMS messages. The user interface is also self documenting, no education is needed for end users normally.

On server level SecAuth can be deployed as a separate proxy server to which the end customers connect by normal web browser (or with any another client application for the end service). The SecAuth proxy server intercepts the connection and verifies the user authentication. If the user is not authenticated the authentication will occur and only after successful authentication the users' network traffic will be passed to the end application server. This deployment method does not require any kind of modification for end applications nor configuration changes to the end server software.

Another way to deploy SecAuth is to integrate it as a security module to the end application. There are several integrations done for different kind of applications. Most usual way is to integrate SecAuth into web server software like Apache.

Easy to use

SecAuth's strong user authentication works so that the end user will be first asked for ordinary username and password pair. After correct pair has been given a SMS message containing randomly selected one-time password will be sent immediately to the mobile phone number registered for the user in SecAuth database. The one-time password is different for each session and it will be randomly counted for each connection attempt.

Near impossible to crack

The SMS message sending will be done by using separate GSM modem directly attached to SecAuth server so that the possible intruder cannot steal the password by monitoring and encrypting the ordinary network traffic to the SecAuth server - intruder must have possibility to monitor and encrypt the GSM network traffic also in addition to monitoring and encrypting the actual network traffic. And also be possible to make all this simultaneously, before the end users one-time password expires or gets used for its one-time.

As a backup method for mobile authentication, SecAuth can also authenticate selected users by using pre-calculated and printed password lists. This is an optional feature.

Further information

Please ask for more information about SecAuth and how it could be used in your company:

Telephone +358-14-4455100 or by email info@online.fi

We will be glad to provide you with more detailed information and even arrange a demonstration.