Technology & Architecture

WiKID Systems has created an entirely new, patent-pending architecture that fundementally changes the way one-time password systems work. Unlike time-synchronous and counter-based OTP systems, WiKID only generates a code upon reciept of a proper request - the correct PIN, validly encrypted on an active account. This architecture eliminates the need for kludgey patches to check for false codes or clock manipulation or drift. The Request-Response architecture was designed from the ground up for the Internet age.
Architecture Overview
Fundamentally, WiKID Strong Authentication works this way: A user selects the domain they wish to use and enters the PIN into their WiKID Two-factor client. It is encrypted with the WiKID Server's public key - assuring that only that server can decrypt it with its private key. If the server can decrypt the PIN and it is correct and the account is active, it generates the one-time passcode (OTP) and encrypts it with the client's public key. The user then enters their username and the OTP into whatever service they are using, a VPN e.g., which forwards it to the WiKID Server for validation.
WiKID Strong Authentication Domains
In WiKID a user is associated with a "Domain". The domain in turn points to a Network Client - completing the triangle.
WiKID's Strong Authentication Software Token Device Client Support
WiKID supports the broadest selection of operating systems in the industry. If you need Windows, Mac, Linux, J2ME, PocketPC/SmartPhone/Windows Mobile or Blackberry, we have you covered. Indeed, if you need a custom client, we can develop it. If you need to embed two-factor authentication into your application, we can do that too.
WiKID Strong Authentication Network Clients
Network Clients can be network services such as VPNs or SSH or another server which proxies the authentication request to the WiKID Server such as a RADIUS server or an LDAP server. Additionally, we provide a simple API and sample JSP or ASP pages for Web-enabled applications using our SSL-encrypted authentication protocol - perfect for adding two-factor authentication to extranets and intranets.
WiKID Transaction Authentication
Even with stronger session and mutual authentication, there is still a risk from session-hijacking trojans. Using WiKID for transaction authentication will thwart session-hijacers.
WiKID Mutual Authentication
Typical one-time passwords systems are susceptible to man-in-the-middle attacks. WiKID combines one-time passcodes and site authentication in our PC clients to create a cryptographically secure mutual authentication system.
How does the WiKID Software token work?
An overview of the transactions between the WiKID Server and the WiKID Software Token.

Document Actions

Join our email list
How do I add two-factor auth?

Download a registration-free free eGuide on How to Add Two-factor Authentication to Your Network, complete with examples.

    Thanks for responding so fast! Great service.

    INFOSEC PRO
    SAN DIEGO, USA