What is the base architecture of WiKID Authentication?

WiKID Strong Authentication consists of two main elements, the WiKID Strong Authentication Server (WAS) and the WiKID Two-factor Client for user devices. The WAS interfaces with various Network Clients, such as firewalls, VPN services, Citrix, directories or applications via Protocol Modules, such as RADIUS, LDAP, SMB or the WiKID Authentication Protocol, an SSL-encapsulated API for web-enabled application integration.

When a user wants to login,say to a VPN service, they enter a PIN into the WiKID Two-factor Client, it is encrypted by the public key of the WiKID server and sent to the server. If the encryption is valid, the PIN is correct and the account is active, the server returns the one-time passcode encrypted by the Client's public key. The user then enter their username and one-time passcode into the VPN client. The VPN service forwards the credentials to the WiKID server via a protocol such as Radius for validation.