WiKID Domains allow administrators to specify strong authentication security requirements and to segregate users to different services. For example, one domain could allow access to for remote sales people and require a 4 digit PIN. Another domain could be for security personnel to administer firewalls with an 8 digit PIN. Another domain could be used to reset NT or Active Directory passwords.
WiKID's patent-pending initial validation system makes setting up a new domain easy. To set up a new domain, the user enters a 12-digit domain identifier. The public-private key pair is generated on the client and the public key is sent to the server (based on its identifier). The server responds with its public key and a configuration file. The user is prompted to enter their desired PIN. It is encrypted by the private key of the client and sent to the server where an account is created and the PIN is stored (encrypted, of course). The server returns a one-time registration code. The account is now created, but not active. Only after the server receives the registration code from a trusted network client will the account be validated. WiKID provides software to automate this process. For example, WiKID provide ASP scripts for users to validate using existing NT/Active Directory credentials. WiKID is the first strong authentication to provide complete self-service initial validation.
The client can have relationships with an unlimited number of domains, all from one WiKID Server or across multiple servers across multiple enterprises. WiKID is the first two-factor authentication system capable of handling cross-enterprise strong authentication. In fact, WiKID's client is so small that it can handle hundreds of domains on the typical wireless device.
- Unlimited number of domains
- Configurable PIN length configurable by domain
- Configurable passcode lifetime
- Configurable bad PIN attempts
- Configurable bad passcode attempts
