Like existing two-factor authentication methods, the WiKID Strong Authentication System requires the passcodes to be derived and verified in two separate channels, the WiKID client network and the SSL network service. Through verification of the validity of the device and triangulation of the outgoing and incoming codes, the passcodes are authenticated and matched against a named user. However, the WiKID Strong Authentication System is more effective than traditional two-factor systems in several key ways:
- The intelligence of the passcode generation is not within the client device, preventing theft and reverse engineering;
- The system is not 100% counter/time/algorithm-based (as are most competing systems), preventing the existence of N+1 and N-1 valid codes as the single-use devices age and lose synchronization;
- The system is based on a Request-Response Architecture whereby it generates a code only when requested, not continuously when not needed, which would open the system to algorithm analysis or cracking;
- The system employs no single-use devices, which eliminates the expenditure for and investment in short-life devices and
- The system can support multiple security domains both on the client, to reduce the need for multiple single use devices, and on the server, to enforce flexible security policies.
- The system uses an asymmetric PKI infrastructure which enables a single client to be used across multiple enterprises without the need for a federated trust relationship between enterprises.