Turn mobile phones into hardware tokens
Celestix Networks released their HOTPin Two-Factor Authentication (2FA) system that employs mobile phones and Windows devices as high-security hardware tokens. HOTPin is an alternative to 2FA systems that use expensive single-function hardware tokens and have high per-user licensing fees.
The HOTPin system supplies One Time Passwords (OTPs) to mobile phones and Windows devices through two modes. HOTPin’s client mode uses client software that resides in smart phones to generate OTPs within the smart phones. In clientless mode, HOTPin software residing in a WSA appliance sends OTPs as text messages to SMS text-compatible mobile phones.
HOTPin can operate in either mode or both modes simultaneously. Client mode has the advantage of delivering OTPs regardless of wireless RF reception. Clientless operation is advantageous for users who do not have smart phones that can support the HOTPin client software.
When a user wants to log onto their network from a laptop or desktop computer or other device, they enter their password or PIN and the OTP they receive from their mobile phone. If a criminal should intercept a user’s password and OTP, that OTP is useless when the criminal tries to access the network.
Celestix’ HOTPin system needs no other hardware tokens. HOTPin leverages ubiquitous smart phones as clients, which makes them readily available and inexpensive to use as tokens. HOTPin uses the industry standard HOTP algorithm (IETF RFC4226) to generate OTPs. HOTP is an open standard that has been extensively peer reviewed for security.
Celestix offers the HOTPin system as an option on their WSA series appliances. WSA series appliances are platforms for Microsoft IAG 2007 software for SSL VPNs. As an on-box appliance integration, HOTPin is very fast and easy to put into operation. The combination of a 2FA system and an SSL VPN provides highly secure remote access.
The first release of HOTPin supports Windows Mobile devices, RIM Blackberrys, Apple iPhones, and SMS/email. Celestix plans to broaden HOTPin clients supported to include Google Android smart phones in the second quarter of 2009.