WebIdentity is a hardware based device the size of a key which, when plugged into the USB port of a computer, allows you to uniquely identify and authenticate the user of a Web-based application and to set up protected and encrypted transactions with him over the Internet.
How WebIdentity Works
The user will simply plug WebIdentity into the USB (Universal Serial Bus) port of the computer without going through any installation procedures at all.
The Server application will take care of setting up secure communications with the token in order to authenticate the user. User identification is carried out on the basis of information resident in the device and in combination with the user-supplied password (two factor authentication).
When the Client has been identified and the user authorization checked, WebIdentity sends the custom, private information to the user, encrypting the content with the Blowfish 256 bit algorithm and the time variable key which is linked to the secret value in token. The Hardware And Software Components Of The System
The information can be either HTML pages, database information with web interfaces, forms, download areas etc. The transaction of this information over the web is encrypted both from the server to the Client and vice versa
The WebIdentity user authentication system is composed of hardware components, the device which will be associated with the various users of the Internet service, and software, the ActiveX and Plug-In modules which are needed for handling the security system.
The WebIdentity hardware device is, to all intents and purposes, a hardware key which has been developed for its security features as well as being equipped with an ASIC chip for the parallel port version and a purpose built chip for the USB interface version. The device has the following technical features:
- 8 Kbytes of writeable memory
- Memory access code
- Security: an ASIC circuit makes the simple cloning of the hardware key impossible
- Automatic power supply: it doesn’t use internal batteries or an external power supply
- Programmable: a double access code to information in the device is programmable by the service provider
- Stackable: the USB key can be stacked together with up to 128 other peripheral devices; with the parallel interface version, 20 or more keys can be stacked on the same parallel port
- Transparency: other peripheral devices can be piggy backed with the key on the same port (network adapters, SCASI adapters, portable hard disks etc.
- Algorithmic queries: There are means of performing algorithmic type queries and not just those which return a static answer.
- Identity code: each key is uniquely customized with a factory supplied identity code for every user.
- Internal memory: 416 bytes of non volatile memory equipped with an access code composed of 16 + 16 bytes.
As stated previously, other features of the device are relative to the type of interface which can be either parallel or USB and are amongst the most standard available on the personal computers of the latest, past and future generations.
Another version of the device is under development and will be equipped with extra features in the area of internal writeable memory: in the new version this memory will be increased to 8KB. This will make WebIdentity perfectly intergratable with the new public key infrastructures and the implementation of electronic signatures.Software Components
From a software point of view, a Software Development Kit (SDK) is supplied which has the purpose of determining the parameters in the device and returning them for insertion into the server database.These are the main software components:
Moreover, the Software Development Kit includes the ActiveX Server modules necessary for the process of identifying the user as well as handling the transactions on the web, and the ActiveX and Plug-In client modules that interact with the ActiveX Server (either one or the other will be used depending on the browser being used on the client).
- Cabinet ActiveX Client (CAB)
- Cabinet ActiveX Server (CAB)
- Setup ActiveX Server (EXE)
- Setup Plug-In (EXE)
The SDK is also supplied complete with manuals and illustrated diagrams of the features of the functions included with WebIdentity.
- Complies with USB specifications (Universal Serial Bus)
- Unique serial code for each key
- Availability of a parallel interface version
- 8 bit, 12 MHz Risc microprocessor
- Pseudo Random Number Generator
- 16 Kbyte RAM available for applications
- Memory protected with a 16 + 16 byte double access code
- One-way Hash function MD5
- Blowfish 256 bit key length encryption algorithm