A novel new security token has been launched by Internet Solutions. IS Secure Connect uses a credit card-sized device to let mobile and remote users connect securely to a company network, regardless of where they are.
"Using features such as SSL VPN technology and strong two-factor authentication, the solution has been developed to provide companies with complete control and peace of mind around their remote access requirements," says Hayden Lamberti, manager is IS Application Solutions.
IS Secure Connect includes a physical end user credit card device which displays one-time passwords. The card has a liquid crystal display (LCD) which displays the pass code when the user pushes a button on the card.
Each token is tied to a specific user.
Two-factor authentication – where the user types in his regular password as well as the token-generated code – allows for strong authentication and non-repudiation.
"The problem with passwords is that it is too easy to lose control of them," says Lamberti. "Passwords no longer work as an authentication token because you can never be sure who is typing in that password.
"Two-factor authentication mitigates the problem. If the password includes a number that changes every time you log in, or has a unique reply to a random challenge, then it's difficult for someone else to intercept."
Even if it were intercepted, he points out that a changing password won't be valid the next time it's used. "And a two-factor password is almost impossible to guess," Lamberti adds.
Because IS Secure Connect uses an SSL VPN, the user doesn't have to log in from a configured client but can connect via SSL/https on a regular Web browser.