The Stonesoft authentication methods are Invisible Token, Password, Web, Synchronized, OATH, Challenge, and Mobile Text.
When using the Stonesoft Synchronized or Challenge methods, users install the Stonesoft Mobile ID client application on the device being used for authentication. The following environments are supported:
•Android devices
•iOS devices
•Java devices
•Linux
•OSX
•RIM Blackberry phones
•Symbian devices
•Windows
•Windows Mobile devices
When using the Web authentication method, the installed client is either an ActiveX component or a Java applet running in a web browser.
The Stonesoft authentication methods are all based on the RADIUS protocol. Table 12.1 provides details about the RADIUS activity when using the Stonesoft authentication methods.
Table 12.1 Stonesoft Authentication RADIUS Activity Authentication
Method Device Type RADIUS Client Activity RADIUS Server Activity
Stonesoft Invisible Token
Web browser that supports Javascript
User ID + Password Challenge: One-Time Password (OTP) by SMS
User ID + Password + Browser Name
Challenge: One-Time Password (OTP) script in browser
User ID + Script OTP Accept, Reject If Accept a new seed is returned User ID + SMS OTP Accept, Reject
Stonesoft Web Web browser that supports
RADIUS package Accept or Reject
Stonesoft Challenge
(OTP: Seed+PIN+Challenge) Accept or Reject
Stonesoft
User ID + Password Challenge: One-Time Password (OTP) by SMS
User ID + OTP Accept or Reject
Stonesoft Password PC User ID + Password Accept or Reject
Stonesoft OATH
130 Chapter 12 Managing Authentication Methods About Stonesoft Invisible Token
The Stonesoft Invisible Token authentication method is a browser-based two factor
authentication method. The first time a user authenticates with a user ID and password, the user receives an SMS that contains a one-time password (OTP) for authentication. When the user selects the option to remember the browser, a shared secret is placed in the browser. The next time the user authenticates, a script automatically generates and sends an OTP.
About Stonesoft Web
When using the Stonesoft Web authentication method, users enter their user ID, and a Java applet or ActiveX component is launched, prompting the users to enter a password or PIN. The password or PIN is then hashed and encrypted before it is returned to the server.
When a new user account is registered and the Stonesoft Web authentication method is enabled, the password or PIN is created and distributed to the user.
Stonesoft Web can be used for authentication on a laptop or desktop computer.
About Stonesoft Challenge
The Stonesoft Challenge authentication method can be used for authentication in a web browser, WAP client, or with a PDA. Users enter their user ID, and are prompted with a challenge to provide the correct response to be allowed access.
The Stonesoft Mobile ID client software generates the response. Users enter their PIN in the Mobile ID client, and the one-time password (OTP) is created. Mobile ID clients can be installed on mobile devices, such as a handheld PC or a mobile phone, as well as on a laptop or desktop computer.
About Stonesoft Synchronized
The Stonesoft Synchronized authentication method can be used for authentication in a web browser, WAP client, or with a PDA. Users enter their user ID and are prompted to enter a one-time password (OTP) to be allowed access.
The Stonesoft Mobile ID client software generates the OTP. Users enter their PIN in the Mobile ID client and the OTP is created. Mobile ID clients can be installed on mobile devices, such as a handheld PC or a mobile phone, as well as on a laptop or desktop computer.
About Stonesoft Mobile Text
The Stonesoft Mobile Text authentication method is based on a combination of a PIN and one-time password (OTP) distributed by SMS. The user enters the PIN on the logon page, and an OTP is generated and distributed to the user’s mobile phone.
The Stonesoft Mobile Text authentication method can be used on mobile devices, such as a handheld PC or a mobile phone, as well as on a desktop computer.
Mobile Text supports the following distribution protocols/channels:
•SMTP
•CIMD
Note – The Invisible Token authentication method requires an SMS notification channel.
Note – Stonesoft Web authentication method can be used only with the Access Point.
•SMPP
•HTTP
You can configure a primary and secondary channel. We recommend configuring the secondary SMS channel to be used if the primary fails.
All authentication and notification messages are sent by mobile text to the mobile phone number or e-mail address specified for the user account on the Stonesoft Authentication Settings page of the User Account properties.
When Allow Two-step Authentication is selected, the authentication is distributed over two sessions. In the first session, the server sends the OTP to the mobile phone. In the second session, the user logs on with the OTP.
About Stonesoft Password
The Stonesoft Password authentication method is based on static password authentication. A static password is created and maintained for authenticating remote access with a RADIUS client.
About Stonesoft OATH
The Stonesoft OATH authentication method can be used for authentication in a web browser, WAP client, or with a PDA. Users enter their user ID and are prompted to enter a one-time password (OTP) to be allowed access.
In Stonesoft OATH, a hardware token generates the OTP. How the OTP is achieved is vendor-dependent. See the documentation from your OATH token vendor for detailed information.