The XELIOS solution authenticates remote VPN connections by associating fingerprint with the digital certificates securely generating a one-time password (OTP) for the session.
Portal access through the company website is positively confirmed from any PC connected to the internet without prior installation ensuring absolute mobility.
XELIOS solution provides a complete high level of security, replacing simple passwords for strong authentication procedures: Each user will have a biometric token which will generate a unique code, valid only for the current connection. When prompted, the user puts their fingerprint (what you are) on fingeprint sensor, and the biometric token (transparent to the user) will issue the user’s certificate and after validation it will generate a unique code (OTP -what you know).
The three modalites correctly authenticated constitute proof of identity.
The evolution of technology in today’s economy has created new ways of remote access and tele-commuting. At the same time, new technologies have emerged to ensure opening of these services is accompanied by a safety device to prevent fraudulent acts and ensure the identity of the payer.
XELIOS VNA is a complete and ultimate solution for its security level and simplicity of use. Companies wishing to offer their employees and customers the ability to use a remote connection will find a full suite of capabilities to support any configuration requirement.
All user data (eg account, biometric data, etc) are stored in the key (Match -On-Device). There is no communication with the PC during fingerprint comparison so interception or insertion is not possible. The autonomous internet browser is in the key itself and can be configured to connect directly to your company website. Access is protected by a certificate stored in the secure partition on the key. All visited Web pages are cached in the key. There is no browser history or footprint on the PC. Each key includes a storage partition like any USB drive but highly secuired.
Secure USB Biodrive MXP is available in different capacities (512MB-16G)
- 256 containers of Keys for AES o HOTP secret keys
- 504 containers of 3072 bit for RSA asymmetric
- Generation of unique passwords HOTP (standard)
- Encryption/Decryption of data in 256 bit AES (FIPS Pub 197)
- Ashes Algorithms SHA-256, SHA-1 with key (HMAC: FIPS Pub 198)
- Key Generation RSA 1024/2048/3072 )bits) (X9.31y PKCS#1)
- Verification and signature of messages using algorithm RSA )
- Encryption and decryption of data using (PKCS#1)
Fingerprint Sensor with distance sensor. Technology Match-On-Device
- No communication with PC.
- Biometric authentication is performed in the key.
- Encryption Key processor AES 256 bit
Read-only partition installed with XELIOS VNA
Libertypass functional diagram
Users insert the key into a PC with an Internet connection. The key is recognized by Windows when it is inserted. No software or drivers are required. PC host with authentication key
The user opens the autonomous Internet Explorer available in the key. When using the browser, there will be no trace of it on the PC (cookies, temporary files, connection history, etc…) The autonomous explorer is configured by the administrator when initializing: Configuring homepage: direct access to the company portal when you open the browser: Inserting the user certificate. Autonomous Internet Browser
The JAVA XELIOS applet from the company portal detects the key and asks for the user’s fingerprint. Key user
The user’s fingerprint is compared with those present in the key. After verification, the key processor calculates the one-time password (OTP). The fingerprint tracks are stored in the key. This is a Match-On-Device operation. No biometric information comes from the key. Confidential information used in generating the OTP is a block encryption and is not accessible by the user. The unique password key is calculated by the internal processor. Comparison of fingerprint in key
The OTP is sent to the Web site portal which is verified by the authentication server. The OTP is verified in the XELIOS VNA server. Our authentication server complies meets the standard of the Radius (RFC 2865). The XELIOS Radius server acts as a Radius proxy. VNA Server.
When the OTP is validated, the user connects safely to the company portal. Web Server/ Company Portal.