Transports How To Guide

From Swivel Knowledgebase
Jump to: navigation, search



Overview

This document is an overview of the available transports, for troubleshooting information see Symptoms.

Each Swivel user can be configured to receive authentication and account information.

User Alerts are notifications about the user account, such as PIN numbers, passwords, account locked, PIN changed, PIN change required, etc.

Security Strings or One Time Code is the authentication information.


Transport Methods

Swivel can send Alerts, Security Strings and One Time Codes in a variety of methods, these include:


Alerts, Security Strings and One Time Codes

If the users alert type is changed then a new welcome message is sent to the user.


Security Strings and One Time Codes

  • Single Channel Graphical Images (TURing, PATtern, BUTton, PINpad)
  • Hardware or software Token


Each of these methods are described below:

For further information on configuring Transports see Transport Configuration


Dual Channel

A text message sent from an SMS gateway or GSM modem (see GSM Modem How To Guide). This is known as Dual Channel authentication as the user receives their security string by one method (the mobile phone network), and authenticates by another channel (the internet). PINsafe also supports the sending of Multiple Security Strings, see Multiple Security Strings How To Guide, and the sending of One Time Codes without PIN extraction, see PINless How To Guide. Possession of the mobile phone acts as a Something you have for Two Factor Authentication.

There are two delivery methods for Dual Channel messages, standard delivery, and On Demand Authentication:


Standard Delivery: When a user account is created the user is sent a security string. When the user passes or fails an authentication, a new security string is sent to the user. Where 'On Demand' delivery is used a button can be added to the login page to request a new SMS message.


On Demand Authentication: An SMS message is sent to the user only when it is requested. A button is usually created for the user to request the SMS. Where it is supported by the Access device Challenge and Response authentication' can be used where a password is entered before an SMS is sent to the user, see Juniper Two Stage Challenge and Response for a sample of how to do this. On demand security strings are only valid for a limited time span, see Session Cleanup.


PINsafe dual channel multiple authentication strings.JPG


Single Channel

This is where the user receives their security string and authenticates by the same channel (i.e. the internet). The Image is normally embedded into the login page, where this is not possible a Taskbar application is available, see Taskbar How to Guide. Single Channel images are only valid for a limited timespan, see Session Cleanup. The users PIN is Something you know as one part of Two Factor Authentication.

Swivel offers a variety of methods including:

Turing Image The first line is a place holder the second line is the numbers or letters for the PIN extraction. Each image is unique and the numbers change position each time.

Turing.jpg


Pinpad, the user would click on the numbers corresponding to their PIN number. Each image is unique and the numbers change position each time.

Sample.png


PATTern Image, designed so that a user remembers a pattern rather than a PIN. The red numbers show the default PIN number settings and map a PIN to the pattern. The One Time Code is derived from the numbers displayed in their pattern. Each image is unique and the numbers change position each time. (Note PATtern is not related to the Pinpad).

PATtern.JPGPATternPIN.JPG PATtern2.JPG PATtern2PIN.JPG


BUTton Image, the PIN is arranged as a telephone keypad, and the PIN extraction relates to the PIN numbers in the pad. The red numbers show the default PIN number settings. The One Time Code is derived from the numbers displayed in their pattern. Each image is unique and the numbers change position each time. (Note BUTton is not related to the Pinpad).


BUTton.JPG BUTtonPIN.JPG


Also see: Single Channel Customisation How to Guide


Mobile Phone Application

This is where the Mobile Phone Client requests a number of security strings, it is normally dual channel authentication, as the security strings are requested from the Swivel server across the wireless network. Possession of the mobile phone acts as a Something you have for two factor authentication.

For more information see Mobile Phone Guides


IphoneKeysRemaining.PNG 13authascreen.png


Hardware Token

Swivel version 3.9.6 adds support for OATH Tokens. These use event based authentication using the Swivel OATH HOTP Hardware Token and Time based with the Swivel OATH HOTP Hardware Token and also OATH OCRA. Possession of the hardware token acts as a Something you have for two factor authentication. For further information see Token.

Swivel OATH HOTP hardware token.jpg


SMTP (Email)

SMTP can be Dual or Single Channel authentication. Where it is sent directly to a mobile phone by wireless transmission (e.g. a Blackberry), it is Dual Channel, where it is sent across the internet to the user it is singe channel. See also SMTP solutions

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=Transports_How_To_Guide&oldid=4034"