With SecureLogin, a user normally runs an application and SecureLogin seamlessly retrieves the user's application credentials. The credentials are authenticated in the background and the user is not prompted to enter a password. SecureLogin can also be configured to prompt the user (or a supervisor) for stronger authentication to all or specific applications. SecureLogin can be configured to request application re-authentication using SecureLogin's application definition AAVerify command.
The AAVerify command can enforce stronger application-based re-authentication such as biometrics, tokens, or smart cards when the native application cannot enforce strong verification. works by requesting the preconfigured strong re-authentication method before SecureLogin will retrieve and enter the username and password for the application.
You can configure which applications require AAVerify (re-authentication) and which do not. The application itself is not changed and no additional modules are required on the application servers.
NOTE:SecureLogin 6.0 and above require SecureLogin Advanced Authentication 1.93.5 and above to utilize AAVerify.
SecureLogin 6.0 and later now allow you to set the re-authentication method for user's individual applications by using SecureLogin's Administrative Management utility
. Individual applications can be re-authenticated against an advanced authenticating device, where SecureLogin is used in conjunction with SecureLogin Advanced Authentication or NMAS without running a dedicated application definition.The SecureLogin application definition GenerateOTP command is enhanced to incorporate the one-time password soft token generation functionality that is embedded in ActivClient smart cards.
This one-time password functionality can only be used with ActivClient and smart cards that have been set up using a card management system to include a one-time password applet on the smart card.
Synchronous authentication or time-plus-event authentication replaces static alphanumeric passwords with a pseudo-random code that is dynamically generated at configured time intervals, generally about 60 seconds. The code is based on a shared encryption key and the current time.In Synchronous mode, the GenerateOTP command requires the administrator to pass a mode variable to the command.
Asynchronous authentication or challenge and response authorization replaces static alphanumeric passwords with a pseudo-random code that is dynamically generated based on a shared encryption key, the current time, and a challenge/response combination. In asynchronous mode the challenge is passed to the GenerateOTP command as an argument.