PRODUCTS : iDKI
iDKI (Identity Key) was created by Pramosa to offer the unique ability to combine the gold standard in open authentication, as described in the Universal 2nd Factor authentication standard, hosted by the FIDO Alliance, with effective security for advanced authentication for Windows7, Windows8 and Windows10 users.
iDKI removes the risk of phishing of user credentials, as when combined with a standard username and password, each login is unique and cannot be replicated by malware (as it requires user interaction) as well as enforces the presence of the registered U2F key to sign the login request.
Unlike traditional server side login credential control, the Universal second factor standard requires both sides of the authetnication sequence to prove their identiy, based on key handles created upon user registration, thereby avoiding man-in-the-middle attacks. The simplicity of the solution creates the least amount of user friction of all second factor technologies, as a simple touch of the key is all that is required. So there is no additional PINs, mobile applications or portals to use. The solution is self containing - from user self-enrollment to the user resetting their own domain passwords, thereby relieving administrative work from the IT department while also reducing the load on helpdesk support calls for password resets.
SOME ADVANTAGES OF iDKI and U2F
- Strong security — Strong two-factor authentication, using public key crypto. Currently natively supported by the Chrome browser. Protects against phishing, session hijacking, man in the middle, and malware attacks.
- Easy to use — Works out-of-the-box, enabling instant authentication to any number of services. No codes to re-type and no drivers to install other than the iDKI client program.
- High privacy — Allows users to choose, own and control their secure online identity. Each user can also choose to have multiple identities, including anonymous (no personal information associated with the identity). A U2F device generates a new pair of keys for every service, the public key is only stored on the specific service it connects to. With this approach no secrets are shared among service providers, and even low-cost U2F devices can support any number of services.
- Interoperable — Open standard backed by leading internet and financial services, including Google, Mastercard, VISA, PayPal, the Bank of America and 250 companies in the FIDO Alliance. U2F allows every service provider to be their own identity provider, or optionally let users authenticate through a federated service provider.
- Cost-efficient — Low cost of entry and ownership compared to other hardware strong authentication solutions. A simple once-off purchase of a U2F key of choice and cost-effective licensing and subscription to iDKI.
- Multiple options - iDKI can be deployed for a AD domain, Workgroup or a private or public cloud deployment. Various options on U2F keys also enables pricing and functionality choices for users, including U2F only, PIV, encryption and NFC as further enhancements and functionality, with a bluetooth varient expected later in 2016.
1. WHAT IF I LOSE MY U2F KEY?
Configurable and selectable fallback features include: SMS, Email or push notifications that will allow you to access your machine data in case of a lost key. A new key can then be enrolled to replace the lost key.
2. WILL THE OLD KEY STILL WORK TO ACCESS MY COMPUTER?
No, only a single key can be active at any given time, so the old replaced key will no longer be able to access your machine. This ensures that stolen or missing keys can be deactivated easily.
3. CAN I USE MY KEY TO LOCK MULTIPLE WINDOWS MACHINES?
Absolutely. As part of the U2F standard, as single key can be used for numerous applications, including iDKI, with no loss of security between applications. It is recommended though that each person has his/her own U2F key to ensure security to personal data.
4. WHERE ELSE CAN I USE MY U2F KEY?
The U2F key for your iDKI can also be used to enable strong authentication on your Gmail, Dropbox, and Github account, as well as various enterprise applications. A single key can therefore be used to protect your personal as well as corporate data.