Back To Top

In-Webo Management Tool

Administrators manage and configure the solution through a web console providing the following services:

  • Level of authentication and OTP format
  • Selection of the authentication tools per service
  • Selection and configuration of the communication protocol with the authentication server
  • Configuration of the services
  • Management of end-users and provisioning (usually done directly through the API)
  • Issuing and distribution of activation codes
  • Management of user licenses

End-users have also a web console to allow them the management of their authentication applications without any request to the service provider. They may add an authentication application (nCode or Toolbar) to their profile, block or unlock the applications, reset their secret PIN, etc.

Security

A strong and secured authentication must comply with several criteria:

  • Being built out of several different secret elements of different types (What I have, what I know).
  • The information used (OTP) to validate the identity must be associated to a single transaction and valid once, during a short period of time. 
  • This information must not be predictable; this means that someone who would not have all secret elements should not be able get access in place of the legitimate user.

Most of the solutions on the market meet the first two criterions. The third one is met by solutions using a hardware secured element, and almost never by full software solutions, whatever the reputation of the vendor. Especially, the "soft-tokens" solutions, quite relevant in terms of user acceptance and costs do not meet the third criteria: in case of theft of the soft-token, the interception of only one authentication information (e.g. OTP), even out of date, allows calculating the secret elements that are not observable in the soft-token. Thus, it allows predicting the authentication information: security is compromised.

The security in In-Webo solutions is based on algorithms and methods designed by our R&D, patented (thus public) and submitted to evaluation. The authentication information is multi-factor, valid only once and for a short period of time, non predictable, even in case of theft or breach of the authentication application.