Phoenix Technologies (think BIOS) has a new product out called DeviceConnect which implements two factor authentication without a separate token.
They turn the device into the token in such a way that it can't be duplicated. If a PC is trusted then it is allowed onto the net (with a sutiable user password). If not, then it isn't.
The advantage is that you don't need a separate hardware token, and the associated management. It also removes the user from the equation -- don't need to mess with transfering a PIN from a Token.
The disadvantage is that it isn't as mobile - you have to be at a trusted PC.
If anybody is intersted in this I can send along details.
Oh, and the auth. server for it is standard RADIUS.
Slashdot Mirror
Phoenix Technologies (think BIOS) has a new product out called DeviceConnect which implements two factor authentication without a separate token. They turn the device into the token in such a way that it can't be duplicated. If a PC is trusted then it is allowed onto the net (with a sutiable user password). If not, then it isn't. The advantage is that you don't need a separate hardware token, and the associated management. It also removes the user from the equation -- don't need to mess with transfering a PIN from a Token. The disadvantage is that it isn't as mobile - you have to be at a trusted PC. If anybody is intersted in this I can send along details. Oh, and the auth. server for it is standard RADIUS.