You are on page 1of 14

Avatar

Behind the WebConnect

Curtain

WHAT HAPPENS WHEN WE RE-SYNCH A TOKEN

Avatar

Webconnect; What is the Key?

Avatar Webconnect; What is the Key? WebConnect uses a Public/Private secure key system. Some of the

WebConnect uses a Public/Private secure key system. Some of the information required to login is Public (Sent out over the unencrypted public Internet) and is easy to loose control of (easily stolen, guessed, intercepted, etc), and some is Private (hard to guess, or duplicate, or steal, sent partialy or totally encrypted).

Public Key

Avatar

Public Key Avatar The Webconnect User Name and Password are Public Keys. They are easily; Stolen

The Webconnect User Name and Password are Public Keys. They are easily; Stolen Copied

o

o

o

Intercepted

o

Guessed

They are static; they don’t change often- If they were intercepted 2 weeks ago, there is a very good chance that they have not been changed.

What makes them Public Keys is that they are sent unencrypted over the Internet.

Private Key

Avatar

Private Key Avatar The Private key is the number generated by the WebConnect token. Is is

The Private key is the number generated by the WebConnect token. Is is a secret that only the

Token and the WebConnect Server know. It is self encrypted, that is even though it is sent over the public internet, it starts out encrypted. It changes every few minutes. It is impossible to guess. It displays a numeric series different than any other security token.

It is a Private Key because it is sent Encrypted over the internet

Public and Private

Avatar

Public and Private Avatar Both Public and Private keys are required to log onto WebConnect. This

Both Public and Private keys are required to log onto WebConnect. This confirms the identity of the user and allows a secure Virtual Private Network (VPN) to be established and opens a port to the Avatar system.

Avatar

When the token is out of synch ...

Avatar When the token is out of synch ... The number displayed on the token is

The number displayed on the token is generated by a complex algorithm which resides on both

the WebConnect Server and the Token. At a pre-assigned time (the token is like a watch) the

next number in the series is displayed. Since the number is ‘Known’ by both token and server, it gets ‘out of synch’ when the token clock differs from the time on the server.

Avatar

What causes being out of synch?

Avatar What causes being out of synch? Since the token is a watch, small errors in

Since the token is a watch, small errors in time calculation is possible. A dead or dying battery could cause the time to be inaccurate. If the battery is weak, hitting the display key over and over again could pull enough power to cause the time to be off.

Re-synching a Token

Avatar

Re-synching a Token Avatar When we re-synch, we are adjusting the timing of the token. Since

When we re-synch, we are adjusting the timing of the token. Since the series of numbers is calculated on both the Server and Token, re-synching tells the token when a certain number series will appear.

Avatar

What we don’t see on the token ...

Avatar What we don’t see on the token ... The number we see on the display

The number we see on the display is a portion of the result of a complex algorithm. This can be a huge number. The 10 digits we see on the token display is only a small part of that number. The certificate algorithm SHA1RSA for example allows for a result that is over 18 Quintillion digits long [Million, Billion, Trillion, Quadrillion, Quintillion]. So in reality without the formula is it almost unthinkable to identify the series by using numbers displayed on the token to calculate a pattern. In theory one would have to take several 10s of thousands of numbers

from the sequence to begin to construct the algorithm to calculate the next number. As for

guessing, it is statistically easier to select the wining lottery numbers than it is to guess the next

number in the sequence. (1 in 10,000,000,000; 10 Billion).

Avatar

18 Quintillion- 42,352,941,176,470,590 more

pages like this (42 Quadrillion)

425

Avatar 18 Quintillion- 42,352,941,176,470,590 more pages like this (42 Quadrillion) 425 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,

Avatar

Re-synch at the Server ... Re-synch is Successful! The Server generates: Time: Token Display: Token Time:
Re-synch at the Server ...
Re-synch is Successful!
The Server generates:
Time:
Token Display:
Token Time:
...
96980230988986
09:21
4687998456
09:21
...39022346885386
09:22
4687998456
09:21
...
89564687998456
09:21
09:23
4687998456
09:21
...54446576643290
09:24
09:22
6576643290
09:22
...65892887839398
09:25
2887839398
09:23
09:23
3587869045
09:24
…29823587869045
09:26
09:24
The
The
Then Token remainder
Re-synch starts by matching up the number on the Token Display to the
the
Server
then of continues Time
the Server
is
updated
to Times
the next
to
series
match
number
arethe inupdated.
the the Token
Series Time
at the.
correct
time
Server generated one.

Setting up the Token

Avatar

Setting up the Token Avatar  A WebConnect Analyst creates an entry on the WebConnect Server
  • A WebConnect Analyst creates an entry on the WebConnect Server for each token issued.

  • The entry has the token serial number and the User Name and initial password for each WebConnect user.

  • An Algorithm is created at this time. It can be created using some part of the Users identifying information in order to make the algorithmic series unique from all others .

  • Once the algorithm has been created, both Server and Token are synched, so that they display the same series of numbers at the same time and the token is sent out to the client.

WebConnect closing:

Avatar

WebConnect closing: Avatar  WebConnect is a way to ensure that the identity of the person
  • WebConnect is a way to ensure that the identity of the person logging into Avatar remotely has been verified.

  • The VPN tunnel created by WebConnect exists only as long as the client is logged into WebConnect. Disconnecting from WebConnect will close the tunnel and any application open utilizing the port will also close. The Webconnect server will not allow multiple open sessions for the same user. So, if another client attempts to log into WebConnect using someone else's User Name, Password and Token any other open WebConnect will close before the new sessions is allowed to open.

  • Although it is tempting, clients should never be advised to use someone else’s WebConnect to access Avatar remotely.

  • The alternative is that clients should be advised to complete the WebConnect self-service website to protect themselves against misplaced or malfunctioning tokens.

Thank You!

Avatar

Behind the WebConnect

Curtain

WHAT HAPPENS WHEN WE RE-SYNCH A TOKEN