WTMA is security feature that enable access to web terminal without typing connection parameters like username and password. This is great security measure to protect from key loggers and similar types of spyware.
Many regular users are not IT experts and do not know enough about potential security threat. For example, when accessing web terminal from public access points, from Internet cafe or hotel computer or accessing to the cloud located System I, key loggers, spyware and other spying tools can hijack user password while typing it inside login form. WTMA protect from such dangers.
Process is based on 2-way authorization where user opens web page which will generate QR-CODE with access token. Later, QR-CODE is scanned by our mobile application which will send encrypted configuration parameters to the server for web terminal activation. Once validated, browser instance will be redirected to the web terminal.
Watch short video below to see it in action. In this video, mobile application contains saved terminal configuration UUID and host including username and password for bypass signon. Data is sent from mobile phone to the server in encrypted mode including access token. Access token is retrieved from QR-CODE generated by web page. And only one who knows about access token are mobile phone and web page that rendered QR-CODE. When server forwards encrypted data to the web page, web page will validate data and on successful validation, terminal will open to the user.
New security engine is developed as a standalone web application which can replace standard login form or can be used in parallel. Web admins might disable standard login and use only WTMA to force workstation operators to use only mobile authentication. This feature also opens new possibilities to match mobile to user for access tracking/access control etc.
- User opens web browser with mobile authentication page to generate QR-CODE localy with access token.
- User will use mobile app to pick up token by scanning QR-CODE and then select web terminal configuration stored inside mobile application.
- Data will be sent to the server in encrypted form.
- Server will update browser session with encrypted configuration data sent from mobile phone.
- Browser will decode data and use it to generate one-time web terminal access URL to open web terminal.
NOTE: Only WTMA - web authorization page and mobile application will be able decrypt data received from mobile device.
To use new feature, WTMA application must be deployed to the server and users have to download our mobile application to their mobile phones.