Web Terminal Mobile Authentication - WTMA
WTMA is a security feature that enable access to web terminal without typing connection parameters like username and password. This is a great security measure to protect from keyloggers and similar types of spyware.
Many regular users are not IT experts and do not know enough about potential security threat. For example, when accessing web terminal from public access points, from Internet café or hotel computer or accessing to the cloud located System I, keyloggers, spyware and other spying tools can hijack user password while typing it inside log in form. WTMA protect from such dangers.
The process is based on 2-way authorization where the user opens a web page which will generate QR-CODE with access token. Later, QR-CODE is scanned by our mobile application, which will send encrypted configuration parameters to the server for web terminal activation. Once validated, the browser instance will be redirected to the web terminal.
Watch a short video below to see it in action. In this video, the mobile application contains saved terminal configuration UUID and host, including username and password for bypass signon. Data is sent from the mobile phone to the server in encrypted mode including access token. The access token is retrieved from QR-CODE generated by the web page. And only one who knows about access token are mobile phone and web page that rendered QR-CODE. When the server forwards encrypted data to the web page, the web page will validate the data and on successful validation, the terminal will open to the user.
Video is not visible, most likely your browser does not support HTML5 video
New security engine is developed as a standalone web application which can replace standard login form or can be used in parallel. Web admins might disable standard login and use only WTMA to force workstation operators to use only mobile authentication. This feature also opens new possibilities to match mobile to user for access tracking/access control etc.
Workflow
- User opens web browser with mobile authentication page to generate QR-CODE localy with access token.
- The user will use the mobile app to pick up a token by scanning QR-CODE and then select web terminal configuration stored inside the mobile application.
- Data will be sent to the server in encrypted form.
- The server will update the browser session with encrypted configuration data sent from the mobile phone.
- The browser will decode data and use it to generate a one-time web terminal access URL to open web terminal.
NOTE: Only WTMA - web authorization page and mobile application will be able to decrypt data received from mobile device.
To use the new feature, WTMA application must be deployed to the server and users have to download our mobile application to their mobile phones.