pin+ is a revolutionary patent-pending
technology which leverages the human
minds ability to easily remember
patterns and shapes to provide a highly
secure, yet simple to use authentication
system. This removes the need to carry
proprietary key fobs or tokens and
remember/store/enter multiple passwords
or PINs, thereby reducing cost and
complexity whilst increasing security.
Using pin+ is incredibly simple as many
people remember things via a pattern
without even realising it. Every time
you unlock your phone or use a bank ATM
machine, do you actually look at the
numbers or do you just press the buttons
in a remembered pattern or sequence?
pin+ requires you to only remember a
pattern, not a number or a password.
When you need to logon, you use a pin+
security shield (on a web page or mobile
device) made up of a matrix of numbers.
By overlaying your pattern onto the
matrix in your mind you will “see” a
passcode which you then use to logon. A
key part of the security is that nobody
else can figure out your pattern by
observing or capturing a logon as the
secret pattern never leaves your mind.
Every minute the pin+ security shield
produces a new set of numbers which in
turn makes your passcode unique
resulting in a true One Time Code (OTC)
solution.
pin+ is available in 2 editions to cater for any
requirement, pin+ Core (1½ factor) and
pin+ Pro (2 factor). When using pin+ Core, a
pin+ security shield is displayed directly on
the login page removing the need for a physical
token. Full 2 factor authentication is achieved
with pin+ Pro by displaying a pin+ security
shield on a separate device e.g. a mobile phone.
Both editions function in the same way to the
end user which saves on support and training.
pin+ Pro 2 factor authentication soft
tokens
pin+ is a token-less multi-factor
authentication solution that can operate
in1½ and 2 factor modes, (pin+ Core &
pin+ Pro).
With pin+ Core there is no
requirement for the user to have ANY
equipment with them to enable them to
log on. In this case the pin+ shield is
displayed on the login screen which
provides strong protection against
typical threats such as screen scraping,
key-logging and replay attacks. pin+
Core can be deployed very rapidly as
there are no tokens to issue to users,
which is also a huge cost saving.
pin+ Pro soft tokens provide full 2
factor authentication. A soft token is
an application that can be installed
onto existing devices such as laptops,
PCs, smart phones or tablets -
transforming something you already have
into a secure token at no extra cost.
Winfrasoft provide soft tokens free of
charge and are readily available to
download from the Internet and various
App Stores. All pin+ implementations are
compatible with these soft tokens and a
single token can be registered for use
with multiple systems.
pin+ Pro soft tokens are currently
available for the following platforms,
simply search for "pinplus" or "winfrasoft"
on the app store:
Winfrasoft AuthCentral is a ready to deploy
multi-factor authentication solution which
integrates with Microsoft Active Directory (or a
stand-alone LDAP directory) to provide a secure
and cost effective enhancement for remote access
solutions. AuthCentral natively integrates with
Microsoft Forefront UAG and IIS to provide 1½
and 2 factor pin+ security.
pin+ Software Development Kit
(SDK) for Microsoft .NET
The pin+ SDK for
Microsoft .NET is a simple and quick
approach for developers to integrate
pin+ technology into their .NET
applications. Instead of writing code
from scratch which is time consuming and
expensive, or trying to shoe-horn an
off-the-shelf 3rd party product into a
system, the SDK provides all the bits
you need to get up and running:
Pre-compiled and tested
libraries
Documentation
Sample code & test project
The pin+ SDK is FREE to
download and use for testing and
development purposes, however a license
agreement is required before your
solution may be used in a production
environment. Free production licenses
are available for educational
institutions and registered charities.
Full source code access to the SDK
library is available under NDA, however
this access incurs a charge.
Traditional 2 factor vs
pin+ 2 factor
A traditional 2 factor token can be used by
anybody in possession of it, not just its assigned
owner. Furthermore the PIN is divulged in full
during each login, typically at the end of the
code. With pin+, the something you have is only
of use for the intended user and is of no use to
anybody else, even if they have possession of
it. The something you know is never divulged
during a login and thus remains private. As
such, pin+ is a true something you
have & something you know solution.
pin+ Technology and
Security
The clever math behind the patent-pending
pin+ technology extends the Open Authentication
(OATH) standard to produce at least 36 digits to
display on a matrix, whereas traditional OATH
only displays 6 digits. While the 36 digits may
look random, they are produced via a formula
which makes pin+ extremely hard to crack, even
in 1½ factor mode (pin+ Core). All cryptography within pin+
uses Federal
Information Processing Standards (FIPS)
140-2 compliant algorithms and security best
practices.
.gif)
