In order to be secure, most hardware authentication tokens require a one-to-one architecture whereby one device is enrolled in one server to provide a closed and secure environment.

The Cryptolex u.ID System and Mobio technology supports a multi-server authentication architecture whereby any Mobio can be securely enrolled in many servers at one time allowing portable authentication across networks, organizations and geographies. Benefits to the organization are increased security and cost-effective integration and management. Benefits to the user are simplicity, portability and privacy. Users now have only one authentication device to manage and no more passwords to remember.

The core authentication service in the Cryptolex Universal ID system is the u.ID Server API. This lightweight authentication service runs on any POSIX compliant UNIX system (Linux, Mac OS X, Solaris, BSD). Access to the server is through our HTTP/REST API or using the RADIUS authentication protocol. Additionally, a user-friendly web application is provided to control the server API and perform day to day administration tasks.

Here are some typical use cases for the u.ID Server API:

Web Application Login Forms:

Any standard web application which uses a username and password can be easily modified to accept a username and biocode. All that is required is to add a u.ID authentication function call to the login processing page. This authentication function call verifies the user's identity on the u.ID server, returning true or false to your web application.

Apache "basic" directory auth (username and password protected web directories):

The Apache webserver's basic HTTP authentication can be easily pointed at the u.ID server using mod_auth_radius. When users attempt to access a protected directory, their web browser prompts them for a username and password as normal. The users enter their username and a valid Biocode from their Mobio. Because Biocodes cannot be stolen or re-used, you do not need to use SSL to protect the user's credentials when using Basic authentication.

Linux Secure Shell (ssh), FTP or VPN login using pam_radius_auth

Linux sytsems use a modular authentication layer called PAM (Pluggable Authentication Modules). The FreeRADIUS project provides an open source RADIUS PAM module called pam_radius_auth which can be used with the u.ID Server API. By enabling and configuring this module, administrators can require a biometric sign-on to any system service, including ssh, FTP, etc. In fact almost anything requiring authentication in Linux supports PAM and therefore the u.ID server.