DynamicID
Eliminate Smartcards and tokens with convenient SMS authentication
Overview
Check Point DynamicID™ is a new and convenient method of password delivery - ideal for use when secure two-factor authentication is required in remote access scenarios. DynamicID is now included with Check Point Connectra™ secure remote access gateways. Following initial login, the user is prompted for a password which is generated at the Connectra gateway and delivered to a user’s preferred wireless communications device - such a mobile phone or PDA - via short message service (SMS). This eliminates traditional ‘easy-to-lose’ Smartcards and tokens that remote workers are required to carry, and IT departments are forced to purchase and manage.
How DynamicID works
DynamicID is intended for use in remote access scenarios where the extra security provided by two-factor authentication is needed. From the end-user perspective, two-factor authentication requires ‘something you know’ (e.g. username and password) as well as ‘something you possess’ (e.g. mobile phone) to gain access.
In order to satisfy the ‘something you possess’ requirement (or phase two), DynamicID facilitates interaction between the Connectra gateway, an external Short Message Service Center (SMSC), and an end-user’s SMS-capable device (e.g. mobile phone) and remote access device (laptop, desktop, PDA, etc). Following is a typical end-user experience utilizing DynamicID for phase two in a two-factor authentication scenario:
- The user browses to the Connectra Web portal and enters their initial (or phase one) username and password. The Connectra gateway then authenticates the user.
- If phase one authentication is successful, the Connectra gateway prompts the user for a second password through the Web portal, and queries a directory server (or database stored on the Connectra gateway) for the user’s mobile phone number. If the mobile number is found, the Connectra gateway generates a random password and, through a secure Web-based connection, delivers the password to the SMSC and requests forwarding to the end-user’s mobile phone.
- The SMSC delivers the password to the end-user’s mobile phone via SMS.
- The end-user enters the password into the Connectra Web portal and the Connectra gateway authenticates the user a second time (phase two). If phase two authentication is successful, the user is granted access to the Connectra Web portal, including any information and applications allowed through their assigned access rights.
DynamicID authentication process
Best end-user experience
- Password sent to remote user’s mobile phone or wireless PDA via SMS for convenient and secure two-factor authentication
- Fewer items for mobile workers to carry and lose
Cumbersome Smartcards and tokens are history when you use DynamicID for secure two-factor authentication. Mobile workers will enjoy the convenience of receiving passwords on their preferred mobile device and will be happy to have one less item to carry.
Low total cost of ownership (TCO)
- Eliminates Smartcards and tokens
- Cuts expenses and management overhead to reduce TCO
IT departments will be relieved of the burdensome support calls and expense associated with purchasing, distributing, managing and replacing lost Smartcards and tokens.
Easy deployment and administration
- Interoperability with leading SMS service providers streamlines setup
- Centralized management simplifies deployment and administration
- DynamicID included with Connectra secure remote access gateways
Check Point has established interoperability with several leading global SMS providers, so setup and activation of DynamicID is simple and straightforward. All that’s required is to open an account with a service provider and select the appropriate options on the Connectra gateway through the user-friendly management interface. Centralized management is available through Check Point SmartCenter® or Provider-1™ management consoles.
For even greater flexibility, Check Point provides a template URL enabling easy integration with any SMSC supporting HTTPS GET.
Features
Easy and secure two-factor authentication
DynamicID™ is an option included on the Connectra gateway, enabling a remote user to easily and securely complete the second phase of a two-factor authentication scenario.
- Password sent to end-user wireless communication device via SMS text message
- Password expires automatically when used - longevity can be preset by the administrator
Authentication failure options
If a user fails the second phase of two-factor authentication, the administrator can specify whether to deny access to resources partially or completely:
- Optional mode - login to the portal and certain specified applications is allowed, but access to applications requiring SMS authentication is denied
- Mandatory mode - login to the portal and VPN clients is denied
User directory location
The end-user phone number directory can be located in either of two places:
- On an LDAP/Active Directory server
- As a file on the Connectra gateway
Supported secure remote access gateways
- Connectra NGX R66 – appliances and software
- Refer to Connectra product pages for specification and warranty information
-
Next Steps
- DynamicID Eval
- Call US Sales
1-866-488-6691 - Contact Us Online
- Find a Partner
Resources
- Secure Remote Access White Paper [PDF]
- Enterprise Mobility: Out-of-the-Cube Lifestyles
- Rise of SSL VPNs: Growth Accelerates Due to Improved Security
Related Products