iPass logo
iPass makes corporate global roaming easier by providing wireless access points. -
-
---
---		 ---
iPass Home : Company Home : Services Home : Technology Home : Support Home : Press Room Home :Investors :Partners Home - ---
- Services Overview
-
- Mobile Office
iPassConnect Mobility Manager
Global Coverage
Mobile Broadband Service
Mobile Device Management
On Campus Roaming
iOQ Advanced Reporting
Encrypted Login
DeviceID
Management Portal
-
- Professional Services
-
-
-

Encrypted Login

  • Deter password theft over shared broadband and wireless links—and over the Internet
  • Hide clear-text passwords from third-party network access providers
  • Mitigate replay attacks by creating a one-time ASCII password based on the original user credentials, a unique service interface ID and an incrementing session counter

Broadband and wireless links are often based on shared-media technologies, which makes it possible for hackers to sniff passwords when users authenticate.

An option to iPass Mobile Office, Encrypted Login protects passwords from the client device all the way to the enterprise. It combines 131-bit ECC technology and 128-bit SSL tunnels to ensure passwords are never compromised while traveling over exposed "first hops" or over the Internet.

How It Works

  • When a user logs in using the iPassConnect™ client, Encrypted Login protects their credentials by creating an encrypted one-time ASCII password based on the original user credentials, a unique service interface ID and an incrementing session counter.
  • The iPass Secure Protocol then protects the encrypted password within a 128-bit SSL tunnel as it transits third-party networks into the iPass network. Since Encrypted Login encrypts the password at the client, network access providers never have access to clear-text passwords. Passwords are only exposed within the highly secure iPass Transaction Centers and on the enterprise network.
  • If the encrypted password is sniffed over a wireless or wired link, it's useless to the hacker, since it can't be decrypted without the private key stored at the iPass Transaction Center. What's more, any attempt to reuse the encrypted password in a replay attack will be unsuccessful, since the password changes with each user session.

Enjoy No-Hassle Deployment
Encrypted Login is easy to deploy. It provides a session-specific one-time password while requiring no changes to the user experience or your existing infrastructure, as this capability is already built into the iPass network architecture.

If you would like to be contacted by an iPass representative, please fill out this form.

Encrypted Login Product Brief

 

-


- -
-
 -
© 2009 iPass Inc. All rights reserved. Terms of Use. Privacy Policy.