SecureEnvoy Soft Token

Why use Soft Tokens

Ideal for smart phones users, who may be out of signal for extended periods of time, or are unable to use SMS.

Complimentary to SMS based authentication

Allow the end use the freedom to choose between SMS based authentication or a Soft Token application.

Soft Token application

The latest SecurEnvoy server V6 allows users far greater choice of security - either tokenless SMS Two-Factor authentication or a soft token downloaded as an application.

Available free of charge add-on to the SecurEnvoy suite of products. Users can elect to use a soft token application from either SecurEnvoy or Google. Authentication soft tokens are suitable for most types of mobile devices:

iPhone’s, iPad’s (IOS4 or greater)
Blackberry (OS5 and greater)
Android (2.1 and greater)
Windows 7 Mobile
Windows XP, Vista or 7 Laptop

Multiple soft tokens can be enrolled and used within the same app for multiple SecurEnvoy servers eliminating the need to carry multiple hardware tokens or install multiple soft token apps.

Support for Google Authenticator

SecurEnvoy soft tokens for your phone or desktop can be used to generate one time passcode (OTP) for Two-Factor authentication that can be checked by your companies SecurEnvoy server or Google’s cloud login.

Deployment with Quick Response codes 20,000 users can be deployed within one hour

Quick Response codes are an excellent method to display a bar code matrix for the deployment of the “seed record” for the end users Soft Token. The user only has to scan the QR code with their phones camera to ensure a fully automatic enrolment process to a Soft Token.

Simple QR Code Enrolment

End user convenience of enrolment A simple process For the organisation there is nothing they need to do. It is all down to personal preference of the end-user to choose whether they want their Two-Factor authentication passcode sent via SMS or via their app.

Reduced Administration

User Administration is significantly reduced, as SecurEnvoy’s “Deployment Wizard” can automate user deployment, user can then decide whether to use SMS or a Soft Token app. User deployment can be achieved on Group membership, OU or any other LDAP filtering. The SecurEnvoy “Reporting Wizard” provides detailed information about what mode of operation each user is setup for, allowing Administrators to control and monitor their 2FA estate.

Soft Token Security

SecurEnvoy Soft token, is OATH TOTP compliant, but with additional security enhancements to the OATH specification. These are:

Secure Copy protection locks the Seed record for generating passcodes to the phone. The innovative approach allows the SecurEnvoy security server to generate the first part of the seed, the second part of the seed is generated from a “Fingerprint” from the phone when time the Soft Token application is run for enrolment and each time the Soft Token application is run to generate a passcode.

Protection of the Seed records. The Seed records are dynamically generated by the Server/phone are and are stored with a FIPS 140 approved encryption algorithm, this encrypted data is generated and stored at the customer premise. SecurEnvoy do not store or keep any sensitive customer seed records.

Stored DATA. All stored authentication data is generated and encrypted with AES 256-bit encryption and is kept within the customer LDAP server. SecurEnvoy support all LDAP v2 and v3 compliant directory servers, including: Microsoft Active Directory, Microsoft ADLDS. Novell e-Dir, Sun/Oracle One Directory server IBM and Linux Open LDAP

Security Watermarking

SecurEnvoy Security Server deletes the used passcode and any previous passcodes from the system, thereby alleviating any replay attacks from any used or any previous unused passcodes. This process is known as “Watermarking”

Although this can be advantageous, it has to handle users who travel internationally.

Automatic Time Re-sync

Automatic time resync when travelling abroad

When a user travels overseas, typically his or her phone will sync to the new country time once they have arrived at destination. The OATH compliant algorithm then derives passcodes based upon this new time, which could be many hours forward or backwards in time. SecurEnvoy have a unique approach that will handle users in this conundrum, where it allows complete unhindered World Wide travel for the user.

Soft Token Cost

All SecurEnvoy customers can utilise the latest Soft token at no additional cost. This allows users who may have issues with SMS deliverability to use a soft token, or for customer who wish to managed and reduce their existing SMS costs.