SmartPass CE runs on a user’s CE device and connects the device to a SmartGate Server. The SmartPass system manages two-factor user authentication and data encryption between the CE device and the SmartGate Server.
After installing and configuring the SmartPass CE software, the user’s interaction with the software is limited to entering her Access Code if a FIPS token is being used or SecurID Username and Passcode code if SecurID authentication is being used.
The SmartGate Server manages authentication and encryption keys in addition to connection privileges to applications on trusted networks. After a user is authenticated, an encrypted data link is established between SmartPass CE and the SmartGate Server (Figure 1).
The SmartGate Server then makes connections to private network application servers, based on each user’s access permissions (access control list). Because CE devices do not have hard drives, they lack the storage capacity for full versions of Windows-based applications such as word processors, spreadsheets, and databases. However, Microsoft Terminal Server and Citrix WinFrame provide terminal emulation support for Windows CE devices to use these applications. Users see and work with an application’s interface on their CE devices, but the application executes all commands and functions on a remote Terminal Server or WinFrame server. SmartPass CE authenticates and encrypts the connection between a CE device and either type of server.
SmartPass CE encrypts session information using either the industry standard DES encryption or the stronger Triple DES (3DES) encryption. It uses a one-time session key for each TCP/IP session. Each end user has a User ID which is linked to his authentication token. Access is controlled by destination IP address, TCP service port, and URL. Also, service proxies limit access to the trusted network.
With their small size, instant-on capability, and relatively long battery life, Windows CE devices are ideal for mobile workers to send and receive critical, time-sensitive information. SmartPass CE has a software-based user authentication token. It also provides strong encryption for information as it passes over a wireline or wireless network.
SmartPass CE supports the following Windows CE devices:
Handheld PC (SH3 and MIPS)
Handheld PC Professional Edition (SH3, SH4, MIPS, ARM, and StrongARM)
Palm-size PC (SH3 and MIPS)
The SmartPass CE software supports the following authentication methods:
V-ONE’s FIPS token is a software emulation of a hardware authentication token. It stores your private information in an encrypted file system. This token meets FIPS 140-1 requirements. When users log onto SmartPass, they are required to enter their Access Code.
An authentication method using the RSA SecurID token and ACE Server authentication products developed by Security Dynamics, Inc. (SDI). The token’s microprocessor and the host computer are synchronized by a unique number and the time of day. When users log onto a SecurID-enabled host, they are required to type in their Username and passcode. The passcode is a combination of their assigned pincode and the constantly changing number displayed on the token.
