WiKID Systems, Inc. Nick Owen [email_address] 1375 Peachtree St Suite 600 Atlanta, GA. 30309 404-962-8983

WiKID Authentication System Unique two-factor authentication system with no hardware and no reader Significantly reduces authentication costs while increasing security Centralized control of enterprise authentication – even across the supply chain to vendors/consultants! Automated initial validation – end-user self-service – easy to implement and maintain Capable of session, host and transaction authentication Lower cost Ease of Use Secure Extensible

Unique two-factor authentication system with no hardware and no reader

Significantly reduces authentication costs while increasing security

Centralized control of enterprise authentication – even across the supply chain to vendors/consultants!

Automated initial validation – end-user self-service – easy to implement and maintain

Capable of session, host and transaction authentication

WiKID Key Differentiators Powerful Network Client API extends functionality Set up users via trusted AD credentials Extensible to across enterprises Unique Service-oriented API capabilities Multi-platform Token client support Blackberry, J2ME, Mac, Linux. Windows, PocketPC Embeddable into 3 rd party software No client hardware required Multi-domain capable – Secure cross-enterprise authentication

Powerful Network Client API extends functionality

Set up users via trusted AD credentials

Extensible to across enterprises

Unique Service-oriented API capabilities

Multi-platform Token client support

Blackberry, J2ME, Mac, Linux. Windows, PocketPC

Embeddable into 3 rd party software

No client hardware required

Multi-domain capable – Secure cross-enterprise authentication

WiKID Architecture

Public key Public Key User Enters 12 digit code, sends Public Key 1. 2. WiKID server sends configuration file and its Public Key 2. 3. Simple Initial Validation of Users 3. User creates PIN 4. Server sends registration code awaits validation Completed in less than 15 seconds 4. 5. User logs in using trusted credentials User enters registration code 6. Registration code sent to server and associated with key pair exchange 5. 6. If the Registration code is received from a trusted Network Client and matches the expected value, the device is automatically validated.

User Enters 12 digit code, sends Public Key

Secret key Public Key Certificates User selects domain & enters PIN. 2. WiKID server decrypts PIN with Public Key and verifies. Returns Passcode. Internet Internet 3. User enters Username and Passcode. Typical Usage 4. Application requests verification. 5. WiKID Server Verifies Code. 6. User granted access. Average connection time of 4 seconds

User selects domain & enters PIN.

Secret key Public Key Certificates User selects domain & enters PIN. 2. WiKID server decrypts PIN with Public Key and verifies. Returns Passcode. 5. User enters Username and Passcode. Mutual Authentication 6. Banking Application requests verification. 7. WiKID Server Verifies Code. 8. User granted access. Average connection time of 4 seconds 3. Token client fetches and hashes SSL cert and compares 4. OTP and validated URL presented to user. Default browser launched to site.

User selects domain & enters PIN.

Your Enterprise Vendor Your Employees Application You control user enrollment & provisioning Vendors use WiKID SSL objects for web-enabled apps If an employee leaves, disable their account If you switch vendors, invalidate their certificate Each vendor has their own Domain and Certificate from your server No hardware to distribute to non-employees Vendors/Contractor employees Application Simple Cross Enterprise Strong Authentication

Network Clients Languages C# dll, Java Component, PHP, Ruby, Python Implementations Radius, LDAP, Plone, TACACS+

Languages

C# dll, Java Component, PHP, Ruby, Python

Implementations

Radius, LDAP, Plone, TACACS+

Benefits Reduces costs while increasing security Security professionals work on security, not logistics Simple to implement and maintain Extensible platform for the future – for e-commerce, supply chain, partners, independent contractors The only strong authentication system capable of handling session, host/mutual and transaction authentication in a cryptographically secure manner

Reduces costs while increasing security

Security professionals work on security, not logistics

Simple to implement and maintain

Extensible platform for the future – for e-commerce, supply chain, partners, independent contractors

The only strong authentication system capable of handling session, host/mutual and transaction authentication in a cryptographically secure manner

Security Features Request-response architecture: passcodes generated only upon receipt of valid request Server-side Java – inherent security features Strong 1024-bit RSA equivalent asymmetric encryption of all transactions Certificate chaining for server-to-server authentication Server-side PIN storage; Simple user disablement PIN length, time outs, PIN and passcode attempts all Admin configurable Mutual Authentication for HTTPS Use a separate domain for transaction signing

Request-response architecture: passcodes generated only upon receipt of valid request

Server-side Java – inherent security features

Strong 1024-bit RSA equivalent asymmetric encryption of all transactions

Certificate chaining for server-to-server authentication

Server-side PIN storage; Simple user disablement

PIN length, time outs, PIN and passcode attempts all Admin configurable

Mutual Authentication for HTTPS

Use a separate domain for transaction signing

Administration Features Web-based server management RADIUS, LDAP and SSL-based API via Java Bean & COM object Support now for all major platforms: J2ME, Blackberry, Palm, PocketPC, PC, J2SE (for Mac and Linux)‏ Replication for fault-tolerance Initial validation via NT/AD credentials (scripts provided)‏

Web-based server management

RADIUS, LDAP and SSL-based API via Java Bean & COM object

Support now for all major platforms: J2ME, Blackberry, Palm, PocketPC, PC, J2SE (for Mac and Linux)‏

Replication for fault-tolerance

Initial validation via NT/AD credentials (scripts provided)‏

Secret key Public Key Certificates 1. User selects reset domain & enters PIN. 2. WiKID server decrypts PIN with public key and verifies. Returns Passcode. Internet Internet 3. WiKID Server pushes passcode to PDC as new password, flags for reset. LAN Password Reset 4. User logs in with username and passcode . 5. User granted access, prompted to change password.

Layered Authentication User/Session Authentication Host/Mutual Authentication Transaction Authentication/Signing A Cryptographically Secure Approach Layered Authentication

Thanks! Nick Owen http://www.wikidsystems.com [email_address] 404-879-5227 For additional information, please contact: